8 "github.com/Sirupsen/logrus"
9 "github.com/gin-gonic/gin"
10 "github.com/googollee/go-socket.io"
11 "github.com/iotbzh/xds-agent/lib/apiv1"
12 "github.com/iotbzh/xds-agent/lib/session"
13 "github.com/iotbzh/xds-agent/lib/xdsconfig"
17 type ServerService struct {
20 sIOServer *socketio.Server
21 webApp *gin.RouterGroup
23 sessions *session.Sessions
25 stop chan struct{} // signals intentional stop
28 const indexFilename = "index.html"
29 const cookieMaxAge = "3600"
31 // New creates an instance of ServerService
32 func New(conf *xdsconfig.Config, log *logrus.Logger) *ServerService {
34 // Setup logging for gin router
35 if log.Level == logrus.DebugLevel {
36 gin.SetMode(gin.DebugMode)
38 gin.SetMode(gin.ReleaseMode)
42 // - try to bind gin DefaultWriter & DefaultErrorWriter to logrus logger
43 // - try to fix pb about isTerminal=false when out is in VSC Debug Console
44 //gin.DefaultWriter = ??
45 //gin.DefaultErrorWriter = ??
50 svr := &ServerService{
58 stop: make(chan struct{}),
64 // Serve starts a new instance of the Web Server
65 func (s *ServerService) Serve() error {
69 s.router.Use(gin.Logger())
70 s.router.Use(gin.Recovery())
71 s.router.Use(s.middlewareCORS())
72 s.router.Use(s.middlewareXDSDetails())
73 s.router.Use(s.middlewareCSRF())
76 s.sessions = session.NewClientSessions(s.router, s.log, cookieMaxAge)
78 s.router.GET("", s.slashHandler)
81 s.api = apiv1.New(s.sessions, s.cfg, s.log, s.router)
84 s.sIOServer, err = socketio.NewServer(nil)
89 s.router.GET("/socket.io/", s.socketHandler)
90 s.router.POST("/socket.io/", s.socketHandler)
91 /* TODO: do we want to support ws://... ?
92 s.router.Handle("WS", "/socket.io/", s.socketHandler)
93 s.router.Handle("WSS", "/socket.io/", s.socketHandler)
96 // Serve in the background
97 serveError := make(chan error, 1)
99 fmt.Printf("Web Server running on localhost:%s ...\n", s.cfg.HTTPPort)
100 serveError <- http.ListenAndServe(":"+s.cfg.HTTPPort, s.router)
103 fmt.Printf("XDS agent running...\n")
105 // Wait for stop, restart or error signals
108 // Shutting down permanently
110 s.log.Infoln("shutting down (stop)")
111 case err = <-serveError:
112 // Error due to listen/serve failure
120 func (s *ServerService) Stop() {
124 // serveSlash provides response to GET "/"
125 func (s *ServerService) slashHandler(c *gin.Context) {
126 c.String(200, "Hello from XDS agent!")
129 // Add details in Header
130 func (s *ServerService) middlewareXDSDetails() gin.HandlerFunc {
131 return func(c *gin.Context) {
132 c.Header("XDS-Agent-Version", s.cfg.Version)
133 c.Header("XDS-API-Version", s.cfg.APIVersion)
138 func (s *ServerService) isValidAPIKey(key string) bool {
139 return (key == s.cfg.FileConf.XDSAPIKey && key != "")
142 func (s *ServerService) middlewareCSRF() gin.HandlerFunc {
143 return func(c *gin.Context) {
144 // Allow requests carrying a valid API key
145 if s.isValidAPIKey(c.Request.Header.Get("X-API-Key")) {
146 // Set the access-control-allow-origin header for CORS requests
147 // since a valid API key has been provided
148 c.Header("Access-Control-Allow-Origin", "*")
153 // Allow io.socket request
154 if strings.HasPrefix(c.Request.URL.Path, "/socket.io") {
159 /* FIXME Add really CSRF support
161 // Allow requests for anything not under the protected path prefix,
162 // and set a CSRF cookie if there isn't already a valid one.
163 if !strings.HasPrefix(c.Request.URL.Path, prefix) {
164 cookie, err := c.Cookie("CSRF-Token-" + unique)
165 if err != nil || !validCsrfToken(cookie.Value) {
166 s.log.Debugln("new CSRF cookie in response to request for", c.Request.URL)
167 c.SetCookie("CSRF-Token-"+unique, newCsrfToken(), 600, "/", "", false, false)
173 // Verify the CSRF token
174 token := c.Request.Header.Get("X-CSRF-Token-" + unique)
175 if !validCsrfToken(token) {
176 c.AbortWithError(403, "CSRF Error")
182 c.AbortWithError(403, fmt.Errorf("Not valid API key"))
187 func (s *ServerService) middlewareCORS() gin.HandlerFunc {
188 return func(c *gin.Context) {
189 if c.Request.Method == "OPTIONS" {
190 c.Header("Access-Control-Allow-Origin", "*")
191 c.Header("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
192 c.Header("Access-Control-Allow-Methods", "GET, POST, DELETE")
193 c.Header("Access-Control-Max-Age", cookieMaxAge)
194 c.AbortWithStatus(204)
201 // socketHandler is the handler for the "main" websocket connection
202 func (s *ServerService) socketHandler(c *gin.Context) {
204 // Retrieve user session
205 sess := s.sessions.Get(c)
207 c.JSON(500, gin.H{"error": "Cannot retrieve session"})
211 s.sIOServer.On("connection", func(so socketio.Socket) {
212 s.log.Debugf("WS Connected (SID=%v)", so.Id())
213 s.sessions.UpdateIOSocket(sess.ID, &so)
215 so.On("disconnection", func() {
216 s.log.Debugf("WS disconnected (SID=%v)", so.Id())
217 s.sessions.UpdateIOSocket(sess.ID, nil)
221 s.sIOServer.On("error", func(so socketio.Socket, err error) {
222 s.log.Errorf("WS SID=%v Error : %v", so.Id(), err.Error())
225 s.sIOServer.ServeHTTP(c.Writer, c.Request)