2020-04-02 12:51:51 -07:00
|
|
|
// This file is part of MinIO Console Server
|
2021-01-19 17:04:13 -06:00
|
|
|
// Copyright (c) 2021 MinIO, Inc.
|
2020-04-01 18:18:57 -07:00
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
// This file is safe to edit. Once it exists it will not be overwritten
|
|
|
|
|
|
|
|
|
|
package restapi
|
|
|
|
|
|
|
|
|
|
import (
|
2020-10-21 13:13:40 -07:00
|
|
|
"bytes"
|
2020-04-01 18:18:57 -07:00
|
|
|
"crypto/tls"
|
2021-11-22 21:02:16 -08:00
|
|
|
"fmt"
|
2021-03-05 10:39:17 -08:00
|
|
|
"io"
|
|
|
|
|
"io/fs"
|
2021-06-15 17:52:39 -07:00
|
|
|
"log"
|
2021-09-13 20:09:19 -07:00
|
|
|
"net"
|
2020-04-01 18:18:57 -07:00
|
|
|
"net/http"
|
2021-09-13 20:09:19 -07:00
|
|
|
"path/filepath"
|
2022-03-07 17:30:36 -08:00
|
|
|
"regexp"
|
2020-04-01 18:18:57 -07:00
|
|
|
"strings"
|
2021-11-22 21:02:16 -08:00
|
|
|
"sync"
|
2020-10-21 13:13:40 -07:00
|
|
|
"time"
|
2020-04-01 18:18:57 -07:00
|
|
|
|
2021-10-26 18:20:26 -07:00
|
|
|
"github.com/klauspost/compress/gzhttp"
|
|
|
|
|
|
2021-03-05 10:39:17 -08:00
|
|
|
portal_ui "github.com/minio/console/portal-ui"
|
2022-01-08 20:56:54 -08:00
|
|
|
"github.com/minio/pkg/env"
|
2021-09-13 20:09:19 -07:00
|
|
|
"github.com/minio/pkg/mimedb"
|
2020-04-01 18:18:57 -07:00
|
|
|
|
|
|
|
|
"github.com/go-openapi/errors"
|
2020-10-29 22:26:48 -07:00
|
|
|
"github.com/go-openapi/swag"
|
|
|
|
|
"github.com/minio/console/models"
|
|
|
|
|
"github.com/minio/console/pkg/auth"
|
2020-07-26 00:34:17 -07:00
|
|
|
"github.com/minio/console/restapi/operations"
|
2020-04-06 13:24:15 -07:00
|
|
|
"github.com/unrolled/secure"
|
2020-04-01 18:18:57 -07:00
|
|
|
)
|
|
|
|
|
|
2020-07-26 00:34:17 -07:00
|
|
|
//go:generate swagger generate server --target ../../console --name Console --spec ../swagger.yml
|
2020-04-01 18:18:57 -07:00
|
|
|
|
2020-10-29 22:26:48 -07:00
|
|
|
var additionalServerFlags = struct {
|
|
|
|
|
CertsDir string `long:"certs-dir" description:"path to certs directory" env:"CONSOLE_CERTS_DIR"`
|
|
|
|
|
}{}
|
|
|
|
|
|
2021-11-22 21:02:16 -08:00
|
|
|
var subPath = "/"
|
|
|
|
|
var subPathOnce sync.Once
|
|
|
|
|
|
2020-07-26 00:34:17 -07:00
|
|
|
func configureFlags(api *operations.ConsoleAPI) {
|
2020-10-29 22:26:48 -07:00
|
|
|
api.CommandLineOptionsGroups = []swag.CommandLineOptionsGroup{
|
|
|
|
|
{
|
|
|
|
|
ShortDescription: "additional server flags",
|
|
|
|
|
Options: &additionalServerFlags,
|
|
|
|
|
},
|
|
|
|
|
}
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
|
2020-07-26 00:34:17 -07:00
|
|
|
func configureAPI(api *operations.ConsoleAPI) http.Handler {
|
2020-04-01 18:18:57 -07:00
|
|
|
// Applies when the "x-token" header is set
|
2020-04-02 12:06:52 -07:00
|
|
|
api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
|
2020-10-19 15:32:21 -07:00
|
|
|
// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
|
2020-07-10 19:14:28 -07:00
|
|
|
// was generated and signed by us in the first place
