super-graph/internal/serv/init.go

package serv

import (
	"crypto/tls"
	"crypto/x509"
	"database/sql"
	"errors"
	"fmt"
	"io/ioutil"
	"path"
	"path/filepath"
	"strings"
	"time"

	"contrib.go.opencensus.io/integrations/ocsql"
	"github.com/jackc/pgx/v4"
	"github.com/jackc/pgx/v4/stdlib"
)

const (
	PEM_SIG = "--BEGIN "
)

func initConf() (*Config, error) {
	cp, err := filepath.Abs(confPath)
	if err != nil {
		return nil, err
	}

	c, err := ReadInConfig(path.Join(cp, GetConfigName()))
	if err != nil {
		return nil, err
	}

	switch c.LogLevel {
	case "debug":
		logLevel = LogLevelDebug
	case "error":
		logLevel = LogLevelError
	case "warn":
		logLevel = LogLevelWarn
	case "info":
		logLevel = LogLevelInfo
	default:
		logLevel = LogLevelNone
	}

	// copy over db_schema from the core config
	if c.DB.Schema == "" {
		c.DB.Schema = c.DBSchema
	}

	// set default database schema
	if c.DB.Schema == "" {
		c.DB.Schema = "public"
	}

	// Auths: validate and sanitize
	am := make(map[string]struct{})

	for i := 0; i < len(c.Auths); i++ {
		a := &c.Auths[i]
		a.Name = sanitize(a.Name)

		if _, ok := am[a.Name]; ok {
			c.Auths = append(c.Auths[:i], c.Auths[i+1:]...)
			log.Printf("WRN duplicate auth found: %s", a.Name)
		}
		am[a.Name] = struct{}{}
	}

	// Actions: validate and sanitize
	axm := make(map[string]struct{})

	for i := 0; i < len(c.Actions); i++ {
		a := &c.Actions[i]
		a.Name = sanitize(a.Name)
		a.AuthName = sanitize(a.AuthName)

		if _, ok := axm[a.Name]; ok {
			c.Actions = append(c.Actions[:i], c.Actions[i+1:]...)
			log.Printf("WRN duplicate action found: %s", a.Name)
		}

		if _, ok := am[a.AuthName]; !ok {
			c.Actions = append(c.Actions[:i], c.Actions[i+1:]...)
			log.Printf("WRN invalid auth_name '%s' for auth: %s", a.AuthName, a.Name)
		}
		axm[a.Name] = struct{}{}
	}

	var anonFound bool

	for _, r := range c.Roles {
		if sanitize(r.Name) == "anon" {
			anonFound = true
		}
	}

	if !anonFound {
		log.Printf("WRN unauthenticated requests will be blocked. no role 'anon' defined")
		c.AuthFailBlock = false
	}

	if c.AllowListFile == "" {
		c.AllowListFile = c.relPath("./allow.list")
	}

	if c.Production {
		c.UseAllowList = true
	}

	return c, nil
}

func initDB(c *Config, useDB, useTelemetry bool) (*sql.DB, error) {
	var db *sql.DB
	var err error

	config, _ := pgx.ParseConfig("")
	config.Host = c.DB.Host
	config.Port = c.DB.Port
	config.User = c.DB.User
	config.Password = c.DB.Password
	config.RuntimeParams = map[string]string{
		"application_name": c.AppName,
		"search_path":      c.DB.Schema,
	}

	if useDB {
		config.Database = c.DB.DBName
	}

	if c.DB.EnableTLS {
		if len(c.DB.ServerName) == 0 {
			return nil, errors.New("server_name is required")
		}
		if len(c.DB.ServerCert) == 0 {
			return nil, errors.New("server_cert is required")
		}
		if len(c.DB.ClientCert) == 0 {
			return nil, errors.New("client_cert is required")
		}
		if len(c.DB.ClientKey) == 0 {
			return nil, errors.New("client_key is required")
		}

		rootCertPool := x509.NewCertPool()
		var pem []byte
		var err error

		if strings.Contains(c.DB.ServerCert, PEM_SIG) {
			pem = []byte(c.DB.ServerCert)
		} else {
			pem, err = ioutil.ReadFile(c.relPath(c.DB.ServerCert))
		}

		if err != nil {
			return nil, fmt.Errorf("db tls: %w", err)
		}

		if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
			return nil, errors.New("db tls: failed to append pem")
		}

		clientCert := make([]tls.Certificate, 0, 1)
		var certs tls.Certificate

		if strings.Contains(c.DB.ClientCert, PEM_SIG) {
			certs, err = tls.X509KeyPair([]byte(c.DB.ClientCert), []byte(c.DB.ClientKey))
		} else {
			certs, err = tls.LoadX509KeyPair(c.relPath(c.DB.ClientCert), c.relPath(c.DB.ClientKey))
		}

		if err != nil {
			return nil, fmt.Errorf("db tls: %w", err)
		}

		clientCert = append(clientCert, certs)
		config.TLSConfig = &tls.Config{
			RootCAs:      rootCertPool,
			Certificates: clientCert,
			ServerName:   c.DB.ServerName,
		}
	}

