yoake/server/server.go

package server

import (
	"errors"
	"log"
	"strings"

	"github.com/eternal-flame-AD/go-apparmor/apparmor"
	"github.com/eternal-flame-AD/go-apparmor/apparmor/magic"
	"github.com/eternal-flame-AD/yoake/config"
	"github.com/eternal-flame-AD/yoake/internal/util"
	"github.com/labstack/echo/v4"
)

type (
	Host struct {
		Echo *echo.Echo
	}
)

var hosts = map[string]*Host{}

func New() *echo.Echo {
	var Server = echo.New()
	hatServe := config.Config().Listen.AppArmor.Serve
	if hatServe != "" {
		store, err := magic.NewKeyring(nil)
		if err != nil {
			log.Panicf("failed to initialize magic token store: %v", err)
		}
		if magic, err := magic.Generate(nil); err != nil {
			log.Panicf("failed to generate apparmor magic token: %v", err)
		} else {
			if err := store.Set(magic); err != nil {
				log.Panicf("failed to store apparmor magic token: %v", err)
			}
		}
		hatMagic := func() uint64 {
			magic, err := store.Get()
			if err != nil {
				log.Panicf("failed to get magic token: %v", err)
			}
			return magic
		}
		Server.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {
			return func(c echo.Context) error {
				var err error
				if errAppArmor := apparmor.WithHat(hatServe, hatMagic, func() {
					err = next(c)
				}); errAppArmor != nil {
					c.Logger().Errorf("apparmor error: %v", errAppArmor)
					return errors.New("apparmor process transition error")
				}
				return err
			}
		})
		aaEnforcer := util.AAConMiddleware(func(label string, mode string) (exit int, err error) {
			if !strings.HasSuffix(label, "//"+hatServe) {
				return 1, errors.New("apparmor process transition error")
			}
			return 0, nil
		})

		Server.Pre(aaEnforcer)
		Server.Use(aaEnforcer)
		for _, h := range hosts {
			h.Echo.Pre(aaEnforcer)
			h.Echo.Use(aaEnforcer)
		}
	}

	Server.Any("/*", func(c echo.Context) (err error) {
		req := c.Request()
		res := c.Response()
		host := hosts[strings.ToLower(req.Host)]

		if host == nil {
			host = hosts[""]
			if host == nil {
				err = echo.ErrNotFound
				return
			}
		}

		host.Echo.ServeHTTP(res, req)

		return
	})

	return Server
}

func RegisterHostname(hostname string, h *Host) {
	hosts[hostname] = h
}
init 2022-11-07 04:45:02 -06:00			`package server`

			`import (`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`"errors"`
			`"log"`
init 2022-11-07 04:45:02 -06:00			`"strings"`

refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`"github.com/eternal-flame-AD/go-apparmor/apparmor"`
			`"github.com/eternal-flame-AD/go-apparmor/apparmor/magic"`
add apparmor hat transitions 2022-11-11 22:58:05 -06:00			`"github.com/eternal-flame-AD/yoake/config"`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`"github.com/eternal-flame-AD/yoake/internal/util"`
init 2022-11-07 04:45:02 -06:00			`"github.com/labstack/echo/v4"`
			`)`

			`type (`
			`Host struct {`
			`Echo *echo.Echo`
			`}`
			`)`

			`var hosts = map[string]*Host{}`

refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`func New() *echo.Echo {`
			`var Server = echo.New()`
			`hatServe := config.Config().Listen.AppArmor.Serve`
			`if hatServe != "" {`
			`store, err := magic.NewKeyring(nil)`
			`if err != nil {`
			`log.Panicf("failed to initialize magic token store: %v", err)`
			`}`
			`if magic, err := magic.Generate(nil); err != nil {`
			`log.Panicf("failed to generate apparmor magic token: %v", err)`
			`} else {`
			`if err := store.Set(magic); err != nil {`
			`log.Panicf("failed to store apparmor magic token: %v", err)`
			`}`
			`}`
			`hatMagic := func() uint64 {`
			`magic, err := store.Get()`
			`if err != nil {`
			`log.Panicf("failed to get magic token: %v", err)`
			`}`
			`return magic`
			`}`
			`Server.Pre(func(next echo.HandlerFunc) echo.HandlerFunc {`
			`return func(c echo.Context) error {`
			`var err error`
			`if errAppArmor := apparmor.WithHat(hatServe, hatMagic, func() {`
			`err = next(c)`
			`}); errAppArmor != nil {`
			`c.Logger().Errorf("apparmor error: %v", errAppArmor)`
			`return errors.New("apparmor process transition error")`
add apparmor hat transitions 2022-11-11 22:58:05 -06:00			`}`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`return err`
			`}`
			`})`
			`aaEnforcer := util.AAConMiddleware(func(label string, mode string) (exit int, err error) {`
			`if !strings.HasSuffix(label, "//"+hatServe) {`
			`return 1, errors.New("apparmor process transition error")`
add apparmor hat transitions 2022-11-11 22:58:05 -06:00			`}`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`return 0, nil`
			`})`

			`Server.Pre(aaEnforcer)`
			`Server.Use(aaEnforcer)`
			`for _, h := range hosts {`
			`h.Echo.Pre(aaEnforcer)`
			`h.Echo.Use(aaEnforcer)`
add apparmor hat transitions 2022-11-11 22:58:05 -06:00			`}`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`}`

			`Server.Any("/*", func(c echo.Context) (err error) {`
init 2022-11-07 04:45:02 -06:00			`req := c.Request()`
			`res := c.Response()`
			`host := hosts[strings.ToLower(req.Host)]`

			`if host == nil {`
			`host = hosts[""]`
			`if host == nil {`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00			`err = echo.ErrNotFound`
			`return`
init 2022-11-07 04:45:02 -06:00			`}`
			`}`

			`host.Echo.ServeHTTP(res, req)`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00
init 2022-11-07 04:45:02 -06:00			`return`
			`})`
refactor apparmor confinement 2022-11-15 10:31:27 -06:00
			`return Server`
init 2022-11-07 04:45:02 -06:00			`}`

			`func RegisterHostname(hostname string, h *Host) {`
			`hosts[hostname] = h`
			`}`