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
claims, err := auth.SessionTokenAuthenticate(token)
|
2020-07-10 19:14:28 -07:00
|
|
|
if err != nil {
|
2021-06-04 11:35:55 -07:00
|
|
|
api.Logger("Unable to validate the session token %s: %v", token, err)
|
2020-07-10 19:14:28 -07:00
|
|
|
return nil, errors.New(401, "incorrect api key auth")
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
2020-07-10 19:14:28 -07:00
|
|
|
return &models.Principal{
|
2020-12-07 17:11:08 -06:00
|
|
|
STSAccessKeyID: claims.STSAccessKeyID,
|
|
|
|
|
STSSecretAccessKey: claims.STSSecretAccessKey,
|
|
|
|
|
STSSessionToken: claims.STSSessionToken,
|
|
|
|
|
AccountAccessKey: claims.AccountAccessKey,
|
2022-02-21 21:42:18 -08:00
|
|
|
Hm: claims.HideMenu,
|
2020-07-10 19:14:28 -07:00
|
|
|
}, nil
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Register login handlers
|
|
|
|
|
registerLoginHandlers(api)
|
2020-04-08 12:36:14 -07:00
|
|
|
// Register logout handlers
|
|
|
|
|
registerLogoutHandlers(api)
|
2020-04-01 18:18:57 -07:00
|
|
|
// Register bucket handlers
|
|
|
|
|
registerBucketsHandlers(api)
|
|
|
|
|
// Register all users handlers
|
|
|
|
|
registerUsersHandlers(api)
|
|
|
|
|
// Register groups handlers
|
|
|
|
|
registerGroupsHandlers(api)
|
|
|
|
|
// Register policies handlers
|
|
|
|
|
registersPoliciesHandler(api)
|
|
|
|
|
// Register configurations handlers
|
|
|
|
|
registerConfigHandlers(api)
|
|
|
|
|
// Register bucket events handlers
|
|
|
|
|
registerBucketEventsHandlers(api)
|
2021-04-24 16:31:47 -05:00
|
|
|
// Register bucket lifecycle handlers
|
|
|
|
|
registerBucketsLifecycleHandlers(api)
|
2020-04-01 18:18:57 -07:00
|
|
|
// Register service handlers
|
|
|
|
|
registerServiceHandlers(api)
|
2020-04-02 09:57:59 -07:00
|
|
|
// Register profiling handlers
|
|
|
|
|
registerProfilingHandler(api)
|
2020-04-02 15:54:34 -07:00
|
|
|
// Register session handlers
|
|
|
|
|
registerSessionHandlers(api)
|
2022-03-07 17:56:42 -08:00
|
|
|
// Register version handlers
|
|
|
|
|
registerVersionHandlers(api)
|
2020-04-02 20:15:39 -07:00
|
|
|
// Register admin info handlers
|
|
|
|
|
registerAdminInfoHandlers(api)
|
2020-04-03 14:27:47 -07:00
|
|
|
// Register admin arns handlers
|
|
|
|
|
registerAdminArnsHandlers(api)
|
2020-04-09 16:07:26 -07:00
|
|
|
// Register admin notification endpoints handlers
|
|
|
|
|
registerAdminNotificationEndpointsHandlers(api)
|
2020-04-29 18:28:28 -07:00
|
|
|
// Register admin Service Account Handlers
|
|
|
|
|
registerServiceAccountsHandlers(api)
|
2020-09-28 12:46:08 -05:00
|
|
|
// Register admin remote buckets
|
|
|
|
|
registerAdminBucketRemoteHandlers(api)
|
2021-01-13 14:08:32 -06:00
|
|
|
// Register admin log search
|
|
|
|
|
registerLogSearchHandlers(api)
|
2022-01-23 23:42:00 -06:00
|
|
|
// Register admin subnet handlers
|
|
|
|
|
registerSubnetHandlers(api)
|
2021-04-24 16:31:47 -05:00
|
|
|
