cacert-boardvoting/cmd/boardvoting/main.go

/*
Copyright CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// The CAcert board voting software.
package main

import (
	"crypto/tls"
	"crypto/x509"
	"database/sql"
	"flag"
	"fmt"
	"io"
	"log"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"

	"github.com/alexedwards/scs/sqlite3store"
	"github.com/alexedwards/scs/v2"
	"github.com/jmoiron/sqlx"
	_ "github.com/mattn/go-sqlite3"

	u "git.cacert.org/cacert-boardvoting/internal/app"

	"git.cacert.org/cacert-boardvoting/internal"
)

const sessionHours = 12

var (
	version = "undefined"
	commit  = "undefined"
	date    = "undefined"
)

func main() {
	configFile := flag.String("config", "config.yaml", "Configuration file name")
	flag.Parse()

	infoLog := log.New(os.Stdout, "INFO\t", log.Ldate|log.Ltime)
	errorLog := log.New(os.Stderr, "ERROR\t", log.Ldate|log.Ltime)

	infoLog.Printf("CAcert Board Voting version %s, commit %s built at %s", version, commit, date)

	config, err := parseConfig(*configFile)
	if err != nil {
		errorLog.Fatal(err)
	}

	db, err := openDB(config.DatabaseFile)
	if err != nil {
		errorLog.Fatal(err)
	}

	defer func(db io.Closer) {
		_ = db.Close()
	}(db)

	if err != nil {
		errorLog.Fatalf("could not setup decision model: %v", err)
	}

	sessionManager := scs.New()
	sessionManager.Store = sqlite3store.New(db.DB)
	sessionManager.Lifetime = sessionHours * time.Hour
	sessionManager.Cookie.SameSite = http.SameSiteStrictMode
	sessionManager.Cookie.Secure = true

	application, err := u.New(errorLog, infoLog, db, config.MailConfig, sessionManager)
	if err != nil {
		errorLog.Fatalf("could not setup application: %v", err)
	}

	err = internal.InitializeDb(db.DB, infoLog)
	if err != nil {
		errorLog.Fatal(err)
	}

	defer func(application io.Closer) {
		_ = application.Close()
	}(application)

	infoLog.Printf("Starting server on %s", config.HTTPAddress)

	errChan := make(chan error, 1)

	infoLog.Printf("TLS config setup, starting TLS server on %s", config.HTTPSAddress)

	go setupHTTPRedirect(config, errChan)

	err = startHTTPSServer(config, errorLog, application.Routes(), func() { _ = application.Close() })
	if err != nil {
		errorLog.Fatalf("ListenAndServeTLS (HTTPS) failed: %v", err)
	}

	if err := <-errChan; err != nil {
		errorLog.Fatalf("ListenAndServe (HTTP) failed: %v", err)
	}
}

func startHTTPSServer(config *Config, errorLog *log.Logger, routes http.Handler, shutdownFunc func()) error {
	tlsConfig, err := setupTLSConfig(config)
	if err != nil {
		return fmt.Errorf("could not setup TLS configuration: %w", err)
	}

	srv := &http.Server{
		Addr:              config.HTTPSAddress,
		TLSConfig:         tlsConfig,
		ErrorLog:          errorLog,
		Handler:           routes,
		IdleTimeout:       config.Timeouts.Idle,
		ReadHeaderTimeout: config.Timeouts.ReadHeader,
		ReadTimeout:       config.Timeouts.Read,
		WriteTimeout:      config.Timeouts.Write,
	}

	srv.RegisterOnShutdown(shutdownFunc)

	err = srv.ListenAndServeTLS(config.ServerCert, config.ServerKey)
	if err != nil {
		return fmt.Errorf("")
	}

	return nil
}

func setupHTTPRedirect(config *Config, errChan chan error) {
	redirect := &http.Server{
		Addr: config.HTTPAddress,
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			redirectURL := url.URL{
				Scheme: "https://",
				Host: strings.Join(
					[]string{
						strings.Split(r.URL.Host, ":")[0],
						strings.Split(config.HTTPSAddress, ":")[1],
					},
					":",
				),
				Path: r.URL.Path,
			}

