2023-02-09 12:16:36 +01:00
|
|
|
package app
|
|
|
|
|
|
|
|
import (
|
2023-03-22 20:48:09 +01:00
|
|
|
"context"
|
2023-03-20 16:40:08 +01:00
|
|
|
"encoding/json"
|
2023-03-22 20:48:09 +01:00
|
|
|
"fmt"
|
2023-03-20 16:40:08 +01:00
|
|
|
"io/ioutil"
|
2023-04-06 11:52:04 +02:00
|
|
|
"net"
|
2023-02-09 12:16:36 +01:00
|
|
|
"net/http"
|
2023-03-20 16:40:08 +01:00
|
|
|
"os"
|
2023-02-09 12:16:36 +01:00
|
|
|
"path/filepath"
|
2023-03-20 16:40:08 +01:00
|
|
|
"strings"
|
2023-02-09 12:16:36 +01:00
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/app"
|
|
|
|
"forge.cadoles.com/arcad/edge/pkg/bus"
|
2023-02-09 12:16:36 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/bus/memory"
|
|
|
|
appHTTP "forge.cadoles.com/arcad/edge/pkg/http"
|
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module"
|
2023-03-22 20:48:09 +01:00
|
|
|
appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
|
|
|
|
appModuleMemory "forge.cadoles.com/arcad/edge/pkg/module/app/memory"
|
2023-02-24 14:40:28 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module/auth"
|
2023-03-20 16:40:08 +01:00
|
|
|
authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
|
2023-03-23 19:01:20 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module/blob"
|
2023-02-17 10:38:45 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module/cast"
|
2023-04-02 17:59:33 +02:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module/fetch"
|
2023-04-06 11:52:04 +02:00
|
|
|
netModule "forge.cadoles.com/arcad/edge/pkg/module/net"
|
2023-02-24 14:40:28 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/storage"
|
2023-02-09 12:16:36 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
|
|
|
|
"gitlab.com/wpetit/goweb/logger"
|
|
|
|
|
|
|
|
"forge.cadoles.com/arcad/edge/pkg/bundle"
|
2023-02-24 14:40:28 +01:00
|
|
|
"github.com/dop251/goja"
|
2023-02-09 12:16:36 +01:00
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"github.com/go-chi/chi/v5/middleware"
|
2023-03-20 16:40:08 +01:00
|
|
|
"github.com/lestrrat-go/jwx/v2/jwa"
|
|
|
|
"github.com/lestrrat-go/jwx/v2/jwk"
|
2023-02-09 12:16:36 +01:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/urfave/cli/v2"
|
2023-03-20 16:40:08 +01:00
|
|
|
|
|
|
|
_ "embed"
|
|
|
|
|
|
|
|
_ "forge.cadoles.com/arcad/edge/pkg/module/auth/http/passwd/argon2id"
|
|
|
|
_ "forge.cadoles.com/arcad/edge/pkg/module/auth/http/passwd/plain"
|
2023-02-09 12:16:36 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func RunCommand() *cli.Command {
|
|
|
|
return &cli.Command{
|
|
|
|
Name: "run",
|
|
|
|
Usage: "Run the specified app bundle",
|
|
|
|
Flags: []cli.Flag{
|
|
|
|
&cli.StringFlag{
|
|
|
|
Name: "path",
|
|
|
|
Usage: "use `PATH` as app bundle (zipped bundle or directory)",
|
|
|
|
Aliases: []string{"p"},
|
|
|
|
Value: ".",
|
|
|
|
},
|
|
|
|
&cli.StringFlag{
|
|
|
|
Name: "address",
|
|
|
|
Usage: "use `ADDRESS` as http server listening address",
|
|
|
|
Aliases: []string{"a"},
|
|
|
|
Value: ":8080",
|
|
|
|
},
|
|
|
|
&cli.StringFlag{
|
|
|
|
Name: "log-format",
|
|
|
|
Usage: "use `LOG-FORMAT` ('json' or 'human')",
|
|
|
|
Value: "human",
|
|
|
|
},
|
|
|
|
&cli.IntFlag{
|
|
|
|
Name: "log-level",
|
|
|
|
Usage: "use `LOG-LEVEL` (0: debug -> 5: fatal)",
|
|
|
|
Value: 0,
|
|
|
|
},
|
|
|
|
&cli.StringFlag{
|
|
|
|
Name: "storage-file",
|
|
|
|
Usage: "use `FILE` for SQLite storage database",
|
2023-04-06 14:45:50 +02:00
|
|
|
Value: ".edge/%APPID%/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000",
|
2023-02-24 14:40:28 +01:00
|
|
|
},
|
|
|
|
&cli.StringFlag{
|
2023-03-20 16:40:08 +01:00
|
|
|
Name: "accounts-file",
|
|
|
|
Usage: "use `FILE` as local accounts",
|
|
|
|
Value: ".edge/%APPID%/accounts.json",
|
2023-02-24 14:40:28 +01:00
|
|
|
},
|
2023-02-09 12:16:36 +01:00
|
|
|
},
|
|
|
|
Action: func(ctx *cli.Context) error {
|
|
|
|
address := ctx.String("address")
|
|
|
|
path := ctx.String("path")
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-02-09 12:16:36 +01:00
|
|
|
logFormat := ctx.String("log-format")
|
|
|
|
logLevel := ctx.Int("log-level")
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-02-09 12:16:36 +01:00
|
|
|
logger.SetFormat(logger.Format(logFormat))
|
|
|
|
logger.SetLevel(logger.Level(logLevel))
|
|
|
|
|
|
|
|
cmdCtx := ctx.Context
|
|
|
|
|
|
|
|
absPath, err := filepath.Abs(path)
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrapf(err, "could not resolve path '%s'", path)
