10 "github.com/Sirupsen/logrus"
11 "github.com/gin-contrib/static"
12 "github.com/gin-gonic/gin"
13 "github.com/googollee/go-socket.io"
17 type WebServer struct {
21 sIOServer *socketio.Server
22 webApp *gin.RouterGroup
23 stop chan struct{} // signals intentional stop
26 const indexFilename = "index.html"
28 // NewWebServer creates an instance of WebServer
29 func NewWebServer(ctx *Context) *WebServer {
31 // Setup logging for gin router
32 if ctx.Log.Level == logrus.DebugLevel {
33 gin.SetMode(gin.DebugMode)
35 gin.SetMode(gin.ReleaseMode)
38 // Redirect gin logs into another logger (LogVerboseOut may be stderr or a file)
39 gin.DefaultWriter = ctx.Config.LogVerboseOut
40 gin.DefaultErrorWriter = ctx.Config.LogVerboseOut
41 log.SetOutput(ctx.Config.LogVerboseOut)
52 stop: make(chan struct{}),
58 // Serve starts a new instance of the Web Server
59 func (s *WebServer) Serve() error {
63 s.router.Use(gin.Logger())
64 s.router.Use(gin.Recovery())
65 s.router.Use(s.middlewareCORS())
66 s.router.Use(s.middlewareXDSDetails())
67 s.router.Use(s.middlewareCSRF())
70 s.api = NewAPIV1(s.Context)
72 // Create connections to XDS Servers
73 // XXX - not sure there is no side effect to do it in background !
75 for _, svrCfg := range s.Config.FileConf.ServersConf {
76 if svr, err := s.api.AddXdsServer(svrCfg); err != nil {
77 // Just log error, don't consider as critical
78 s.Log.Infof("Cannot connect to XDS Server url=%s: %v", svr.BaseURL, err.Error())
84 s.sIOServer, err = socketio.NewServer(nil)
89 s.router.GET("/socket.io/", s.socketHandler)
90 s.router.POST("/socket.io/", s.socketHandler)
91 /* TODO: do we want to support ws://... ?
92 s.router.Handle("WS", "/socket.io/", s.socketHandler)
93 s.router.Handle("WSS", "/socket.io/", s.socketHandler)
96 // Web Application (serve on / )
97 idxFile := path.Join(s.Config.FileConf.WebAppDir, indexFilename)
98 if _, err := os.Stat(idxFile); err != nil {
99 s.Log.Fatalln("Web app directory not found, check/use webAppDir setting in config file: ", idxFile)
101 s.Log.Infof("Serve WEB app dir: %s", s.Config.FileConf.WebAppDir)
102 s.router.Use(static.Serve("/", static.LocalFile(s.Config.FileConf.WebAppDir, true)))
103 s.webApp = s.router.Group("/", s.serveIndexFile)
108 // Serve in the background
109 serveError := make(chan error, 1)
111 fmt.Printf("Web Server running on localhost:%s ...\n", s.Config.FileConf.HTTPPort)
112 serveError <- http.ListenAndServe(":"+s.Config.FileConf.HTTPPort, s.router)
115 fmt.Printf("XDS agent running...\n")
117 // Wait for stop, restart or error signals
120 // Shutting down permanently
122 s.Log.Infoln("shutting down (stop)")
123 case err = <-serveError:
124 // Error due to listen/serve failure
132 func (s *WebServer) Stop() {
137 // serveIndexFile provides initial file (eg. index.html) of webapp
138 func (s *WebServer) serveIndexFile(c *gin.Context) {
139 c.HTML(200, indexFilename, gin.H{})
142 // Add details in Header
143 func (s *WebServer) middlewareXDSDetails() gin.HandlerFunc {
144 return func(c *gin.Context) {
145 c.Header("XDS-Agent-Version", s.Config.Version)
146 c.Header("XDS-API-Version", s.Config.APIVersion)
151 func (s *WebServer) isValidAPIKey(key string) bool {
152 return (s.Config.FileConf.XDSAPIKey != "" && key == s.Config.FileConf.XDSAPIKey)
155 func (s *WebServer) middlewareCSRF() gin.HandlerFunc {
156 return func(c *gin.Context) {
157 // XXX - not used for now
161 // Allow requests carrying a valid API key
162 if s.isValidAPIKey(c.Request.Header.Get("X-API-Key")) {
163 // Set the access-control-allow-origin header for CORS requests
164 // since a valid API key has been provided
165 c.Header("Access-Control-Allow-Origin", "*")
170 // Allow io.socket request
171 if strings.HasPrefix(c.Request.URL.Path, "/socket.io") {
176 // FIXME Add really CSRF support
178 // Allow requests for anything not under the protected path prefix,
179 // and set a CSRF cookie if there isn't already a valid one.
180 //if !strings.HasPrefix(c.Request.URL.Path, prefix) {
181 // cookie, err := c.Cookie("CSRF-Token-" + unique)
182 // if err != nil || !validCsrfToken(cookie.Value) {
183 // s.Log.Debugln("new CSRF cookie in response to request for", c.Request.URL)
184 // c.SetCookie("CSRF-Token-"+unique, newCsrfToken(), 600, "/", "", false, false)
190 // Verify the CSRF token
191 //token := c.Request.Header.Get("X-CSRF-Token-" + unique)
192 //if !validCsrfToken(token) {
193 // c.AbortWithError(403, "CSRF Error")
199 c.AbortWithError(403, fmt.Errorf("Not valid API key"))
205 func (s *WebServer) middlewareCORS() gin.HandlerFunc {
206 return func(c *gin.Context) {
207 if c.Request.Method == "OPTIONS" {
208 c.Header("Access-Control-Allow-Origin", "*")
209 c.Header("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
210 c.Header("Access-Control-Allow-Methods", "GET, POST, DELETE")
211 c.Header("Access-Control-Max-Age", cookieMaxAge)
212 c.AbortWithStatus(204)
219 // socketHandler is the handler for the "main" websocket connection
220 func (s *WebServer) socketHandler(c *gin.Context) {
222 // Retrieve user session
223 sess := s.sessions.Get(c)
225 c.JSON(500, gin.H{"error": "Cannot retrieve session"})
229 s.sIOServer.On("connection", func(so socketio.Socket) {
230 s.Log.Debugf("WS Connected (SID=%v)", so.Id())
231 s.sessions.UpdateIOSocket(sess.ID, &so)
233 so.On("disconnection", func() {
234 s.Log.Debugf("WS disconnected (SID=%v)", so.Id())
235 s.sessions.UpdateIOSocket(sess.ID, nil)
239 s.sIOServer.On("error", func(so socketio.Socket, err error) {
240 s.Log.Errorf("WS SID=%v Error : %v", so.Id(), err.Error())
243 s.sIOServer.ServeHTTP(c.Writer, c.Request)