	// switch c.LogLevel {
	// case "debug":
	// 	config.LogLevel = pgx.LogLevelDebug
	// case "info":
	// 	config.LogLevel = pgx.LogLevelInfo
	// case "warn":
	// 	config.LogLevel = pgx.LogLevelWarn
	// case "error":
	// 	config.LogLevel = pgx.LogLevelError
	// default:
	// 	config.LogLevel = pgx.LogLevelNone
	// }

	//config.Logger = NewSQLLogger(logger)

	// if c.DB.MaxRetries != 0 {
	// 	opt.MaxRetries = c.DB.MaxRetries
	// }

	// if c.DB.PoolSize != 0 {
	// 	config.MaxConns = conf.DB.PoolSize
	// }

	connString := stdlib.RegisterConnConfig(config)
	driverName := "pgx"
	// if db = stdlib.OpenDB(*config); db == nil {
	// 	return errors.New("failed to open db")
	// }

	if useTelemetry && conf.telemetryEnabled() {
		opts := ocsql.TraceOptions{
			AllowRoot:    true,
			Ping:         true,
			RowsNext:     true,
			RowsClose:    true,
			RowsAffected: true,
			LastInsertID: true,
			Query:        conf.Telemetry.Tracing.IncludeQuery,
			QueryParams:  conf.Telemetry.Tracing.IncludeParams,
		}
		opt := ocsql.WithOptions(opts)
		name := ocsql.WithInstanceName(conf.AppName)

		driverName, err = ocsql.Register(driverName, opt, name)
		if err != nil {
			return nil, fmt.Errorf("unable to register ocsql driver: %v", err)
		}
		ocsql.RegisterAllViews()

		var interval time.Duration

		if conf.Telemetry.Interval != nil {
			interval = *conf.Telemetry.Interval
		} else {
			interval = 5 * time.Second
		}

		defer ocsql.RecordStats(db, interval)()

		log.Println("INF OpenCensus telemetry enabled")
	}

	for i := 1; i < 10; i++ {
		db, err = sql.Open(driverName, connString)
		if err != nil {
			continue
		}

		time.Sleep(time.Duration(i*100) * time.Millisecond)
	}

	if err != nil {
		return nil, fmt.Errorf("unable to open db connection: %v", err)
	}

	return db, nil
}
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`package serv`

			`import (`
Make go get to install work. 2020-04-16 06:26:32 +02:00			`"crypto/tls"`
			`"crypto/x509"`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`"database/sql"`
Make go get to install work. 2020-04-16 06:26:32 +02:00			`"errors"`
			`"fmt"`
			`"io/ioutil"`
Remove config package 2020-04-11 08:45:06 +02:00			`"path"`
fix: prepared statements not working in prod mode 2020-04-19 18:54:37 +02:00			`"path/filepath"`
Make go get to install work. 2020-04-16 06:26:32 +02:00			`"strings"`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`"time"`

feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00			`"contrib.go.opencensus.io/integrations/ocsql"`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`"github.com/jackc/pgx/v4"`
			`"github.com/jackc/pgx/v4/stdlib"`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`)`

Make go get to install work. 2020-04-16 06:26:32 +02:00			`const (`
			`PEM_SIG = "--BEGIN "`
			`)`

Remove config package 2020-04-11 08:45:06 +02:00			`func initConf() (*Config, error) {`
fix: prepared statements not working in prod mode 2020-04-19 18:54:37 +02:00			`cp, err := filepath.Abs(confPath)`
			`if err != nil {`
			`return nil, err`
			`}`

			`c, err := ReadInConfig(path.Join(cp, GetConfigName()))`
Remove config package 2020-04-11 08:45:06 +02:00			`if err != nil {`
			`return nil, err`
			`}`

