99 lines
2.4 KiB
Go
99 lines
2.4 KiB
Go
package main
|
|
|
|
import (
|
|
"flag"
|
|
"log"
|
|
"os"
|
|
"strconv"
|
|
|
|
"github.com/eternal-flame-AD/go-apparmor/apparmor"
|
|
"github.com/eternal-flame-AD/go-apparmor/apparmor/magic"
|
|
"github.com/eternal-flame-AD/yoake/config"
|
|
"github.com/eternal-flame-AD/yoake/internal/comm"
|
|
"github.com/eternal-flame-AD/yoake/internal/db"
|
|
"github.com/eternal-flame-AD/yoake/internal/filestore"
|
|
"github.com/eternal-flame-AD/yoake/server"
|
|
"github.com/eternal-flame-AD/yoake/server/vault"
|
|
"github.com/eternal-flame-AD/yoake/server/webroot"
|
|
"github.com/spf13/afero"
|
|
)
|
|
|
|
var (
|
|
flagConfig = flag.String("c", "config.yml", "config file")
|
|
)
|
|
|
|
func writePid(fs filestore.FS) error {
|
|
pid := []byte(strconv.Itoa(os.Getpid()))
|
|
return afero.WriteFile(fs, "yoake.pid", pid, 0644)
|
|
}
|
|
|
|
func init() {
|
|
flag.Parse()
|
|
config.ParseConfig(*flagConfig)
|
|
|
|
fs := filestore.NewFS(config.Config().FS.BasePath)
|
|
if err := writePid(fs); err != nil {
|
|
log.Panicf("failed to write pid: %v", err)
|
|
}
|
|
|
|
db, err := db.New(config.Config())
|
|
if err != nil {
|
|
log.Panicf("failed to initialize database: %v", err)
|
|
}
|
|
|
|
comm := comm.InitCommunicator(db)
|
|
|
|
conf := config.Config()
|
|
for host, handler := range conf.Hosts {
|
|
switch handler {
|
|
case "vault":
|
|
vault.Init(host)
|
|
case "webroot":
|
|
webroot.Init(host, comm, db, fs)
|
|
default:
|
|
log.Panicf("unknown handler for %s: %s", host, handler)
|
|
}
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
listen := config.Config().Listen
|
|
|
|
Server := server.New()
|
|
if listen.Ssl.Use {
|
|
var sslCertBytes, sslKeyBytes []byte
|
|
|
|
readCerts := func() {
|
|
var err error
|
|
sslCertBytes, err = os.ReadFile(listen.Ssl.Cert)
|
|
if err != nil {
|
|
log.Panicf("failed to read ssl cert: %v", err)
|
|
}
|
|
sslKeyBytes, err = os.ReadFile(listen.Ssl.Key)
|
|
if err != nil {
|
|
log.Panicf("failed to read ssl key: %v", err)
|
|
}
|
|
}
|
|
magic, err := magic.Generate(nil)
|
|
if err != nil {
|
|
log.Panicf("failed to generate apparmor magic token: %v", err)
|
|
}
|
|
|
|
if listen.AppArmor.SSL != "" {
|
|
if err := apparmor.WithHat(listen.AppArmor.SSL, func() uint64 { return magic }, readCerts); err != nil {
|
|
log.Panicf("failed to read ssl cert/key with apparmor hat: %v", err)
|
|
}
|
|
|
|
// defensive programming, try read ssl key
|
|
if _, err := os.ReadFile(listen.Ssl.Key); err == nil {
|
|
log.Panicf("AppArmor profile set for SSL but I could still read %v!", listen.Ssl.Key)
|
|
}
|
|
} else {
|
|
readCerts()
|
|
}
|
|
|
|
log.Fatalln(Server.StartTLS(listen.Addr, sslCertBytes, sslKeyBytes))
|
|
} else {
|
|
log.Fatalln(Server.Start(listen.Addr))
|
|
}
|
|
}
|