chore(sqlite): use wal journal mode and enable fk checks by default

feat(auth): use utc time
feat(storage,sqlite): log row closing errors
2023-03-29 20:58:46 +02:00 · 2023-03-29 20:49:44 +02:00 · 2023-03-29 20:10:06 +02:00 · 2023-03-29 17:29:16 +02:00 · 2023-03-29 15:32:23 +02:00
7 changed files with 81 additions and 16 deletions
--- a/internal/agent/controller/app/controller.go
+++ b/internal/agent/controller/app/controller.go
@ -16,8 +16,8 @@ import (
 )

 type serverEntry struct {
-	SpecHash uint64
-	Server   *Server
+	AppDefHash uint64
+	Server     *Server
 }

 type Controller struct {
@ -124,7 +124,20 @@ func (c *Controller) updateAppRepository(ctx context.Context, specs *spec.Spec)
 func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey string) (err error) {
 	appEntry := specs.Apps[appKey]

-	newAppSpecHash, err := hashstructure.Hash(appEntry, hashstructure.FormatV2, nil)
+	var auth *spec.Auth
+	if specs.Config != nil {
+		auth = specs.Config.Auth
+	}
+
+	appDef := struct {
+		App  spec.AppEntry
+		Auth *spec.Auth
+	}{
+		App:  appEntry,
+		Auth: auth,
+	}
+
+	newAppDefHash, err := hashstructure.Hash(appDef, hashstructure.FormatV2, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@ -163,20 +176,20 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 		}

 		server = &serverEntry{
-			Server:   NewServer(bundle, auth, options...),
-			SpecHash: 0,
+			Server:     NewServer(bundle, auth, options...),
+			AppDefHash: 0,
 		}

 		c.servers[appKey] = server
 	}

-	specChanged := newAppSpecHash != server.SpecHash
+	defChanged := newAppDefHash != server.AppDefHash

-	if server.Server.Running() && !specChanged {
+	if server.Server.Running() && !defChanged {
 		return nil
 	}

-	if specChanged && server.SpecHash != 0 {
+	if defChanged && server.AppDefHash != 0 {
 		logger.Info(
 			ctx, "restarting app",
 			logger.F("address", appEntry.Address),
@ -194,7 +207,7 @@ func (c *Controller) updateApp(ctx context.Context, specs *spec.Spec, appKey str
 		return errors.Wrap(err, "could not start app")
 	}

-	server.SpecHash = newAppSpecHash
+	server.AppDefHash = newAppDefHash

 	return nil
 }
--- a/internal/agent/controller/app/server.go
+++ b/internal/agent/controller/app/server.go
@ -3,11 +3,13 @@ package app
 import (
 	"context"
 	"net/http"
+	"strings"
 	"sync"
 	"time"

 	"forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
 	appSpec "forge.cadoles.com/Cadoles/emissary/internal/agent/controller/app/spec"
+	"forge.cadoles.com/Cadoles/emissary/internal/proxy/wildcard"
 	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"gitlab.com/wpetit/goweb/logger"
@ -109,7 +111,7 @@ func (s *Server) Stop() error {
 	}()

 	if err := s.server.Close(); err != nil {
-		panic(errors.WithStack(err))
+		return errors.WithStack(err)
 	}

 	return nil
@ -140,6 +142,10 @@ func (s *Server) configureAuth(router chi.Router, auth *spec.Auth) error {
 			}
 		}

+		if s.auth.Local.CookieDomain != "" {
+			router.Use(invalidCookieDomainRedirect(s.auth.Local.CookieDomain))
+		}
+
 		router.Handle("/auth/*", authHTTP.NewLocalHandler(
 			jwa.HS256, key,
 			authHTTP.WithRoutePrefix("/auth"),
@ -158,3 +164,33 @@ func NewServer(bundle bundle.Bundle, auth *appSpec.Auth, handlerOptions ...edgeH
 		handlerOptions: handlerOptions,
 	}
 }
+
+func invalidCookieDomainRedirect(cookieDomain string) func(http.Handler) http.Handler {
+	domain := strings.TrimPrefix(cookieDomain, ".")
+	hostPattern := "*" + domain
+
+	return func(h http.Handler) http.Handler {
+		fn := func(w http.ResponseWriter, r *http.Request) {
+			hostParts := strings.SplitN(r.Host, ":", 2)
+
+			if !wildcard.Match(hostParts[0], hostPattern) {
+				url := r.URL
+
+				newHost := domain
+				if len(hostParts) > 1 {
+					newHost += ":" + hostParts[1]
+				}
+
+				url.Host = newHost
+
+				http.Redirect(w, r, url.String(), http.StatusTemporaryRedirect)
+
+				return
+			}
+
+			h.ServeHTTP(w, r)
+		}
+
+		return http.HandlerFunc(fn)
+	}
+}
--- a/internal/auth/agent/jwt.go
+++ b/internal/auth/agent/jwt.go
@ -18,7 +18,7 @@ func GenerateToken(key jwk.Key, thumbprint string) (string, error) {
 		return "", errors.WithStack(err)
 	}

