|
|
|
@ -33,6 +33,7 @@ import (
|
|
|
|
|
|
|
|
|
|
"github.com/go-openapi/runtime/client"
|
|
|
|
|
"github.com/gorilla/csrf"
|
|
|
|
|
"github.com/knadh/koanf"
|
|
|
|
|
hydra "github.com/ory/hydra-client-go/client"
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
|
|
|
|
@ -145,22 +146,32 @@ func main() {
|
|
|
|
|
logger.Fatalf("could not initialize request error handling: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
handlerChain := tracing(logging(hsts(errorMiddleware(csrfProtect(router)))))
|
|
|
|
|
|
|
|
|
|
startServer(ctx, handlerChain, logger, config)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func startServer(ctx context.Context, handlerChain http.Handler, logger *log.Logger, config *koanf.Koanf) {
|
|
|
|
|
clientCertificateCAFile := config.MustString("security.client.ca-file")
|
|
|
|
|
serverName := config.String("server.name")
|
|
|
|
|
serverPort := config.Int("server.port")
|
|
|
|
|
|
|
|
|
|
clientCertPool := x509.NewCertPool()
|
|
|
|
|
pemBytes, err := ioutil.ReadFile(config.MustString("security.client.ca-file"))
|
|
|
|
|
pemBytes, err := ioutil.ReadFile(clientCertificateCAFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Fatalf("could not load client CA certificates: %v", err)
|
|
|
|
|
}
|
|
|
|
|
clientCertPool.AppendCertsFromPEM(pemBytes)
|
|
|
|
|
|
|
|
|
|
tlsConfig := &tls.Config{
|
|
|
|
|
ServerName: config.String("server.name"),
|
|
|
|
|
ServerName: serverName,
|
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
ClientAuth: tls.VerifyClientCertIfGiven,
|
|
|
|
|
ClientCAs: clientCertPool,
|
|
|
|
|
}
|
|
|
|
|
server := &http.Server{
|
|
|
|
|
Addr: fmt.Sprintf("%s:%d", config.String("server.name"), config.Int("server.port")),
|
|
|
|
|
Handler: tracing(logging(hsts(errorMiddleware(csrfProtect(router))))),
|
|
|
|
|
Addr: fmt.Sprintf("%s:%d", serverName, serverPort),
|
|
|
|
|
Handler: handlerChain,
|
|
|
|
|
ReadTimeout: 20 * time.Second,
|
|
|
|
|
WriteTimeout: 20 * time.Second,
|
|
|
|
|
IdleTimeout: 30 * time.Second,
|
|
|
|
|