// Register Account handlers
|
|
|
|
|
registerAdminTiersHandlers(api)
|
2022-02-16 00:14:51 +00:00
|
|
|
//Register Inspect Handler
|
|
|
|
|
registerInspectHandler(api)
|
2022-04-04 11:54:03 -07:00
|
|
|
// Register nodes handlers
|
|
|
|
|
registerNodesHandler(api)
|
2020-04-01 18:18:57 -07:00
|
|
|
|
2022-03-31 17:11:01 +00:00
|
|
|
registerSiteReplicationHandler(api)
|
2022-04-14 07:21:43 +00:00
|
|
|
registerSiteReplicationStatusHandler(api)
|
2022-03-31 17:11:01 +00:00
|
|
|
|
2020-07-08 13:55:08 -07:00
|
|
|
// Operator Console
|
2021-07-19 11:48:50 -07:00
|
|
|
|
2020-09-29 14:34:51 -07:00
|
|
|
// Register Object's Handlers
|
|
|
|
|
registerObjectsHandlers(api)
|
2020-10-01 18:59:20 -07:00
|
|
|
// Register Bucket Quota's Handlers
|
|
|
|
|
registerBucketQuotaHandlers(api)
|
2020-12-07 17:11:08 -06:00
|
|
|
// Register Account handlers
|
|
|
|
|
registerAccountHandlers(api)
|
2020-07-01 18:03:22 -07:00
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
api.PreServerShutdown = func() {}
|
|
|
|
|
|
|
|
|
|
api.ServerShutdown = func() {}
|
|
|
|
|
|
|
|
|
|
return setupGlobalMiddleware(api.Serve(setupMiddlewares))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The TLS configuration before HTTPS server starts.
|
|
|
|
|
func configureTLS(tlsConfig *tls.Config) {
|
2021-06-07 16:33:47 -07:00
|
|
|
tlsConfig.RootCAs = GlobalRootCAs
|
2021-06-15 17:52:39 -07:00
|
|
|
tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The middleware configuration is for the handler executors. These do not apply to the swagger.json document.
|
|
|
|
|
// The middleware executes after routing but before authentication, binding and validation
|
|
|
|
|
func setupMiddlewares(handler http.Handler) http.Handler {
|
|
|
|
|
return handler
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
|
|
|
|
|
// So this is a good place to plug in a panic handling middleware, logging and metrics
|
|
|
|
|
func setupGlobalMiddleware(handler http.Handler) http.Handler {
|
2020-11-13 16:26:03 -08:00
|
|
|
// handle cookie or authorization header for session
|
|
|
|
|
next := AuthenticationMiddleware(handler)
|
2020-04-01 18:18:57 -07:00
|
|
|
// serve static files
|
2020-11-13 16:26:03 -08:00
|
|
|
next = FileServerMiddleware(next)
|
2021-09-13 20:09:19 -07:00
|
|
|
|
|
|
|
|
sslHostFn := secure.SSLHostFunc(func(host string) string {
|
|
|
|
|
h, _, err := net.SplitHostPort(host)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return host
|
|
|
|
|
}
|
|
|
|
|
return net.JoinHostPort(h, TLSPort)
|
|
|
|
|
})
|
|
|
|
|
|
2020-04-06 13:24:15 -07:00
|
|
|
// Secure middleware, this middleware wrap all the previous handlers and add
|
|
|
|
|
// HTTP security headers
|
|
|
|
|
secureOptions := secure.Options{
|
2021-07-19 11:48:50 -07:00
|
|
|
AllowedHosts: GetSecureAllowedHosts(),
|
|
|
|
|
AllowedHostsAreRegex: GetSecureAllowedHostsAreRegex(),
|
|
|
|
|
HostsProxyHeaders: GetSecureHostsProxyHeaders(),
|
