104 lines
3.1 KiB
Go
104 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"log"
|
|
"mutating-webhook/internal/certificate"
|
|
"mutating-webhook/internal/config"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
const InvalidMethod string = "Invalid http method."
|
|
|
|
func httpAccessLog(req *http.Request) {
|
|
log.Printf("[TRACE] %s - %s - %s\n", req.Method, req.RemoteAddr, req.RequestURI)
|
|
}
|
|
|
|
func crossSiteOrigin(w http.ResponseWriter) {
|
|
w.Header().Add("Access-Control-Allow-Origin", "*")
|
|
w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
|
|
w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-API-Token")
|
|
}
|
|
|
|
func strictTransport(w http.ResponseWriter) {
|
|
w.Header().Add("Strict-Transport-Security", "max-age=63072000")
|
|
}
|
|
|
|
func httpServer(cfg *config.Config) {
|
|
var serverCertificate tls.Certificate
|
|
if config.DefaultConfig().WebServerCertificate == "" || cfg.WebServerKey == "" {
|
|
log.Printf("[INFO] No webserver certificate configured, automatically generating self signed certificate.")
|
|
serverCertificate = certificate.CreateServerCert()
|
|
} else {
|
|
// read certificate from files
|
|
// check for errors
|
|
}
|
|
path := http.NewServeMux()
|
|
|
|
connection := &http.Server{
|
|
Addr: cfg.WebServerIP + ":" + strconv.FormatInt(int64(cfg.WebServerPort), 10),
|
|
Handler: path,
|
|
ReadTimeout: time.Duration(cfg.WebServerReadTimeout) * time.Second,
|
|
WriteTimeout: time.Duration(cfg.WebServerWriteTimeout) * time.Second,
|
|
IdleTimeout: time.Duration(cfg.WebServerIdleTimeout) * time.Second,
|
|
TLSConfig: &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
CipherSuites: []uint16{
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
},
|
|
Certificates: []tls.Certificate{
|
|
serverCertificate,
|
|
},
|
|
},
|
|
}
|
|
|
|
// healthcheck
|
|
path.HandleFunc("/healthcheck", webHealthCheck)
|
|
// api-endpoint
|
|
path.HandleFunc("/api/v1/mutate", webMutatePod)
|
|
// web root
|
|
path.HandleFunc("/", webRoot)
|
|
|
|
if err := connection.ListenAndServeTLS("", ""); err != nil {
|
|
log.Fatalf("[ERROR] %s\n", err)
|
|
}
|
|
}
|
|
|
|
func webRoot(w http.ResponseWriter, r *http.Request) {
|
|
httpAccessLog(r)
|
|
crossSiteOrigin(w)
|
|
strictTransport(w)
|
|
|
|
switch {
|
|
case strings.ToLower(r.Method) != "get":
|
|
log.Printf("[DEBUG] Request to '/' was made using the wrong method: expected %s, got %s", "GET", strings.ToUpper(r.Method))
|
|
tmpltError(w, http.StatusBadRequest, InvalidMethod)
|
|
case r.URL.Path != "/":
|
|
log.Printf("[DEBUG] Unable to locate requested path: '%s'", r.URL.Path)
|
|
tmpltError(w, http.StatusNotFound, "Requested path not found.")
|
|
default:
|
|
tmpltWebRoot(w)
|
|
}
|
|
}
|
|
|
|
func webHealthCheck(w http.ResponseWriter, r *http.Request) {
|
|
httpAccessLog(r)
|
|
crossSiteOrigin(w)
|
|
strictTransport(w)
|
|
|
|
if strings.ToLower(r.Method) == "get" {
|
|
tmpltHealthCheck(w)
|
|
} else {
|
|
log.Printf("[DEBUG] Request to '/healthcheck' was made using the wrong method: expected %s, got %s", "GET", strings.ToUpper(r.Method))
|
|
tmpltError(w, http.StatusBadRequest, InvalidMethod)
|
|
}
|
|
}
|