199 lines
4.8 KiB
Go
199 lines
4.8 KiB
Go
/*
|
|
Copyright 2017-2022 CAcert Inc.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// The CAcert board voting software.
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"database/sql"
|
|
"flag"
|
|
"fmt"
|
|
"html/template"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
|
|
"github.com/jmoiron/sqlx"
|
|
_ "github.com/mattn/go-sqlite3"
|
|
|
|
"git.cacert.org/cacert-boardvoting/internal"
|
|
"git.cacert.org/cacert-boardvoting/internal/models"
|
|
)
|
|
|
|
var (
|
|
version = "undefined"
|
|
commit = "undefined"
|
|
date = "undefined"
|
|
)
|
|
|
|
type application struct {
|
|
errorLog, infoLog *log.Logger
|
|
voters *models.VoterModel
|
|
motions *models.MotionModel
|
|
jobScheduler *JobScheduler
|
|
mailNotifier *MailNotifier
|
|
mailConfig *mailConfig
|
|
baseURL string
|
|
templateCache map[string]*template.Template
|
|
}
|
|
|
|
func main() {
|
|
configFile := flag.String("config", "config.yaml", "Configuration file name")
|
|
flag.Parse()
|
|
|
|
infoLog := log.New(os.Stdout, "INFO\t", log.Ldate|log.Ltime)
|
|
errorLog := log.New(os.Stderr, "ERROR\t", log.Ldate|log.Ltime)
|
|
|
|
infoLog.Printf("CAcert Board Voting version %s, commit %s built at %s", version, commit, date)
|
|
|
|
ctx, err := parseConfig(context.Background(), *configFile)
|
|
if err != nil {
|
|
errorLog.Fatal(err)
|
|
}
|
|
|
|
config, err := GetConfig(ctx)
|
|
if err != nil {
|
|
errorLog.Fatal(err)
|
|
}
|
|
|
|
db, err := openDB(config.DatabaseFile)
|
|
if err != nil {
|
|
errorLog.Fatal(err)
|
|
}
|
|
|
|
defer func(db *sqlx.DB) {
|
|
_ = db.Close()
|
|
}(db)
|
|
|
|
if err != nil {
|
|
errorLog.Fatalf("could not setup decision model: %v", err)
|
|
}
|
|
|
|
templateCache, err := newTemplateCache()
|
|
if err != nil {
|
|
errorLog.Fatal(err)
|
|
}
|
|
|
|
app := &application{
|
|
errorLog: errorLog,
|
|
infoLog: infoLog,
|
|
motions: &models.MotionModel{DB: db, InfoLog: infoLog},
|
|
voters: &models.VoterModel{DB: db},
|
|
mailConfig: config.MailConfig,
|
|
baseURL: config.BaseURL,
|
|
templateCache: templateCache,
|
|
}
|
|
|
|
app.NewMailNotifier()
|
|
defer app.mailNotifier.Quit()
|
|
|
|
app.NewJobScheduler()
|
|
defer app.jobScheduler.Quit()
|
|
|
|
err = internal.InitializeDb(db.DB, infoLog)
|
|
if err != nil {
|
|
errorLog.Fatal(err)
|
|
}
|
|
|
|
go app.jobScheduler.Schedule()
|
|
|
|
infoLog.Printf("Starting server on %s", config.HTTPAddress)
|
|
|
|
errChan := make(chan error, 1)
|
|
|
|
go func() {
|
|
redirect := &http.Server{
|
|
Addr: config.HTTPAddress,
|
|
Handler: http.RedirectHandler(config.BaseURL, http.StatusMovedPermanently),
|
|
IdleTimeout: config.Timeouts.Idle,
|
|
ReadHeaderTimeout: config.Timeouts.ReadHeader,
|
|
ReadTimeout: config.Timeouts.Read,
|
|
WriteTimeout: config.Timeouts.Write,
|
|
}
|
|
|
|
if err := redirect.ListenAndServe(); err != nil {
|
|
errChan <- err
|
|
}
|
|
|
|
close(errChan)
|
|
}()
|
|
|
|
tlsConfig, err := setupTLSConfig(config)
|
|
if err != nil {
|
|
errorLog.Fatalf("could not setup TLS configuration: %v", err)
|
|
}
|
|
|
|
infoLog.Printf("TLS config setup, starting TLS server on %s", config.HTTPSAddress)
|
|
|
|
srv := &http.Server{
|
|
Addr: config.HTTPSAddress,
|
|
TLSConfig: tlsConfig,
|
|
ErrorLog: errorLog,
|
|
Handler: app.routes(),
|
|
IdleTimeout: config.Timeouts.Idle,
|
|
ReadHeaderTimeout: config.Timeouts.ReadHeader,
|
|
ReadTimeout: config.Timeouts.Read,
|
|
WriteTimeout: config.Timeouts.Write,
|
|
}
|
|
|
|
err = srv.ListenAndServeTLS(config.ServerCert, config.ServerKey)
|
|
if err != nil {
|
|
errorLog.Fatalf("ListenAndServeTLS (HTTPS) failed: %v", err)
|
|
}
|
|
|
|
if err := <-errChan; err != nil {
|
|
errorLog.Fatalf("ListenAndServe (HTTP) failed: %v", err)
|
|
}
|
|
}
|
|
|
|
func setupTLSConfig(config *Config) (*tls.Config, error) {
|
|
caCert, err := ioutil.ReadFile(config.ClientCACertificates)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not read client certificate CAs %w", err)
|
|
}
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
if !caCertPool.AppendCertsFromPEM(caCert) {
|
|
return nil, fmt.Errorf(
|
|
"could not initialize client CA certificate pool from %s",
|
|
config.ClientCACertificates,
|
|
)
|
|
}
|
|
|
|
return &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
ClientCAs: caCertPool,
|
|
ClientAuth: tls.VerifyClientCertIfGiven,
|
|
}, nil
|
|
}
|
|
|
|
func openDB(dbFile string) (*sqlx.DB, error) {
|
|
db, err := sql.Open("sqlite3", dbFile)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("could not open database file %s: %w", dbFile, err)
|
|
}
|
|
|
|
if err = db.Ping(); err != nil {
|
|
return nil, fmt.Errorf("could not ping database: %w", err)
|
|
}
|
|
|
|
return sqlx.NewDb(db, "sqlite3"), nil
|
|
}
|