2021-01-26 22:08:21 -06:00
|
|
|
SSLRedirect: GetTLSRedirect() == "on" && len(GlobalPublicCerts) > 0,
|
2021-09-13 20:09:19 -07:00
|
|
|
SSLHostFunc: &sslHostFn,
|
2021-07-19 11:48:50 -07:00
|
|
|
SSLHost: GetSecureTLSHost(),
|
|
|
|
|
STSSeconds: GetSecureSTSSeconds(),
|
|
|
|
|
STSIncludeSubdomains: GetSecureSTSIncludeSubdomains(),
|
|
|
|
|
STSPreload: GetSecureSTSPreload(),
|
2021-09-13 20:09:19 -07:00
|
|
|
SSLTemporaryRedirect: false,
|
2021-07-19 11:48:50 -07:00
|
|
|
ForceSTSHeader: GetSecureForceSTSHeader(),
|
|
|
|
|
FrameDeny: GetSecureFrameDeny(),
|
|
|
|
|
ContentTypeNosniff: GetSecureContentTypeNonSniff(),
|
|
|
|
|
BrowserXssFilter: GetSecureBrowserXSSFilter(),
|
|
|
|
|
ContentSecurityPolicy: GetSecureContentSecurityPolicy(),
|
|
|
|
|
ContentSecurityPolicyReportOnly: GetSecureContentSecurityPolicyReportOnly(),
|
|
|
|
|
PublicKey: GetSecurePublicKey(),
|
|
|
|
|
ReferrerPolicy: GetSecureReferrerPolicy(),
|
|
|
|
|
FeaturePolicy: GetSecureFeaturePolicy(),
|
|
|
|
|
ExpectCTHeader: GetSecureExpectCTHeader(),
|
2021-06-18 15:40:25 -07:00
|
|
|
IsDevelopment: false,
|
2020-04-06 13:24:15 -07:00
|
|
|
}
|
|
|
|
|
secureMiddleware := secure.New(secureOptions)
|
2021-10-26 18:20:26 -07:00
|
|
|
next = secureMiddleware.Handler(next)
|
|
|
|
|
gnext := gzhttp.GzipHandler(next)
|
|
|
|
|
return RejectS3Middleware(gnext)
|
2021-10-20 02:18:16 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RejectS3Middleware will reject requests that have AWS S3 specific headers.
|
|
|
|
|
func RejectS3Middleware(next http.Handler) http.Handler {
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if len(r.Header.Get("X-Amz-Content-Sha256")) > 0 ||
|
|
|
|
|
len(r.Header.Get("X-Amz-Date")) > 0 ||
|
|
|
|
|
strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") ||
|
|
|
|
|
r.URL.Query().Get("AWSAccessKeyId") != "" {
|
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
|
w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<Error>
|
|
|
|
|
<Code>AccessDenied</Code>
|
|
|
|
|
<Message>S3 API Request made to Console port. S3 Requests should be sent to API port.</Message>
|
|
|
|
|
<RequestId>0</RequestId>
|
|
|
|
|
</Error>
|
|
|
|
|
`))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
})
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
|
2020-11-13 16:26:03 -08:00
|
|
|
func AuthenticationMiddleware(next http.Handler) http.Handler {
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2021-06-03 18:04:08 -07:00
|
|
|
token, err := auth.GetTokenFromRequest(r)
|
|
|
|
|
if err != nil && err != auth.ErrNoAuthToken {
|
|
|
|
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
2020-11-13 16:26:03 -08:00
|
|
|
return
|
|
|
|
|
}
|
2021-06-03 18:04:08 -07:00
|
|
|
// All handlers handle appropriately to return errors
|
|
|
|
|
// based on their swagger rules, we do not need to
|
|
|
|
|
// additionally return error here, let the next ServeHTTPs
|
|
|
|
|
// handle it appropriately.