|
|
|
|
}
|
|
|
|
|
|
|
|
logger.Info(cmdCtx, "opening app bundle", logger.F("path", absPath))
|
|
|
|
|
|
|
|
bundle, err := bundle.FromPath(path)
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrapf(err, "could not open path '%s' as an app bundle", path)
|
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
manifest, err := app.LoadManifest(bundle)
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrap(err, "could not load manifest from app bundle")
|
|
|
|
}
|
2023-02-09 12:16:36 +01:00
|
|
|
|
2023-04-11 11:04:34 +02:00
|
|
|
if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
|
|
|
|
return errors.Wrap(err, "invalid app manifest")
|
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
storageFile := injectAppID(ctx.String("storage-file"), manifest.ID)
|
2023-02-09 12:16:36 +01:00
|
|
|
|
2023-03-22 20:48:09 +01:00
|
|
|
if err := ensureDir(storageFile); err != nil {
|
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
2023-03-03 16:37:19 +01:00
|
|
|
db, err := sqlite.Open(storageFile)
|
2023-02-09 12:16:36 +01:00
|
|
|
if err != nil {
|
2023-03-03 16:37:19 +01:00
|
|
|
return errors.WithStack(err)
|
2023-02-09 12:16:36 +01:00
|
|
|
}
|
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
ds := sqlite.NewDocumentStoreWithDB(db)
|
|
|
|
bs := sqlite.NewBlobStoreWithDB(db)
|
2023-03-20 16:40:08 +01:00
|
|
|
bus := memory.NewBus()
|
2023-02-09 12:16:36 +01:00
|
|
|
|
|
|
|
handler := appHTTP.NewHandler(
|
|
|
|
appHTTP.WithBus(bus),
|
2023-03-22 20:48:09 +01:00
|
|
|
appHTTP.WithServerModules(getServerModules(bus, ds, bs, manifest, address)...),
|
2023-02-09 12:16:36 +01:00
|
|
|
)
|
|
|
|
if err := handler.Load(bundle); err != nil {
|
|
|
|
return errors.Wrap(err, "could not load app bundle")
|
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
router := chi.NewRouter()
|
|
|
|
router.Use(middleware.Logger)
|
|
|
|
|
|
|
|
accountsFile := injectAppID(ctx.String("accounts-file"), manifest.ID)
|
|
|
|
|
|
|
|
accounts, err := loadLocalAccounts(accountsFile)
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrap(err, "could not load local accounts")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Add auth handler
|
|
|
|
key, err := dummyKey()
|
|
|
|
if err != nil {
|
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
|
|
|
router.Handle("/auth/*", authHTTP.NewLocalHandler(
|
|
|
|
jwa.HS256, key,
|
|
|
|
authHTTP.WithRoutePrefix("/auth"),
|
|
|
|
authHTTP.WithAccounts(accounts...),
|
|
|
|
))
|
|
|
|
|
|
|
|
// Add app handler
|
|
|
|
router.Handle("/*", handler)
|
2023-02-09 12:16:36 +01:00
|
|
|
|
|
|
|
logger.Info(cmdCtx, "listening", logger.F("address", address))
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
if err := http.ListenAndServe(address, router); err != nil {
|
2023-02-09 12:16:36 +01:00
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-22 20:48:09 +01:00
|
|
|
func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore, manifest *app.Manifest, address string) []app.ServerModuleFactory {
|
2023-02-24 14:40:28 +01:00
|
|
|
return []app.ServerModuleFactory{
|
|
|
|
module.ContextModuleFactory(),
|
|
|
|
module.ConsoleModuleFactory(),
|
|
|
|
cast.CastModuleFactory(),
|
|
|
|
module.LifecycleModuleFactory(),
|
2023-04-06 11:52:04 +02:00
|
|
|
netModule.ModuleFactory(bus),
|
2023-02-24 14:40:28 +01:00
|
|
|
module.RPCModuleFactory(bus),
|
|
|
|
module.StoreModuleFactory(ds),
|
2023-03-23 19:01:20 +01:00
|
|
|
blob.ModuleFactory(bus, bs),
|
2023-02-24 14:40:28 +01:00
|
|
|
module.Extends(
|
|
|
|
auth.ModuleFactory(
|
2023-03-20 16:40:08 +01:00
|
|
|
auth.WithJWT(dummyKeySet),
|
2023-02-24 14:40:28 +01:00
|
|
|
),
|
|
|
|
func(o *goja.Object) {
|
2023-03-20 16:40:08 +01:00
|
|
|
if err := o.Set("CLAIM_TENANT", "arcad_tenant"); err != nil {
|
|
|
|
panic(errors.New("could not set 'CLAIM_TENANT' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := o.Set("CLAIM_ENTRYPOINT", "arcad_entrypoint"); err != nil {
|
|
|
|
panic(errors.New("could not set 'CLAIM_ENTRYPOINT' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := o.Set("CLAIM_ROLE", "arcad_role"); err != nil {
|
2023-02-24 14:40:28 +01:00
|
|
|
panic(errors.New("could not set 'CLAIM_ROLE' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := o.Set("CLAIM_PREFERRED_USERNAME", "preferred_username"); err != nil {
|
|
|
|
panic(errors.New("could not set 'CLAIM_PREFERRED_USERNAME' property"))
|
|
|
|
}
|
|
