| 1 | // SPDX-License-Identifier: AGPL-3.0-or-later |
| 2 | |
| 3 | // Package web boots the shithub HTTP server. The full middleware stack |
| 4 | // (recover, request_id, logging, real-IP, timeout, compress, secure |
| 5 | // headers, CSRF, session, CORS, metrics, tracing), the chi router, the |
| 6 | // session store, the styled error pages, and the observability sinks |
| 7 | // (logging, metrics, tracing, error reporting) are composed here. |
| 8 | package web |
| 9 | |
| 10 | import ( |
| 11 | "context" |
| 12 | "encoding/base64" |
| 13 | "errors" |
| 14 | "fmt" |
| 15 | "log/slog" |
| 16 | "net/http" |
| 17 | "os" |
| 18 | "os/signal" |
| 19 | "syscall" |
| 20 | "time" |
| 21 | |
| 22 | "github.com/go-chi/chi/v5" |
| 23 | "github.com/jackc/pgx/v5/pgxpool" |
| 24 | "golang.org/x/crypto/chacha20poly1305" |
| 25 | |
| 26 | "github.com/tenseleyFlow/shithub/internal/auth/session" |
| 27 | "github.com/tenseleyFlow/shithub/internal/infra/config" |
| 28 | "github.com/tenseleyFlow/shithub/internal/infra/db" |
| 29 | "github.com/tenseleyFlow/shithub/internal/infra/errrep" |
| 30 | infralog "github.com/tenseleyFlow/shithub/internal/infra/log" |
| 31 | "github.com/tenseleyFlow/shithub/internal/infra/metrics" |
| 32 | "github.com/tenseleyFlow/shithub/internal/infra/tracing" |
| 33 | "github.com/tenseleyFlow/shithub/internal/web/handlers" |
| 34 | "github.com/tenseleyFlow/shithub/internal/web/middleware" |
| 35 | ) |
| 36 | |
| 37 | // Options configures the web server. Addr overrides config when non-empty |
| 38 | // (preserves the existing --addr CLI flag behavior). |
| 39 | type Options struct { |
| 40 | Addr string |
| 41 | } |
| 42 | |
| 43 | // Run boots the web server and blocks until shutdown. |
| 44 | func Run(ctx context.Context, opts Options) error { |
| 45 | cfg, err := config.Load(nil) |
| 46 | if err != nil { |
| 47 | return err |
| 48 | } |
| 49 | if opts.Addr != "" { |
| 50 | cfg.Web.Addr = opts.Addr |
| 51 | } |
| 52 | |
| 53 | logger := infralog.New(infralog.Options{ |
| 54 | Level: cfg.Log.Level, |
| 55 | Format: cfg.Log.Format, |
| 56 | Writer: os.Stderr, |
| 57 | }) |
| 58 | |
| 59 | // Error reporting (no-op when DSN empty). |
| 60 | flushErrRep, err := errrep.Init(errrep.Config{ |
| 61 | DSN: cfg.ErrorReporting.DSN, |
| 62 | Environment: cfg.ErrorReporting.Environment, |
| 63 | Release: cfg.ErrorReporting.Release, |
| 64 | }) |
| 65 | if err != nil { |
| 66 | return fmt.Errorf("errrep: %w", err) |
| 67 | } |
| 68 | defer func() { _ = flushErrRep(context.Background()) }() |
| 69 | if cfg.ErrorReporting.DSN != "" { |
| 70 | // Wrap the slog handler so error-level records are reported. |
| 71 | // We rebuild the logger so every component that pulls it from |
| 72 | // here gets the wrapped chain. |
| 73 | logger = slog.New(&errrep.SlogHandler{Inner: logger.Handler()}) |
| 74 | } |
| 75 | |
| 76 | // Tracing (no-op when disabled). |
| 77 | flushTracing, err := tracing.Init(ctx, tracing.Config{ |
| 78 | Enabled: cfg.Tracing.Enabled, |
| 79 | Endpoint: cfg.Tracing.Endpoint, |
| 80 | SampleRate: cfg.Tracing.SampleRate, |
| 81 | ServiceName: cfg.Tracing.ServiceName, |
| 82 | }) |
| 83 | if err != nil { |
| 84 | return fmt.Errorf("tracing: %w", err) |
| 85 | } |
| 86 | defer func() { _ = flushTracing(context.Background()) }() |
| 87 | |
| 88 | logoBytes, err := LogoSVG() |
| 89 | if err != nil { |
| 90 | return fmt.Errorf("load logo: %w", err) |
| 91 | } |
| 92 | |
| 93 | sessionStore, err := buildSessionStore(cfg.Session, logger) |
| 94 | if err != nil { |
| 95 | return err |
| 96 | } |
| 97 | |
| 98 | // Optional DB pool (carried over from S01); now driven by config. |