			`switch c.LogLevel {`
			`case "debug":`
			`logLevel = LogLevelDebug`
			`case "error":`
			`logLevel = LogLevelError`
			`case "warn":`
			`logLevel = LogLevelWarn`
			`case "info":`
			`logLevel = LogLevelInfo`
			`default:`
			`logLevel = LogLevelNone`
			`}`

fix: postgres schema name config value is not used 2020-05-20 06:03:05 +02:00			`// copy over db_schema from the core config`
			`if c.DB.Schema == "" {`
			`c.DB.Schema = c.DBSchema`
			`}`

			`// set default database schema`
			`if c.DB.Schema == "" {`
			`c.DB.Schema = "public"`
			`}`

Remove config package 2020-04-11 08:45:06 +02:00			`// Auths: validate and sanitize`
			`am := make(map[string]struct{})`

			`for i := 0; i < len(c.Auths); i++ {`
			`a := &c.Auths[i]`
			`a.Name = sanitize(a.Name)`

			`if _, ok := am[a.Name]; ok {`
			`c.Auths = append(c.Auths[:i], c.Auths[i+1:]...)`
			`log.Printf("WRN duplicate auth found: %s", a.Name)`
			`}`
			`am[a.Name] = struct{}{}`
			`}`

			`// Actions: validate and sanitize`
			`axm := make(map[string]struct{})`

			`for i := 0; i < len(c.Actions); i++ {`
			`a := &c.Actions[i]`
			`a.Name = sanitize(a.Name)`
			`a.AuthName = sanitize(a.AuthName)`

			`if _, ok := axm[a.Name]; ok {`
			`c.Actions = append(c.Actions[:i], c.Actions[i+1:]...)`
			`log.Printf("WRN duplicate action found: %s", a.Name)`
			`}`

			`if _, ok := am[a.AuthName]; !ok {`
			`c.Actions = append(c.Actions[:i], c.Actions[i+1:]...)`
			`log.Printf("WRN invalid auth_name '%s' for auth: %s", a.AuthName, a.Name)`
			`}`
			`axm[a.Name] = struct{}{}`
			`}`

			`var anonFound bool`

			`for _, r := range c.Roles {`
			`if sanitize(r.Name) == "anon" {`
			`anonFound = true`
			`}`
			`}`

			`if !anonFound {`
			`log.Printf("WRN unauthenticated requests will be blocked. no role 'anon' defined")`
			`c.AuthFailBlock = false`
			`}`

docs: new website 2020-05-17 09:11:56 +02:00			`if c.AllowListFile == "" {`
fix: prepared statements not working in prod mode 2020-04-19 18:54:37 +02:00			`c.AllowListFile = c.relPath("./allow.list")`
			`}`

			`if c.Production {`
			`c.UseAllowList = true`
			`}`

Remove config package 2020-04-11 08:45:06 +02:00			`return c, nil`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`}`

fix: update embedded static assets 2020-05-23 22:53:39 +02:00			`func initDB(c Config, useDB, useTelemetry bool) (sql.DB, error) {`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`var db *sql.DB`
			`var err error`

Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`config, _ := pgx.ParseConfig("")`
			`config.Host = c.DB.Host`
			`config.Port = c.DB.Port`
			`config.User = c.DB.User`
			`config.Password = c.DB.Password`
			`config.RuntimeParams = map[string]string{`
			`"application_name": c.AppName,`
			`"search_path": c.DB.Schema,`
			`}`

Fix issue with failing db cmds 2020-04-13 06:43:18 +02:00			`if useDB {`
			`config.Database = c.DB.DBName`
			`}`

Make go get to install work. 2020-04-16 06:26:32 +02:00			`if c.DB.EnableTLS {`
			`if len(c.DB.ServerName) == 0 {`
			`return nil, errors.New("server_name is required")`
			`}`
			`if len(c.DB.ServerCert) == 0 {`
			`return nil, errors.New("server_cert is required")`
			`}`
			`if len(c.DB.ClientCert) == 0 {`
			`return nil, errors.New("client_cert is required")`
			`}`
			`if len(c.DB.ClientKey) == 0 {`
			`return nil, errors.New("client_key is required")`
			`}`

			`rootCertPool := x509.NewCertPool()`
			`var pem []byte`
			`var err error`

			`if strings.Contains(c.DB.ServerCert, PEM_SIG) {`
			`pem = []byte(c.DB.ServerCert)`
			`} else {`
Fix issue with relative paths and config files 2020-04-17 16:56:26 +02:00			`pem, err = ioutil.ReadFile(c.relPath(c.DB.ServerCert))`
Make go get to install work. 2020-04-16 06:26:32 +02:00			`}`