|
2020-11-13 16:26:03 -08:00
|
|
|
if token != "" {
|
2021-06-03 18:04:08 -07:00
|
|
|
r.Header.Add("Authorization", "Bearer "+token)
|
2020-11-13 16:26:03 -08:00
|
|
|
}
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
// FileServerMiddleware serves files from the static folder
|
|
|
|
|
func FileServerMiddleware(next http.Handler) http.Handler {
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2021-02-16 12:53:18 -08:00
|
|
|
w.Header().Set("Server", globalAppName) // do not add version information
|
2020-04-30 10:50:51 -07:00
|
|
|
switch {
|
|
|
|
|
case strings.HasPrefix(r.URL.Path, "/ws"):
|
|
|
|
|
serveWS(w, r)
|
|
|
|
|
case strings.HasPrefix(r.URL.Path, "/api"):
|
2020-04-01 18:18:57 -07:00
|
|
|
next.ServeHTTP(w, r)
|
2020-04-30 10:50:51 -07:00
|
|
|
default:
|
2021-03-05 10:39:17 -08:00
|
|
|
buildFs, err := fs.Sub(portal_ui.GetStaticAssets(), "build")
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
wrapHandlerSinglePageApplication(http.FileServer(http.FS(buildFs))).ServeHTTP(w, r)
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-05-08 16:36:08 -07:00
|
|
|
|
|
|
|
|
type notFoundRedirectRespWr struct {
|
|
|
|
|
http.ResponseWriter // We embed http.ResponseWriter
|
|
|
|
|
status int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (w *notFoundRedirectRespWr) WriteHeader(status int) {
|
|
|
|
|
w.status = status // Store the status for our own use
|
|
|
|
|
if status != http.StatusNotFound {
|
|
|
|
|
w.ResponseWriter.WriteHeader(status)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (w *notFoundRedirectRespWr) Write(p []byte) (int, error) {
|
|
|
|
|
if w.status != http.StatusNotFound {
|
|
|
|
|
return w.ResponseWriter.Write(p)
|
|
|
|
|
}
|
|
|
|
|
return len(p), nil // Lie that we successfully wrote it
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-13 20:09:19 -07:00
|
|
|
func handleSPA(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
basePath := "/"
|
2021-11-22 21:02:16 -08:00
|
|
|
// For SPA mode we will replace root base with a sub path if configured unless we received cp=y and cpb=/NEW/BASE
|
2021-09-13 20:09:19 -07:00
|
|
|
if v := r.URL.Query().Get("cp"); v == "y" {
|
2021-11-22 21:02:16 -08:00
|
|
|
if base := r.URL.Query().Get("cpb"); base != "" {
|
|
|
|
|
// make sure the subpath has a trailing slash
|
|
|
|
|
if !strings.HasSuffix(base, "/") {
|
|
|
|
|
base = fmt.Sprintf("%s/", base)
|
|
|
|
|
}
|
|
|
|
|
basePath = base
|
|
|
|
|
}
|
2021-09-13 20:09:19 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
indexPage, err := portal_ui.GetStaticAssets().Open("build/index.html")
|
|
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
indexPageBytes, err := io.ReadAll(indexPage)
|
|
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-22 21:02:16 -08:00
|
|
|
// if we have a seeded basePath. This should override CONSOLE_SUBPATH every time, thus the `if else`
|
|
|
|
|
if basePath != "/" {
|
|
|
|
|
indexPageBytes = replaceBaseInIndex(indexPageBytes, basePath)
|
|
|
|
|
// if we have a custom subpath replace it in
|
|
|
|
|
} else if getSubPath() != "/" {
|
|
|
|
|
indexPageBytes = replaceBaseInIndex(indexPageBytes, getSubPath())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mimeType := mimedb.TypeByExtension(filepath.Ext(r.URL.Path))
|
|
|
|
|
|
|
|
|
|
if mimeType == "application/octet-stream" {