| 99 | var pool *pgxpool.Pool |
| 100 | if cfg.DB.URL != "" { |
| 101 | //nolint:gosec // G115: max_conns is operator-configured with small numeric values (typ. 10–100). |
| 102 | p, err := db.Open(ctx, db.Config{ |
| 103 | URL: cfg.DB.URL, |
| 104 | MaxConns: int32(cfg.DB.MaxConns), |
| 105 | MinConns: int32(cfg.DB.MinConns), |
| 106 | ConnectTimeout: cfg.DB.ConnectTimeout, |
| 107 | }) |
| 108 | if err != nil { |
| 109 | logger.Warn("db: open failed; /readyz will report unhealthy", "error", err) |
| 110 | } else { |
| 111 | pool = p |
| 112 | defer p.Close() |
| 113 | metrics.ObserveDBPool(ctx, pool, 10*time.Second) |
| 114 | } |
| 115 | } |
| 116 | |
| 117 | r := chi.NewRouter() |
| 118 | |
| 119 | // Middleware stack — outermost first. |
| 120 | r.Use(middleware.RequestID) |
| 121 | r.Use(middleware.RealIP(middleware.RealIPConfig{})) |
| 122 | r.Use(middleware.AccessLog(logger)) |
| 123 | r.Use(middleware.Metrics) |
| 124 | if cfg.Tracing.Enabled { |
| 125 | r.Use(tracing.Middleware) |
| 126 | } |
| 127 | r.Use(middleware.SecureHeaders(middleware.DefaultSecureHeaders())) |
| 128 | // Compress + Timeout are NOT global: the smart-HTTP git routes need |
| 129 | // to stream uncompressed pack data for many minutes. RegisterChi |
| 130 | // applies them inside the CSRF-exempt and CSRF-protected groups but |
| 131 | // skips the git group. |
| 132 | r.Use(middleware.SessionLoader(sessionStore, logger)) |
| 133 | if pool != nil { |
| 134 | r.Use(middleware.OptionalUser(usernameLookup(pool))) |
| 135 | } |
| 136 | |
| 137 | deps := handlers.Deps{ |
| 138 | Logger: logger, |
| 139 | TemplatesFS: TemplatesFS(), |
| 140 | StaticFS: StaticFS(), |
| 141 | LogoSVG: string(logoBytes), |
| 142 | SessionStore: sessionStore, |
| 143 | } |
| 144 | if pool != nil { |
| 145 | deps.ReadyCheck = func(ctx context.Context) error { return pool.Ping(ctx) } |
| 146 | } |
| 147 | if cfg.Metrics.Enabled { |
| 148 | deps.MetricsHandler = metrics.Handler(cfg.Metrics.BasicAuthUser, cfg.Metrics.BasicAuthPass) |
| 149 | } |
| 150 | |
| 151 | if pool != nil { |
| 152 | objectStore, err := buildObjectStore(cfg.Storage.S3, logger) |
| 153 | if err != nil { |
| 154 | return fmt.Errorf("object store: %w", err) |
| 155 | } |
| 156 | |
| 157 | auth, err := buildAuthHandlers(cfg, pool, sessionStore, objectStore, logger, deps.TemplatesFS) |
| 158 | if err != nil { |
| 159 | return fmt.Errorf("auth handlers: %w", err) |
| 160 | } |
| 161 | deps.AuthMounter = auth.Mount |
| 162 | |
| 163 | api, err := buildAPIHandlers(pool) |
| 164 | if err != nil { |
| 165 | return fmt.Errorf("api handlers: %w", err) |
| 166 | } |
| 167 | deps.APIMounter = api.Mount |
| 168 | |
| 169 | profile, err := buildProfileHandlers(pool, objectStore, deps.TemplatesFS, logger) |
| 170 | if err != nil { |
| 171 | return fmt.Errorf("profile handlers: %w", err) |
| 172 | } |
| 173 | deps.AvatarMounter = profile.MountAvatars |
| 174 | deps.ProfileMounter = profile.MountProfile |
| 175 | |
| 176 | repoH, err := buildRepoHandlers(cfg, pool, deps.TemplatesFS, logger) |
| 177 | if err != nil { |
| 178 | return fmt.Errorf("repo handlers: %w", err) |
| 179 | } |
| 180 | // /new is wrapped in RequireUser — it requires a logged-in caller. |
| 181 | deps.RepoNewMounter = func(r chi.Router) { |
| 182 | r.Group(func(r chi.Router) { |
| 183 | r.Use(middleware.RequireUser) |
| 184 | repoH.MountNew(r) |
| 185 | }) |
| 186 | } |
| 187 | deps.RepoHomeMounter = repoH.MountRepoHome |
| 188 | |
| 189 | gitHTTPH, err := buildGitHTTPHandlers(cfg, pool, logger) |
| 190 | if err != nil { |
| 191 | return fmt.Errorf("git-http handlers: %w", err) |
| 192 | } |
