-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.go
153 lines (128 loc) · 5.11 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package main
import (
"net/http"
"strconv"
"strings"
"time"
"github.com/gorilla/mux"
"github.com/gorilla/securecookie"
"github.com/prometheus/client_golang/prometheus/promhttp"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/savaki/dynastore"
"github.com/weirdtangent/myaws"
)
func main() {
// setup logging -------------------------------------------------------------
zerolog.SetGlobalLevel(zerolog.InfoLevel)
// alter the caller() return to only include the last directory
zerolog.CallerMarshalFunc = func(file string, line int) string {
parts := strings.Split(file, "/")
if len(parts) > 1 {
return strings.Join(parts[len(parts)-2:], "/") + ":" + strconv.Itoa(line)
}
return file + ":" + strconv.Itoa(line)
}
log.Logger = log.With().Caller().Logger()
// grab config ---------------------------------------------------------------
awsConfig, err := myaws.AWSConfig("us-east-1")
if err != nil {
log.Fatal().Err(err).Msg("failed to find us-east-1 configuration")
}
// connect to AWS
awssess, err := myaws.AWSConnect("us-east-1", "pinpoint")
if err != nil {
log.Fatal().Err(err).Msg("failed to connect to AWS")
}
// connect to MySQL
db := myaws.DBMustConnect(awssess, "pinpoint")
_, err = db.Exec("SET NAMES utf8mb4 COLLATE utf8mb4_general_ci")
if err != nil {
log.Fatal().Err(err).Msg("failed to switch RDS to UTF8")
}
// connect to Dynamo
ddb, err := myaws.DDBConnect(awssess)
if err != nil {
log.Fatal().Err(err).Msg("failed to connect to DDB")
}
var secrets = make(map[string]string)
// Cookie setup for sessionID ------------------------------------------------
cookieAuthKey, err := myaws.AWSGetSecretKV(awssess, "pinpoint", "cookie_auth_key")
if err != nil {
log.Fatal().Err(err).Msg("failed to retrieve secret")
}
// The hashKey is required, used to authenticate the cookie value using HMAC. It is
// recommended to use a key with 32 or 64 bytes.
secrets["cookie_auth_key"] = *cookieAuthKey
cookieEncryptionKey, err := myaws.AWSGetSecretKV(awssess, "pinpoint", "cookie_encryption_key")
if err != nil {
log.Fatal().Err(err).Msg("failed to retrieve secret")
}
// The blockKey is optional, used to encrypt the cookie value -- set it to nil to
// not use encryption. If set, the length must correspond to the block size of the
// encryption algorithm. For AES, used by default, valid lengths are 16, 24, or 32
// bytes to select AES-128, AES-192, or AES-256.
secrets["cookie_encryption_key"] = *cookieEncryptionKey
var hashKey = []byte(*cookieAuthKey)
var blockKey = []byte(*cookieEncryptionKey)
var secureCookie = securecookie.New(hashKey, blockKey)
// Cache all other secrets into global map -----------------------------------
// github OAuth key
githubOAuthKey, err := myaws.AWSGetSecretKV(awssess, "pinpoint", "github_oauth_key")
if err != nil {
log.Fatal().Err(err).Msg("failed to retrieve secret")
}
secrets["github_oauth_key"] = *githubOAuthKey
// get yahoofinance api access key and host
google_maps_api_key, err := myaws.AWSGetSecretKV(awssess, "pinpoint", "google_maps_api_key")
if err != nil {
log.Fatal().Err(err).
Msg("failed to get Google Maps API key")
}
secrets["google_maps_api_key"] = *google_maps_api_key
// Initialize session manager and configure the session lifetime -------------
store, err := dynastore.New(
dynastore.AWSConfig(awsConfig),
dynastore.DynamoDB(ddb),
dynastore.TableName("pinpoint-session"),
dynastore.Secure(),
dynastore.HTTPOnly(),
dynastore.Domain("www.pinpointshooting.com"),
dynastore.Path("/"),
dynastore.MaxAge(31*24*60*60),
dynastore.Codecs(secureCookie),
)
if err != nil {
log.Fatal().Err(err).Msg("failed to setup session management")
}
// auth api setup ---------------------------------------------------------
// starting up web service ---------------------------------------------------
log.Info().Int("port", 3000).Msg("Started serving requests")
// setup middleware chain
router := mux.NewRouter()
router.PathPrefix("/static/").Handler(http.StripPrefix("/static/", http.FileServer(http.Dir("static/"))))
router.PathPrefix("/favicon.ico").Handler(http.FileServer(http.Dir("static/images")))
router.HandleFunc("/ping", pingHandler()).Methods("GET")
router.HandleFunc("/internal/cspviolations", JSONReportHandler()).Methods("GET")
router.Handle("/metrics", promhttp.Handler())
router.HandleFunc("/about", homeHandler("about")).Methods("GET")
router.HandleFunc("/terms", homeHandler("terms")).Methods("GET")
router.HandleFunc("/privacy", homeHandler("privacy")).Methods("GET")
router.HandleFunc("/", homeHandler("home")).Methods("GET")
// middleware chain
chainedMux1 := withSession(store, router) // deepest level, last to run
chainedMux2 := withAddHeader(chainedMux1)
chainedMux3 := withAddContext(chainedMux2, awssess, db, secureCookie, secrets)
chainedMux4 := withLogging(chainedMux3) // outer level, first to run
// starup or die
server := &http.Server{
Handler: chainedMux4,
Addr: ":3000",
WriteTimeout: 15 * time.Second,
ReadTimeout: 15 * time.Second,
}
if err = server.ListenAndServe(); err != nil {
log.Fatal().Err(err).
Msg("Stopped serving requests")
}
}