			http.Redirect(w, r, redirectURL.String(), http.StatusMovedPermanently)
		}),
		IdleTimeout:       config.Timeouts.Idle,
		ReadHeaderTimeout: config.Timeouts.ReadHeader,
		ReadTimeout:       config.Timeouts.Read,
		WriteTimeout:      config.Timeouts.Write,
	}

	if err := redirect.ListenAndServe(); err != nil {
		errChan <- err
	}

	close(errChan)
}

func setupTLSConfig(config *Config) (*tls.Config, error) {
	caCert, err := os.ReadFile(config.ClientCACertificates)
	if err != nil {
		return nil, fmt.Errorf("could not read client certificate CAs %w", err)
	}

	caCertPool := x509.NewCertPool()
	if !caCertPool.AppendCertsFromPEM(caCert) {
		return nil, fmt.Errorf(
			"could not initialize client CA certificate pool from %s",
			config.ClientCACertificates,
		)
	}

	return &tls.Config{
		MinVersion: tls.VersionTLS12,
		ClientCAs:  caCertPool,
		ClientAuth: tls.VerifyClientCertIfGiven,
	}, nil
}

func openDB(dbFile string) (*sqlx.DB, error) {
	db, err := sql.Open("sqlite3", dbFile)
	if err != nil {
		return nil, fmt.Errorf("could not open database file %s: %w", dbFile, err)
	}

	if err = db.Ping(); err != nil {
		return nil, fmt.Errorf("could not ping database: %w", err)
	}

	return sqlx.NewDb(db, "sqlite3"), nil
}
Start move to new directory structure - create cmd/boardvoting/main.go - adapt .goreleaser.yml and Makefile to use cmd/boardvoting for the main package 2022-05-08 17:15:40 +00:00			`/*`
Update linter config and apply suggestions - remove copyright years (they are in git) - remove outdated linter bug workarounds - update .golangci.yml to match current schema (as of golangci-lint 1.59.0) 2024-06-08 08:29:35 +00:00			`Copyright CAcert Inc.`
Start move to new directory structure - create cmd/boardvoting/main.go - adapt .goreleaser.yml and Makefile to use cmd/boardvoting for the main package 2022-05-08 17:15:40 +00:00			`SPDX-License-Identifier: Apache-2.0`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`// The CAcert board voting software.`
			`package main`

Start refactoring to packages 2022-05-09 19:09:24 +00:00			`import (`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`"crypto/tls"`
			`"crypto/x509"`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`"database/sql"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`"flag"`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`"fmt"`
Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`"io"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`"log"`
			`"net/http"`
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`"net/url"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`"os"`
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`"strings"`
Implement new motion form - add session handler - add form decoder from go-playground - implement custom decoder for VoteType 2022-05-22 19:15:54 +00:00			`"time"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Implement new motion form - add session handler - add form decoder from go-playground - implement custom decoder for VoteType 2022-05-22 19:15:54 +00:00			`"github.com/alexedwards/scs/sqlite3store"`
			`"github.com/alexedwards/scs/v2"`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`"github.com/jmoiron/sqlx"`
			`_ "github.com/mattn/go-sqlite3"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`u "git.cacert.org/cacert-boardvoting/internal/app"`

Start notification job refactoring 2022-05-15 18:10:49 +00:00			`"git.cacert.org/cacert-boardvoting/internal"`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`)`
Start move to new directory structure - create cmd/boardvoting/main.go - adapt .goreleaser.yml and Makefile to use cmd/boardvoting for the main package 2022-05-08 17:15:40 +00:00
Implement database mapping for vote types 2022-05-22 19:47:27 +00:00			`const sessionHours = 12`

Start move to new directory structure - create cmd/boardvoting/main.go - adapt .goreleaser.yml and Makefile to use cmd/boardvoting for the main package 2022-05-08 17:15:40 +00:00			`var (`
			`version = "undefined"`
			`commit = "undefined"`
			`date = "undefined"`
			`)`

