mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-14 08:09:55 -06:00
b24d126b30
TLS for the services can be configure by setting the "OCIS_HTTP_TLS_ENABLED", "OCIS_HTTP_TLS_CERTIFICATE" and "OCIS_HTTP_TLS_KEY" environment variables. Currently the ocis proxy is this only service that directly accesses backend services. It determines whether to use TLS or not by looking a the new registry metadata "use_tls". As specific CA Cert for certificate verification can be set with the "PROXY_HTTPS_CACERT" environment variable.
95 lines
2.6 KiB
Go
95 lines
2.6 KiB
Go
package http
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
chimiddleware "github.com/go-chi/chi/v5/middleware"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/account"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/cors"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/service/http"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/version"
|
|
settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
|
|
"github.com/owncloud/ocis/v2/services/settings/pkg/assets"
|
|
svc "github.com/owncloud/ocis/v2/services/settings/pkg/service/v0"
|
|
"go-micro.dev/v4"
|
|
)
|
|
|
|
// Server initializes the http service and server.
|
|
func Server(opts ...Option) (http.Service, error) {
|
|
options := newOptions(opts...)
|
|
|
|
service, err := http.NewService(
|
|
http.TLSConfig(options.Config.HTTP.TLS),
|
|
http.Logger(options.Logger),
|
|
http.Name(options.Name),
|
|
http.Version(version.GetString()),
|
|
http.Address(options.Config.HTTP.Addr),
|
|
http.Namespace(options.Config.HTTP.Namespace),
|
|
http.Context(options.Context),
|
|
http.Flags(options.Flags...),
|
|
)
|
|
if err != nil {
|
|
options.Logger.Error().
|
|
Err(err).
|
|
Msg("Error initializing http service")
|
|
return http.Service{}, fmt.Errorf("could not initialize http service: %w", err)
|
|
}
|
|
|
|
handle := svc.NewService(options.Config, options.Logger)
|
|
|
|
{
|
|
handle = svc.NewInstrument(handle, options.Metrics)
|
|
handle = svc.NewLogging(handle, options.Logger)
|
|
handle = svc.NewTracing(handle)
|
|
}
|
|
|
|
mux := chi.NewMux()
|
|
|
|
mux.Use(chimiddleware.RealIP)
|
|
mux.Use(chimiddleware.RequestID)
|
|
mux.Use(middleware.NoCache)
|
|
mux.Use(middleware.Cors(
|
|
cors.Logger(options.Logger),
|
|
cors.AllowedOrigins(options.Config.HTTP.CORS.AllowedOrigins),
|
|
cors.AllowedMethods(options.Config.HTTP.CORS.AllowedMethods),
|
|
cors.AllowedHeaders(options.Config.HTTP.CORS.AllowedHeaders),
|
|
cors.AllowCredentials(options.Config.HTTP.CORS.AllowCredentials),
|
|
))
|
|
mux.Use(middleware.Secure)
|
|
mux.Use(middleware.ExtractAccountUUID(
|
|
account.Logger(options.Logger),
|
|
account.JWTSecret(options.Config.TokenManager.JWTSecret)),
|
|
)
|
|
|
|
mux.Use(middleware.Version(
|
|
options.Name,
|
|
version.GetString(),
|
|
))
|
|
|
|
mux.Use(middleware.Logger(
|
|
options.Logger,
|
|
))
|
|
|
|
mux.Use(middleware.Static(
|
|
options.Config.HTTP.Root,
|
|
assets.New(
|
|
assets.Logger(options.Logger),
|
|
assets.Config(options.Config),
|
|
),
|
|
options.Config.HTTP.CacheTTL,
|
|
))
|
|
|
|
mux.Route(options.Config.HTTP.Root, func(r chi.Router) {
|
|
settingssvc.RegisterBundleServiceWeb(r, handle)
|
|
settingssvc.RegisterValueServiceWeb(r, handle)
|
|
settingssvc.RegisterRoleServiceWeb(r, handle)
|
|
settingssvc.RegisterPermissionServiceWeb(r, handle)
|
|
})
|
|
|
|
micro.RegisterHandler(service.Server(), mux)
|
|
|
|
return service, nil
|
|
}
|