| 193 | deps.GitHTTPMounter = gitHTTPH.MountSmartHTTP |
| 194 | } else { |
| 195 | logger.Warn("auth: no DB pool — signup/login routes not mounted") |
| 196 | } |
| 197 | |
| 198 | _, panicHandler, notFoundHandler, err := handlers.RegisterChi(r, deps) |
| 199 | if err != nil { |
| 200 | return fmt.Errorf("register handlers: %w", err) |
| 201 | } |
| 202 | r.NotFound(notFoundHandler) |
| 203 | |
| 204 | rootHandler := middleware.Recover(logger, panicHandler)(r) |
| 205 | |
| 206 | srv := &http.Server{ |
| 207 | Addr: cfg.Web.Addr, |
| 208 | Handler: rootHandler, |
| 209 | ReadHeaderTimeout: 10 * time.Second, |
| 210 | ReadTimeout: cfg.Web.ReadTimeout, |
| 211 | WriteTimeout: cfg.Web.WriteTimeout, |
| 212 | IdleTimeout: 120 * time.Second, |
| 213 | } |
| 214 | |
| 215 | errCh := make(chan error, 1) |
| 216 | go func() { |
| 217 | logger.Info( |
| 218 | "shithub web server starting", |
| 219 | "addr", srv.Addr, |
| 220 | "env", cfg.Env, |
| 221 | "db", pool != nil, |
| 222 | "metrics", cfg.Metrics.Enabled, |
| 223 | "tracing", cfg.Tracing.Enabled, |
| 224 | "errrep", cfg.ErrorReporting.DSN != "", |
| 225 | ) |
| 226 | if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) { |
| 227 | errCh <- err |
| 228 | } |
| 229 | close(errCh) |
| 230 | }() |
| 231 | |
| 232 | sigCh := make(chan os.Signal, 1) |
| 233 | signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM) |
| 234 | defer signal.Stop(sigCh) |
| 235 | |
| 236 | select { |
| 237 | case err, ok := <-errCh: |
| 238 | if !ok { |
| 239 | return nil |
| 240 | } |
| 241 | return err |
| 242 | case sig := <-sigCh: |
| 243 | logger.Info("shutdown signal received", "signal", sig.String()) |
| 244 | case <-ctx.Done(): |
| 245 | logger.Info("context canceled, shutting down") |
| 246 | } |
| 247 | |
| 248 | shutdownCtx, cancel := context.WithTimeout(context.Background(), cfg.Web.ShutdownTimeout) |
| 249 | defer cancel() |
| 250 | if err := srv.Shutdown(shutdownCtx); err != nil { |
| 251 | return fmt.Errorf("shutdown: %w", err) |
| 252 | } |
| 253 | return nil |
| 254 | } |
| 255 | |
| 256 | // buildSessionStore constructs the cookie session store from the config's |
| 257 | // session block. SHITHUB_SESSION_KEY (env) overrides cfg.KeyB64 when set. |
| 258 | func buildSessionStore(cfg config.SessionConfig, logger *slog.Logger) (session.Store, error) { |
| 259 | keyB64 := os.Getenv("SHITHUB_SESSION_KEY") |
| 260 | if keyB64 == "" { |
| 261 | keyB64 = cfg.KeyB64 |
| 262 | } |
| 263 | var key []byte |
| 264 | if keyB64 != "" { |
| 265 | decoded, err := base64.StdEncoding.DecodeString(keyB64) |
| 266 | if err != nil { |
| 267 | return nil, fmt.Errorf("session key: invalid base64: %w", err) |
| 268 | } |
| 269 | if len(decoded) != chacha20poly1305.KeySize { |
| 270 | return nil, fmt.Errorf("session key: must be %d bytes, got %d", |
| 271 | chacha20poly1305.KeySize, len(decoded)) |
| 272 | } |
| 273 | key = decoded |
| 274 | } else { |
| 275 | generated, err := session.GenerateKey() |
| 276 | if err != nil { |
| 277 | return nil, fmt.Errorf("session key: generate: %w", err) |
| 278 | } |
| 279 | key = generated |
| 280 | logger.Warn( |
| 281 | "session: no key configured; generated an ephemeral key (sessions will not survive restart)", |
| 282 | "hint", "set SHITHUB_SESSION_KEY=<base64 32-byte> or session.key_b64 in production", |
| 283 | ) |
| 284 | } |
| 285 | store, err := session.NewCookieStore(session.CookieStoreConfig{ |
| 286 | Key: key, |
| 287 | MaxAge: cfg.MaxAge, |
| 288 | Secure: cfg.Secure, |
| 289 | }) |
| 290 | if err != nil { |
| 291 | return nil, fmt.Errorf("session: build store: %w", err) |
| 292 | } |
| 293 | return store, nil |
| 294 | } |
| 295 |