			`func main() {`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`configFile := flag.String("config", "config.yaml", "Configuration file name")`
			`flag.Parse()`

			`infoLog := log.New(os.Stdout, "INFO\t", log.Ldate\|log.Ltime)`
			`errorLog := log.New(os.Stderr, "ERROR\t", log.Ldate\|log.Ltime)`

			`infoLog.Printf("CAcert Board Voting version %s, commit %s built at %s", version, commit, date)`

Implement new motion form - add session handler - add form decoder from go-playground - implement custom decoder for VoteType 2022-05-22 19:15:54 +00:00			`config, err := parseConfig(*configFile)`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`if err != nil {`
			`errorLog.Fatal(err)`
			`}`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`db, err := openDB(config.DatabaseFile)`
			`if err != nil {`
			`errorLog.Fatal(err)`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`}`

Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`defer func(db io.Closer) {`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`_ = db.Close()`
			`}(db)`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`if err != nil {`
			`errorLog.Fatalf("could not setup decision model: %v", err)`
			`}`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Implement new motion form - add session handler - add form decoder from go-playground - implement custom decoder for VoteType 2022-05-22 19:15:54 +00:00			`sessionManager := scs.New()`
			`sessionManager.Store = sqlite3store.New(db.DB)`
Implement database mapping for vote types 2022-05-22 19:47:27 +00:00			`sessionManager.Lifetime = sessionHours * time.Hour`
Implement flash messages - configure session cookie security - setup flash message handling in newTemplateData - show flash message in base.html - add flash message for new motion 2022-05-26 14:27:44 +00:00			`sessionManager.Cookie.SameSite = http.SameSiteStrictMode`
			`sessionManager.Cookie.Secure = true`
Implement new motion form - add session handler - add form decoder from go-playground - implement custom decoder for VoteType 2022-05-22 19:15:54 +00:00
Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`application, err := u.New(errorLog, infoLog, db, config.MailConfig, sessionManager)`
			`if err != nil {`
			`errorLog.Fatalf("could not setup application: %v", err)`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`}`
Fix golangci-lint warnings 2022-05-21 12:09:19 +00:00
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`err = internal.InitializeDb(db.DB, infoLog)`
			`if err != nil {`
			`errorLog.Fatal(err)`
			`}`

Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`defer func(application io.Closer) {`
			`_ = application.Close()`
			`}(application)`
Remove old code - remove the old code and its dependencies - perform some refactoring and fix notifications - add TODO tags for observed shortcomings - rename voters.go to users.go - implement health check for SMTP connection 2022-05-29 13:36:27 +00:00
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`infoLog.Printf("Starting server on %s", config.HTTPAddress)`

			`errChan := make(chan error, 1)`

Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`infoLog.Printf("TLS config setup, starting TLS server on %s", config.HTTPSAddress)`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`go setupHTTPRedirect(config, errChan)`

Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`err = startHTTPSServer(config, errorLog, application.Routes(), func() { _ = application.Close() })`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`if err != nil {`
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`errorLog.Fatalf("ListenAndServeTLS (HTTPS) failed: %v", err)`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`}`

Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`if err := <-errChan; err != nil {`
			`errorLog.Fatalf("ListenAndServe (HTTP) failed: %v", err)`
			`}`
			`}`

Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`func startHTTPSServer(config Config, errorLog log.Logger, routes http.Handler, shutdownFunc func()) error {`
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`tlsConfig, err := setupTLSConfig(config)`
			`if err != nil {`
			`return fmt.Errorf("could not setup TLS configuration: %w", err)`
			`}`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`srv := &http.Server{`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`Addr: config.HTTPSAddress,`
			`TLSConfig: tlsConfig,`
Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`ErrorLog: errorLog,`
			`Handler: routes,`
Start notification job refactoring 2022-05-15 18:10:49 +00:00			`IdleTimeout: config.Timeouts.Idle,`
			`ReadHeaderTimeout: config.Timeouts.ReadHeader,`
			`ReadTimeout: config.Timeouts.Read,`
			`WriteTimeout: config.Timeouts.Write,`
Start refactoring to packages 2022-05-09 19:09:24 +00:00			`}`