-	now := time.Now()
+	now := time.Now().UTC()

 	if err := token.Set(jwt.NotBeforeKey, now); err != nil {
 		return "", errors.WithStack(err)
--- a/internal/auth/thirdparty/jwt.go
+++ b/internal/auth/thirdparty/jwt.go
@ -42,7 +42,7 @@ func GenerateToken(ctx context.Context, key jwk.Key, issuer, subject string, rol
 		return "", errors.WithStack(err)
 	}

-	now := time.Now()
+	now := time.Now().UTC()

 	if err := token.Set(jwt.NotBeforeKey, now); err != nil {
 		return "", errors.WithStack(err)
--- a/internal/config/database.go
+++ b/internal/config/database.go
@ -15,6 +15,6 @@ type DatabaseConfig struct {
 func NewDefaultDatabaseConfig() DatabaseConfig {
 	return DatabaseConfig{
 		Driver: "sqlite",
-		DSN:    "sqlite://emissary.sqlite",
+		DSN:    "sqlite://emissary.sqlite?_fk=true&_journal=WAL",
 	}
 }
--- a/internal/datastore/sqlite/agent_repository.go
+++ b/internal/datastore/sqlite/agent_repository.go
@ -45,7 +45,11 @@ func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentI
 		return nil, errors.WithStack(err)
 	}

-	defer rows.Close()
+	defer func() {
+		if err := rows.Close(); err != nil {
+			logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+		}
+	}()

 	for rows.Next() {
 		spec := &datastore.Spec{}
@ -61,6 +65,10 @@ func (r *AgentRepository) GetSpecs(ctx context.Context, agentID datastore.AgentI
 		specs = append(specs, spec)
 	}

+	if err := rows.Err(); err != nil {
+		return nil, errors.WithStack(err)
+	}
+
 	return specs, nil
 }

@ -176,7 +184,11 @@ func (r *AgentRepository) Query(ctx context.Context, opts ...datastore.AgentQuer
 			return errors.WithStack(err)
 		}

-		defer rows.Close()
+		defer func() {
+			if err := rows.Close(); err != nil {
+				logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+			}
+		}()

 		for rows.Next() {
 			agent := &datastore.Agent{}
@ -192,6 +204,10 @@ func (r *AgentRepository) Query(ctx context.Context, opts ...datastore.AgentQuer
 			agents = append(agents, agent)
 		}

+		if err := rows.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
 		row := tx.QueryRowContext(ctx, `SELECT count(id) FROM agents `+filters, args...)
 		if err := row.Scan(&count); err != nil {
 			return errors.WithStack(err)
--- a/misc/packaging/common/config-server.yml
+++ b/misc/packaging/common/config-server.yml
@ -9,7 +9,7 @@ server:
    port: 3000
  database:
    driver: sqlite
-    dsn: sqlite:///var/lib/emissary/data.sqlite
+    dsn: sqlite:///var/lib/emissary/data.sqlite?_fk=true&_journal=WAL
  cors:
    allowedOrigins: []
    allowCredentials: true
Author	SHA1	Message	Date
William Petit	e5b6c5e949	chore(sqlite): use wal journal mode and enable fk checks by default	2023-03-29 20:58:46 +02:00
William Petit	9c69dc7ec8	feat(auth): use utc time	2023-03-29 20:49:44 +02:00
William Petit	4e6b450338	feat(storage,sqlite): log row closing errors	2023-03-29 20:10:06 +02:00
William Petit	351f22e216	feat(controller,app): automatically redirect requests to cookie domain	2023-03-29 17:29:16 +02:00
William Petit	854a6ae41b	fix(controller,app): include auth configuration in changes detection	2023-03-29 15:32:23 +02:00