feat: use persistent configuration file

2024-04-24 10:49:47 +02:00
parent 071d597f3f
commit fa1ed6ea42
8 changed files with 307 additions and 69 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -0,0 +1,114 @@
+package config
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"path/filepath"
+
+	"forge.cadoles.com/arcad/arcast/pkg/server"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type Config struct {
+	InstanceID string      `json:"instanceId"`
+	HTTP       HTTPConfig  `json:"http"`
+	HTTPS      HTTPSConfig `json:"https"`
+	Apps       AppsConfig  `json:"apps"`
+}
+
+type HTTPConfig struct {
+	Address string `json:"address"`
+}
+
+type HTTPSConfig struct {
+	Address    string               `json:"address"`
+	Cert       []byte               `json:"cert"`
+	Key        []byte               `json:"key"`
+	SelfSigned SelfSignedCertConfig `json:"selfSigned"`
+}
+
+type SelfSignedCertConfig struct {
+	Enabled            bool   `json:"enabled"`
+	NetworkFingerprint string `json:"networkFingerprint"`
+}
+
+type AppsConfig struct {
+	Enabled    bool   `json:"enabled"`
+	DefaultApp string `json:"defaultApp"`
+}
+
+type TransformFunc func(ctx context.Context, conf *Config) error
+
+func DefaultConfigFile(ctx context.Context) string {
+	configDir, err := os.UserConfigDir()
+	if err != nil {
+		logger.Error(ctx, "could not get user config dir", logger.CapturedE(errors.WithStack(err)))
+		configDir = ""
+	}
+
+	if configDir != "" {
+		configDir = filepath.Join(configDir, "arcast-player")
+	}
+
+	return filepath.Join(configDir, "config.json")
+}
+
+func LoadOrCreate(ctx context.Context, filename string, conf *Config, funcs ...TransformFunc) error {
+	data, err := os.ReadFile(filename)
+	if err != nil && !os.IsNotExist(err) {
+		return errors.WithStack(err)
+	}
+
+	if data != nil {
+		if err := json.Unmarshal(data, conf); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	for _, fn := range funcs {
+		if err := fn(ctx, conf); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	data, err = json.MarshalIndent(conf, "", "  ")
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	dirname := filepath.Dir(filename)
+
+	if _, err := os.Stat(dirname); os.IsNotExist(err) {
+		if err := os.MkdirAll(dirname, 0777); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	if err := os.WriteFile(filename, data, 0640); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+func DefaultConfig() *Config {
+	return &Config{
+		InstanceID: server.NewRandomInstanceID(),
+		HTTP: HTTPConfig{
+			Address: ":45555",
+		},
+		HTTPS: HTTPSConfig{
+			Address: ":45556",
+			SelfSigned: SelfSignedCertConfig{
+				Enabled:            true,
+				NetworkFingerprint: "",
+			},
+		},
+		Apps: AppsConfig{
+			Enabled:    true,
+			DefaultApp: "home",
+		},
+	}
+}
--- a/pkg/config/default_transforms.go
+++ b/pkg/config/default_transforms.go
@ -0,0 +1,6 @@
+package config
+
+var DefaultTransforms = []TransformFunc{
+	GenerateSelfSignedCert,
+	RenewExpiredSelfSignedCert,
+}
--- a/pkg/config/selfsigned.go
+++ b/pkg/config/selfsigned.go
@ -0,0 +1,100 @@
+package config
+
+import (
+	"context"
+	"crypto/sha256"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"slices"
+	"time"
+
+	"forge.cadoles.com/arcad/arcast/pkg/network"
+	"forge.cadoles.com/arcad/arcast/pkg/selfsigned"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+func GenerateSelfSignedCert(ctx context.Context, conf *Config) error {
+	if !conf.HTTPS.SelfSigned.Enabled {
+		return nil
+	}
+
+	if conf.HTTPS.Cert != nil && conf.HTTPS.Key != nil {
+		return nil
+	}
+
+	rawCert, rawKey, err := selfsigned.NewLANKeyPair()
+	if err != nil {
+		return errors.Wrap(err, "could not generate self signed x509 key pair")
+	}
+
+	conf.HTTPS.Cert = rawCert
+	conf.HTTPS.Key = rawKey
+
+	networkFingerprint, err := getNetworkFingerprint()
+	if err != nil {
+		return errors.Wrap(err, "could not retrieve network fingerprint")
+	}
+
+	conf.HTTPS.SelfSigned.NetworkFingerprint = networkFingerprint
+
+	return nil
+}
+
+func RenewExpiredSelfSignedCert(ctx context.Context, conf *Config) error {
+	if !conf.HTTPS.SelfSigned.Enabled {
+		return nil
+	}
+
+	if conf.HTTPS.Cert == nil || conf.HTTPS.Key == nil {
+		if err := GenerateSelfSignedCert(ctx, conf); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	cert, err := tls.X509KeyPair(conf.HTTPS.Cert, conf.HTTPS.Key)
+	if err != nil {
+		return errors.Wrap(err, "could not parse x509 cert/key pair")
+	}
+
+	leaf, err := x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		logger.Error(ctx, "could not parse x509 certificate, regenerating one", logger.CapturedE(errors.WithStack(err)))
+
+		if err := GenerateSelfSignedCert(ctx, conf); err != nil {
+			return errors.WithStack(err)
+		}
+	}
+
+	// Check that self-signed certificate is still valid
+	if time.Now().Before(leaf.NotAfter) {
+		return nil
+	}
+
+	logger.Warn(ctx, "self-signed certificate has expired, regenerating one", logger.CapturedE(errors.WithStack(err)))
+
+	if err := GenerateSelfSignedCert(ctx, conf); err != nil {
+		return errors.WithStack(err)
+	}
+
+	return nil
+}
+
+func getNetworkFingerprint() (string, error) {
+	ips, err := network.GetLANIPv4Addrs()
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	slices.Sort(ips)
+
+	hash := sha256.New()
+	for _, ip := range ips {
+		if _, err := hash.Write([]byte(ip)); err != nil {
+			return "", errors.WithStack(err)
+		}
+	}
+
+	return fmt.Sprintf("%x", hash.Sum(nil)), nil
+}