Compare commits
5 Commits
v2023.3.29
...
v2023.3.29
Author | SHA1 | Date | |
---|---|---|---|
e5b6c5e949 | |||
9c69dc7ec8 | |||
4e6b450338 | |||
351f22e216 | |||
854a6ae41b |
@ -16,8 +16,8 @@ import (
|
||||
)
|
||||
|
||||
type serverEntry struct {
|
||||
SpecHash uint64
|
||||
Server *Server
|
||||
AppDefHash uint64
|
||||
Server *Server
|
||||
}
|
||||
|
||||
type Controller struct {
|
||||
@ -124,7 +124,20 @@ func (c *Controller) updateAppRepository(ctx context.Context, specs *spec.Spec)
|
||||
func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey string) (err error) {
|
||||
appEntry := specs.Apps[appKey]
|
||||
|
||||
newAppSpecHash, err := hashstructure.Hash(appEntry, hashstructure.FormatV2, nil)
|
||||
var auth *spec.Auth
|
||||
if specs.Config != nil {
|
||||
auth = specs.Config.Auth
|
||||
}
|
||||
|
||||
appDef := struct {
|
||||
App spec.AppEntry
|
||||
Auth *spec.Auth
|
||||
}{
|
||||
App: appEntry,
|
||||
Auth: auth,
|
||||
}
|
||||
|
||||
newAppDefHash, err := hashstructure.Hash(appDef, hashstructure.FormatV2, nil)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
@ -163,20 +176,20 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
|
||||
}
|
||||
|
||||
server = &serverEntry{
|
||||
Server: NewServer(bundle, auth, options...),
|
||||
SpecHash: 0,
|
||||
Server: NewServer(bundle, auth, options...),
|
||||
AppDefHash: 0,
|
||||
}
|
||||
|
||||
c.servers[appKey] = server
|
||||
}
|
||||
|
||||
specChanged := newAppSpecHash != server.SpecHash
|
||||
defChanged := newAppDefHash != server.AppDefHash
|
||||
|
||||
if server.Server.Running() && !specChanged {
|
||||
if server.Server.Running() && !defChanged {
|
||||
return nil
|
||||
}
|
||||
|
||||
if specChanged && server.SpecHash != 0 {
|
||||
if defChanged && server.AppDefHash != 0 {
|
||||
logger.Info(
|
||||
ctx, "restarting app",
|
||||
logger.F("address", appEntry.Address),
|
||||
@ -194,7 +207,7 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
|
||||
return errors.Wrap(err, "could not start app")
|
||||
}
|
||||
|
||||
server.SpecHash = newAppSpecHash
|
||||
server.AppDefHash = newAppDefHash
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -3,11 +3,13 @@ package app
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
|
||||
appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/proxy/wildcard"
|
||||
edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
|
||||
authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
@ -109,7 +111,7 @@ func (s *Server) Stop() error {
|
||||
}()
|
||||
|
||||
if err := s.server.Close(); err != nil {
|
||||
panic(errors.WithStack(err))
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
@ -140,6 +142,10 @@ func (s *Server) configureAuth(router chi.Router, auth *spec.Auth) error {
|
||||
}
|
||||
}
|
||||
|
||||
if s.auth.Local.CookieDomain != "" {
|
||||
router.Use(invalidCookieDomainRedirect(s.auth.Local.CookieDomain))
|
||||
}
|
||||
|
||||
router.Handle("/auth/*", authHTTP.NewLocalHandler(
|
||||
jwa.HS256, key,
|
||||
authHTTP.WithRoutePrefix("/auth"),
|
||||
@ -158,3 +164,33 @@ func NewServer(bundle bundle.Bundle, auth *appSpec.Auth, handlerOptions ...edgeH
|
||||
handlerOptions: handlerOptions,
|
||||
}
|
||||
}
|
||||
|
||||
func invalidCookieDomainRedirect(cookieDomain string) func(http.Handler) http.Handler {
|
||||
domain := strings.TrimPrefix(cookieDomain, ".")
|
||||
hostPattern := "*" + domain
|
||||
|
||||
return func(h http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
hostParts := strings.SplitN(r.Host, ":", 2)
|
||||
|
||||
if !wildcard.Match(hostParts[0], hostPattern) {
|
||||
url := r.URL
|
||||
|
||||
newHost := domain
|
||||
if len(hostParts) > 1 {
|
||||
newHost += ":" + hostParts[1]
|
||||
}
|
||||
|
||||
url.Host = newHost
|
||||
|
||||
http.Redirect(w, r, url.String(), http.StatusTemporaryRedirect)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
h.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
return http.HandlerFunc(fn)
|
||||
}
|
||||
}
|
||||
|
@ -18,7 +18,7 @@ func GenerateToken(key jwk.Key, thumbprint string) (string, error) {
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
now := time.Now().UTC()
|
||||
|
||||
if err := token.Set(jwt.NotBeforeKey, now); err != nil {
|
||||
return "", errors.WithStack(err)
|
||||
|
2
internal/auth/thirdparty/jwt.go
vendored
2
internal/auth/thirdparty/jwt.go
vendored
@ -42,7 +42,7 @@ func GenerateToken(ctx context.Context, key jwk.Key, issuer, subject string, rol
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
now := time.Now().UTC()
|
||||
|
||||
if err := token.Set(jwt.NotBeforeKey, now); err != nil {
|
||||
return "", errors.WithStack(err)
|
||||
|
@ -15,6 +15,6 @@ type DatabaseConfig struct {
|
||||
func NewDefaultDatabaseConfig() DatabaseConfig {
|
||||
return DatabaseConfig{
|
||||
Driver: "sqlite",
|
||||
DSN: "sqlite://emissary.sqlite",
|
||||
DSN: "sqlite://emissary.sqlite?_fk=true&_journal=WAL",
|
||||
}
|
||||
}
|
||||
|
@ -45,7 +45,11 @@ func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentI
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
defer rows.Close()
|
||||
defer func() {
|
||||
if err := rows.Close(); err != nil {
|
||||
logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
|
||||
}
|
||||
}()
|
||||
|
||||
for rows.Next() {
|
||||
spec := &datastore.Spec{}
|
||||
@ -61,6 +65,10 @@ func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentI
|
||||
specs = append(specs, spec)
|
||||
}
|
||||
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return specs, nil
|
||||
}
|
||||
|
||||
@ -176,7 +184,11 @@ func (r *AgentRepository) Query(ctx context.Context, opts ...datastore.AgentQuer
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
defer rows.Close()
|
||||
defer func() {
|
||||
if err := rows.Close(); err != nil {
|
||||
logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
|
||||
}
|
||||
}()
|
||||
|
||||
for rows.Next() {
|
||||
agent := &datastore.Agent{}
|
||||
@ -192,6 +204,10 @@ func (r *AgentRepository) Query(ctx context.Context, opts ...datastore.AgentQuer
|
||||
agents = append(agents, agent)
|
||||
}
|
||||
|
||||
if err := rows.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, `SELECT count(id) FROM agents `+filters, args...)
|
||||
if err := row.Scan(&count); err != nil {
|
||||
return errors.WithStack(err)
|
||||
|
@ -9,7 +9,7 @@ server:
|
||||
port: 3000
|
||||
database:
|
||||
driver: sqlite
|
||||
dsn: sqlite:///var/lib/emissary/data.sqlite
|
||||
dsn: sqlite:///var/lib/emissary/data.sqlite?_fk=true&_journal=WAL
|
||||
cors:
|
||||
allowedOrigins: []
|
||||
allowCredentials: true
|
||||
|
Reference in New Issue
Block a user