			`if err != nil {`
			`return nil, fmt.Errorf("db tls: %w", err)`
			`}`

			`if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {`
			`return nil, errors.New("db tls: failed to append pem")`
			`}`

			`clientCert := make([]tls.Certificate, 0, 1)`
			`var certs tls.Certificate`

			`if strings.Contains(c.DB.ClientCert, PEM_SIG) {`
			`certs, err = tls.X509KeyPair([]byte(c.DB.ClientCert), []byte(c.DB.ClientKey))`
			`} else {`
Fix issue with relative paths and config files 2020-04-17 16:56:26 +02:00			`certs, err = tls.LoadX509KeyPair(c.relPath(c.DB.ClientCert), c.relPath(c.DB.ClientKey))`
Make go get to install work. 2020-04-16 06:26:32 +02:00			`}`

			`if err != nil {`
			`return nil, fmt.Errorf("db tls: %w", err)`
			`}`

			`clientCert = append(clientCert, certs)`
			`config.TLSConfig = &tls.Config{`
			`RootCAs: rootCertPool,`
			`Certificates: clientCert,`
			`ServerName: c.DB.ServerName,`
			`}`
			`}`

Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// switch c.LogLevel {`
			`// case "debug":`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// config.LogLevel = pgx.LogLevelDebug`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// case "info":`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// config.LogLevel = pgx.LogLevelInfo`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// case "warn":`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// config.LogLevel = pgx.LogLevelWarn`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// case "error":`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// config.LogLevel = pgx.LogLevelError`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// default:`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// config.LogLevel = pgx.LogLevelNone`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`// }`

Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`//config.Logger = NewSQLLogger(logger)`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`// if c.DB.MaxRetries != 0 {`
			`// opt.MaxRetries = c.DB.MaxRetries`
			`// }`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00
			`// if c.DB.PoolSize != 0 {`
			`// config.MaxConns = conf.DB.PoolSize`
			`// }`

feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00			`connString := stdlib.RegisterConnConfig(config)`
			`driverName := "pgx"`
			`// if db = stdlib.OpenDB(*config); db == nil {`
			`// return errors.New("failed to open db")`
			`// }`

fix: allow unauthenticated operations in seed script 2020-05-23 22:37:15 +02:00			`if useTelemetry && conf.telemetryEnabled() {`
fix: add http tracing so end-to-end tracing is possible 2020-05-24 08:24:24 +02:00			`opts := ocsql.TraceOptions{`
docs: add telemetry docs 2020-05-24 16:44:00 +02:00			`AllowRoot: true,`
fix: add http tracing so end-to-end tracing is possible 2020-05-24 08:24:24 +02:00			`Ping: true,`
			`RowsNext: true,`
			`RowsClose: true,`
			`RowsAffected: true,`
			`LastInsertID: true,`
			`Query: conf.Telemetry.Tracing.IncludeQuery,`
			`QueryParams: conf.Telemetry.Tracing.IncludeParams,`
			`}`
			`opt := ocsql.WithOptions(opts)`
			`name := ocsql.WithInstanceName(conf.AppName)`

			`driverName, err = ocsql.Register(driverName, opt, name)`
feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("unable to register ocsql driver: %v", err)`
			`}`
			`ocsql.RegisterAllViews()`
fix: allow unauthenticated operations in seed script 2020-05-23 22:37:15 +02:00
			`var interval time.Duration`

			`if conf.Telemetry.Interval != nil {`
			`interval = *conf.Telemetry.Interval`
			`} else {`
			`interval = 5 * time.Second`
			`}`

			`defer ocsql.RecordStats(db, interval)()`
feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00
			`log.Println("INF OpenCensus telemetry enabled")`
			`}`

Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`for i := 1; i < 10; i++ {`
feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00			`db, err = sql.Open(driverName, connString)`
			`if err != nil {`
			`continue`
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`}`
feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`time.Sleep(time.Duration(i100) time.Millisecond)`
			`}`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00
Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`if err != nil {`
feat: add open opencensus telemetry support 2020-05-22 22:49:54 +02:00			`return nil, fmt.Errorf("unable to open db connection: %v", err)`
			`}`

Fix CloudRun connection issue 2020-04-12 16:09:37 +02:00			`return db, nil`
Refactor Super Graph into a library #26 2020-04-10 08:27:43 +02:00			`}`