|
|
},
|
|
|
|
),
|
2023-03-22 20:48:09 +01:00
|
|
|
appModule.ModuleFactory(appModuleMemory.NewRepository(
|
2023-04-05 15:12:51 +02:00
|
|
|
func(ctx context.Context, id app.ID, from string) (string, error) {
|
2023-04-06 11:52:04 +02:00
|
|
|
addr := address
|
|
|
|
if strings.HasPrefix(addr, ":") {
|
|
|
|
addr = "0.0.0.0" + addr
|
2023-03-22 20:48:09 +01:00
|
|
|
}
|
|
|
|
|
2023-04-06 11:52:04 +02:00
|
|
|
host, port, err := net.SplitHostPort(addr)
|
|
|
|
if err != nil {
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
addr, err = findMatchingDeviceAddress(ctx, from, host)
|
|
|
|
if err != nil {
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return fmt.Sprintf("http://%s:%s", addr, port), nil
|
2023-03-22 20:48:09 +01:00
|
|
|
},
|
|
|
|
manifest,
|
|
|
|
)),
|
2023-04-02 17:59:33 +02:00
|
|
|
fetch.ModuleFactory(bus),
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var dummySecret = []byte("not_so_secret")
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
func dummyKey() (jwk.Key, error) {
|
|
|
|
key, err := jwk.FromRaw(dummySecret)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
return key, nil
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
func dummyKeySet() (jwk.Set, error) {
|
|
|
|
key, err := dummyKey()
|
|
|
|
if err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
if err := key.Set(jwk.AlgorithmKey, jwa.HS256); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
set := jwk.NewSet()
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
if err := set.AddKey(key); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
return set, nil
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
func ensureDir(path string) error {
|
|
|
|
if err := os.MkdirAll(filepath.Dir(path), os.ModePerm); err != nil {
|
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
return nil
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
func injectAppID(str string, appID app.ID) string {
|
|
|
|
return strings.ReplaceAll(str, "%APPID%", string(appID))
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
//go:embed default-accounts.json
|
|
|
|
var defaultAccounts []byte
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
func loadLocalAccounts(path string) ([]authHTTP.LocalAccount, error) {
|
|
|
|
if err := ensureDir(path); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
data, err := ioutil.ReadFile(path)
|
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, os.ErrNotExist) {
|
|
|
|
if err := ioutil.WriteFile(path, defaultAccounts, 0o640); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
data = defaultAccounts
|
|
|
|
} else {
|
|
|
|
return nil, errors.WithStack(err)
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
2023-03-20 16:40:08 +01:00
|
|
|
}
|
2023-02-24 14:40:28 +01:00
|
|
|
|
2023-03-20 16:40:08 +01:00
|
|
|
var accounts []authHTTP.LocalAccount
|
|
|
|
|
|
|
|
if err := json.Unmarshal(data, &accounts); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
2023-03-20 16:40:08 +01:00
|
|
|
|
|
|
|
return accounts, nil
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
2023-04-06 11:52:04 +02:00
|
|
|
|
|
|
|
func findMatchingDeviceAddress(ctx context.Context, from string, defaultAddr string) (string, error) {
|
|
|
|
if from == "" {
|
|
|
|
return defaultAddr, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
fromIP := net.ParseIP(from)
|
|
|
|
|
|
|
|
if fromIP == nil {
|
|
|
|
return defaultAddr, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
ifaces, err := net.Interfaces()
|
|
|
|
if err != nil {
|
|
|
|
return "", errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, ifa := range ifaces {
|
|
|
|
addrs, err := ifa.Addrs()
|
|
|
|
if err != nil {
|
|
|
|
logger.Error(
|
|
|
|
ctx, "could not retrieve iface adresses",
|
|
|
|
logger.E(errors.WithStack(err)), logger.F("iface", ifa.Name),
|
|
|
|
)
|
|
|
|
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, addr := range addrs {
|
|
|
|
ip, network, err := net.ParseCIDR(addr.String())
|
|
|
|
if err != nil {
|
|
|
|
logger.Error(
|
|
|
|
ctx, "could not parse address",
|
|
|
|
logger.E(errors.WithStack(err)), logger.F("address", addr.String()),
|
|
|
|
)
|
|
|
|
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if !network.Contains(fromIP) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
return ip.String(), nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return defaultAddr, nil
|
|
|
|
}
|