Refactoring away from main package This commit is a refactoring of code that has been located in the main package. We introduce separate packages for the main application, jobs, notifications, and request handlers. Dependencies are injected from the main application, this will make testing easier. 2022-10-15 17:58:58 +00:00			`srv.RegisterOnShutdown(shutdownFunc)`

Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`err = srv.ListenAndServeTLS(config.ServerCert, config.ServerKey)`
			`if err != nil {`
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`return fmt.Errorf("")`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`}`

Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`return nil`
			`}`

			`func setupHTTPRedirect(config *Config, errChan chan error) {`
			`redirect := &http.Server{`
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`Addr: config.HTTPAddress,`
			`Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Implement small improvements - fix golangci-lint warnings - start setup for user management - nicer formatting of user login information 2022-05-26 14:47:57 +00:00			`redirectURL := url.URL{`
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`Scheme: "https://",`
			`Host: strings.Join(`
			`[]string{`
			`strings.Split(r.URL.Host, ":")[0],`
			`strings.Split(config.HTTPSAddress, ":")[1],`
			`},`
			`":",`
			`),`
			`Path: r.URL.Path,`
			`}`

Implement small improvements - fix golangci-lint warnings - start setup for user management - nicer formatting of user login information 2022-05-26 14:47:57 +00:00			`http.Redirect(w, r, redirectURL.String(), http.StatusMovedPermanently)`
Finish new motion create implementation - rename config block mail_server to mail_config - rename smtp server settings - move mail notification settings to mail_config - improve navigation templates - prepare routes for user management 2022-05-26 13:27:25 +00:00			`}),`
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00			`IdleTimeout: config.Timeouts.Idle,`
			`ReadHeaderTimeout: config.Timeouts.ReadHeader,`
			`ReadTimeout: config.Timeouts.Read,`
			`WriteTimeout: config.Timeouts.Write,`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`}`
Use httprouter.NotFound and httprouter.PanicHandler 2022-05-22 13:00:50 +00:00
			`if err := redirect.ListenAndServe(); err != nil {`
			`errChan <- err`
			`}`

			`close(errChan)`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`}`
Start refactoring to packages 2022-05-09 19:09:24 +00:00
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`func setupTLSConfig(config Config) (tls.Config, error) {`
Fix golangci-lint warnings 2022-09-26 09:58:36 +00:00			`caCert, err := os.ReadFile(config.ClientCACertificates)`
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("could not read client certificate CAs %w", err)`
			`}`

			`caCertPool := x509.NewCertPool()`
			`if !caCertPool.AppendCertsFromPEM(caCert) {`
			`return nil, fmt.Errorf(`
			`"could not initialize client CA certificate pool from %s",`
			`config.ClientCACertificates,`
			`)`
			`}`
Start notification job refactoring 2022-05-15 18:10:49 +00:00
Implement security headers and HTTPS 2022-05-22 09:02:37 +00:00			`return &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`ClientCAs: caCertPool,`
			`ClientAuth: tls.VerifyClientCertIfGiven,`
			`}, nil`
Start move to new directory structure - create cmd/boardvoting/main.go - adapt .goreleaser.yml and Makefile to use cmd/boardvoting for the main package 2022-05-08 17:15:40 +00:00			`}`
Start notification job refactoring 2022-05-15 18:10:49 +00:00
			`func openDB(dbFile string) (*sqlx.DB, error) {`
			`db, err := sql.Open("sqlite3", dbFile)`
			`if err != nil {`
			`return nil, fmt.Errorf("could not open database file %s: %w", dbFile, err)`
			`}`

			`if err = db.Ping(); err != nil {`
			`return nil, fmt.Errorf("could not ping database: %w", err)`
			`}`

			`return sqlx.NewDb(db, "sqlite3"), nil`
			`}`