-
Notifications
You must be signed in to change notification settings - Fork 9
/
main.go
64 lines (53 loc) · 1.37 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Copyright 2021 Zenauth Ltd.
// SPDX-License-Identifier: Apache-2.0
package main
import (
"context"
"crypto/tls"
"flag"
"log"
"net/http"
"os"
"os/signal"
"github.com/cerbos/demo-rest/service"
)
func main() {
listenAddr := flag.String("listen", ":9999", "Address to listen on")
certFile := flag.String("tlscert", "", "TLS certificate")
keyFile := flag.String("tlskey", "", "TLS Key")
cerbosAddr := flag.String("cerbos", "localhost:3593", "Address of the Cerbos server")
flag.Parse()
// Create the service
svc, err := service.New(*cerbosAddr)
if err != nil {
log.Fatalf("Failed to create service: %v", err)
}
srv := &http.Server{
Addr: *listenAddr,
Handler: svc.Handler(),
}
log.Printf("Listening on %s", *listenAddr)
if *certFile != "" && *keyFile != "" {
srv.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS13,
PreferServerCipherSuites: true,
NextProtos: []string{"h2"},
}
go func() {
if err := srv.ListenAndServeTLS(*certFile, *keyFile); err != http.ErrServerClosed {
panic(err)
}
}()
} else {
log.Printf("WARNING: HTTP server is insecure")
go func() {
if err := srv.ListenAndServe(); err != http.ErrServerClosed {
panic(err)
}
}()
}
ctx, stopFunc := signal.NotifyContext(context.Background(), os.Interrupt)
defer stopFunc()
<-ctx.Done()
srv.Shutdown(context.Background())
}