emissary/internal/agent/controller/app/server.go

package app

import (
	"context"
	"database/sql"
	"net/http"
	"sync"

	appSpec "forge.cadoles.com/Cadoles/emissary/internal/spec/app"
	"forge.cadoles.com/arcad/edge/pkg/app"
	"forge.cadoles.com/arcad/edge/pkg/bus"
	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
	"forge.cadoles.com/arcad/edge/pkg/module"
	"forge.cadoles.com/arcad/edge/pkg/module/auth"
	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
	"forge.cadoles.com/arcad/edge/pkg/module/cast"
	"forge.cadoles.com/arcad/edge/pkg/module/net"
	"forge.cadoles.com/arcad/edge/pkg/storage"
	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
	"gitlab.com/wpetit/goweb/logger"

	"forge.cadoles.com/arcad/edge/pkg/bundle"
	"github.com/dop251/goja"
	"github.com/go-chi/chi/middleware"
	"github.com/go-chi/chi/v5"
	"github.com/lestrrat-go/jwx/v2/jwa"
	"github.com/lestrrat-go/jwx/v2/jwk"
	"github.com/pkg/errors"

	_ "forge.cadoles.com/Cadoles/emissary/internal/imports/passwd"
)

type Server struct {
	bundle      bundle.Bundle
	db          *sql.DB
	server      *http.Server
	serverMutex sync.RWMutex
	auth        *appSpec.Auth
	keySet      jwk.Set
}

func (s *Server) Start(ctx context.Context, addr string) (err error) {
	if s.server != nil {
		if err := s.Stop(); err != nil {
			return errors.WithStack(err)
		}
	}

	router := chi.NewRouter()

	router.Use(middleware.Logger)

	bus := memory.NewBus()
	ds := sqlite.NewDocumentStoreWithDB(s.db)
	bs := sqlite.NewBlobStoreWithDB(s.db)

	handler := edgeHTTP.NewHandler(
		edgeHTTP.WithBus(bus),
		edgeHTTP.WithServerModules(s.getAppModules(bus, ds, bs)...),
	)
	if err := handler.Load(s.bundle); err != nil {
		return errors.Wrap(err, "could not load app bundle")
	}

	if s.auth != nil {
		if s.auth.Local != nil {
			var rawKey any = s.auth.Local.Key
			if strKey, ok := rawKey.(string); ok {
				rawKey = []byte(strKey)
			}

			key, err := jwk.FromRaw(rawKey)
			if err != nil {
				return errors.WithStack(err)
			}

			if err := key.Set(jwk.AlgorithmKey, jwa.HS256); err != nil {
				return errors.WithStack(err)
			}

			keySet := jwk.NewSet()
			if err := keySet.AddKey(key); err != nil {
				return errors.WithStack(err)
			}

			s.keySet = keySet

			router.Handle("/auth/*", authHTTP.NewLocalHandler(
				jwa.HS256, key,
				authHTTP.WithRoutePrefix("/auth"),
				authHTTP.WithAccounts(s.auth.Local.Accounts...),
			))
		}
	}

	router.Handle("/*", handler)

	server := &http.Server{
		Addr:    addr,
		Handler: router,
	}

	go func() {
		defer func() {
			if recovered := recover(); recovered != nil {
				if err, ok := recovered.(error); ok {
					logger.Error(ctx, err.Error(), logger.E(errors.WithStack(err)))

					return
				}

				panic(recovered)
			}
		}()

		defer func() {
			if err := s.Stop(); err != nil {
				panic(errors.WithStack(err))
			}
		}()

		if err := server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
			panic(errors.WithStack(err))
		}
	}()

	s.serverMutex.Lock()
	s.server = server
	s.serverMutex.Unlock()

	return nil
}

func (s *Server) Running() bool {
	s.serverMutex.RLock()
	defer s.serverMutex.RUnlock()

	return s.server != nil
}

func (s *Server) Stop() error {
	if s.server == nil {
		return nil
	}

	defer func() {
		s.serverMutex.Lock()
		s.server = nil
		s.serverMutex.Unlock()
	}()

	if err := s.server.Close(); err != nil {
		panic(errors.WithStack(err))
	}

	return nil
}

func (s *Server) getAppModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore) []app.ServerModuleFactory {
	return []app.ServerModuleFactory{
		module.ContextModuleFactory(),
		module.ConsoleModuleFactory(),
		cast.CastModuleFactory(),
		module.LifecycleModuleFactory(),
		net.ModuleFactory(bus),
		module.RPCModuleFactory(bus),
		module.StoreModuleFactory(ds),
		module.BlobModuleFactory(bus, bs),
		module.Extends(
			auth.ModuleFactory(
				auth.WithJWT(s.getJWTKeySet),
			),
			func(o *goja.Object) {
				if err := o.Set("CLAIM_TENANT", "arcad_tenant"); err != nil {
					panic(errors.New("could not set 'CLAIM_TENANT' property"))
				}

				if err := o.Set("CLAIM_ENTRYPOINT", "arcad_entrypoint"); err != nil {
					panic(errors.New("could not set 'CLAIM_ENTRYPOINT' property"))
				}

				if err := o.Set("CLAIM_ROLE", "arcad_role"); err != nil {
					panic(errors.New("could not set 'CLAIM_ROLE' property"))
				}

				if err := o.Set("CLAIM_PREFERRED_USERNAME", "preferred_username"); err != nil {
					panic(errors.New("could not set 'CLAIM_PREFERRED_USERNAME' property"))
				}
			},
		),
	}
}

func (s *Server) getJWTKeySet() (jwk.Set, error) {
	return s.keySet, nil
}

func NewServer(bundle bundle.Bundle, db *sql.DB, auth *appSpec.Auth) *Server {
	return &Server{
		bundle: bundle,
		db:     db,
		auth:   auth,
	}
}