|
|
|
|
|
mimeType = "text/html"
|
2021-09-13 20:09:19 -07:00
|
|
|
}
|
|
|
|
|
|
2021-11-22 21:02:16 -08:00
|
|
|
w.Header().Set("Content-Type", mimeType)
|
2021-09-13 20:09:19 -07:00
|
|
|
http.ServeContent(w, r, "index.html", time.Now(), bytes.NewReader(indexPageBytes))
|
|
|
|
|
}
|
2021-09-01 16:56:06 -07:00
|
|
|
|
2020-05-08 16:36:08 -07:00
|
|
|
// wrapHandlerSinglePageApplication handles a http.FileServer returning a 404 and overrides it with index.html
|
|
|
|
|
func wrapHandlerSinglePageApplication(h http.Handler) http.HandlerFunc {
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
2021-09-13 20:09:19 -07:00
|
|
|
if r.URL.Path == "/" {
|
|
|
|
|
handleSPA(w, r)
|
|
|
|
|
return
|
2021-09-07 19:57:00 -05:00
|
|
|
}
|
|
|
|
|
|
2021-09-13 20:09:19 -07:00
|
|
|
w.Header().Set("Content-Type", mimedb.TypeByExtension(filepath.Ext(r.URL.Path)))
|
|
|
|
|
nfw := ¬FoundRedirectRespWr{ResponseWriter: w}
|
|
|
|
|
h.ServeHTTP(nfw, r)
|
|
|
|
|
if nfw.status == http.StatusNotFound {
|
|
|
|
|
handleSPA(w, r)
|
2020-05-08 16:36:08 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-06-07 19:30:53 -07:00
|
|
|
|
2021-06-18 15:40:25 -07:00
|
|
|
type nullWriter struct{}
|
2021-06-15 17:52:39 -07:00
|
|
|
|
2021-06-18 15:40:25 -07:00
|
|
|
func (lw nullWriter) Write(b []byte) (int, error) {
|
2021-06-15 17:52:39 -07:00
|
|
|
return len(b), nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-07 19:30:53 -07:00
|
|
|
// As soon as server is initialized but not run yet, this function will be called.
|
|
|
|
|
// If you need to modify a config, store server instance to stop it individually later, this is the place.
|
|
|
|
|
// This function can be called multiple times, depending on the number of serving schemes.
|
|
|
|
|
// scheme value will be set accordingly: "http", "https" or "unix"
|
2021-06-15 17:52:39 -07:00
|
|
|
func configureServer(s *http.Server, _, _ string) {
|
2021-06-18 15:40:25 -07:00
|
|
|
// Turn-off random logging by Go net/http
|
|
|
|
|
s.ErrorLog = log.New(&nullWriter{}, "", 0)
|
2021-06-07 19:30:53 -07:00
|
|
|
}
|
2021-11-22 21:02:16 -08:00
|
|
|
|
|
|
|
|
func getSubPath() string {
|
|
|
|
|
subPathOnce.Do(func() {
|
2022-01-08 20:56:54 -08:00
|
|
|
if v := env.Get("CONSOLE_SUBPATH", ""); v != "" {
|
|
|
|
|
// Replace all unnecessary `\` to `/`
|
|
|
|
|
// also add pro-actively at the end.
|
|
|
|
|
subPath = filepath.Clean(filepath.ToSlash(v)) + SlashSeparator
|
|
|
|
|
if !strings.HasPrefix(subPath, SlashSeparator) {
|
|
|
|
|
subPath = SlashSeparator + subPath
|
2021-11-22 21:02:16 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
return subPath
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func replaceBaseInIndex(indexPageBytes []byte, basePath string) []byte {
|
2022-03-07 17:30:36 -08:00
|
|
|
if basePath != "" {
|
|
|
|
|
validBasePath := regexp.MustCompile(`^[0-9a-zA-Z\/-]+$`)
|
|
|
|
|
if !validBasePath.MatchString(basePath) {
|
|
|
|
|
return indexPageBytes
|
|
|
|
|
}
|
|
|
|
|
indexPageStr := string(indexPageBytes)
|
|
|
|
|
newBase := fmt.Sprintf("<base href=\"%s\"/>", basePath)
|
|
|
|
|
indexPageStr = strings.Replace(indexPageStr, "<base href=\"/\"/>", newBase, 1)
|
|
|
|
|
indexPageBytes = []byte(indexPageStr)
|
|
|
|
|
|
|
|
|
|
}
|
2021-11-22 21:02:16 -08:00
|
|
|
return indexPageBytes
|
|
|
|
|
}
|