package server import ( "io/fs" "net/http" "github.com/mstarongithub/passkey" "github.com/rs/zerolog/log" "gitlab.com/mstarongitlab/goutils/other" "gitlab.com/mstarongitlab/linstrom/config" "gitlab.com/mstarongitlab/linstrom/storage" ) type Server struct { store *storage.Storage router http.Handler } func NewServer(store *storage.Storage, pkey *passkey.Passkey, reactiveFS, staticFS fs.FS) *Server { handler := buildRootHandler(pkey, reactiveFS, staticFS) handler = ChainMiddlewares(handler, LoggingMiddleware, ContextValsMiddleware(map[any]any{ ContextKeyStorage: store, })) return &Server{ store: store, router: handler, } } func buildRootHandler(pkey *passkey.Passkey, reactiveFS, staticFS fs.FS) http.Handler { mux := http.NewServeMux() mux.Handle( "/webauthn/", http.StripPrefix( "/webauthn", forceCorrectPasskeyAuthFlowMiddleware(buildPasskeyAuthRouter(pkey)), ), ) mux.Handle("/", setupFrontendRouter(reactiveFS, staticFS)) mux.Handle("/pk/", http.StripPrefix("/pk", http.FileServer(http.Dir("pk-auth")))) mux.HandleFunc("/alive", isAliveHandler) profilingHandler := setupProfilingHandler() mux.Handle("/profiling/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Only allow access to profiling if a password is provided and it matches the one in the config if r.FormValue("password") != config.GlobalConfig.Admin.ProfilingPassword { // Specifically reply with a plain 404 http.Error(w, "", 404) return } profilingHandler.ServeHTTP(w, r) })) mux.Handle( "/authonly/", pkey.Auth( ContextKeyPasskeyUsername, nil, func(w http.ResponseWriter, r *http.Request) { other.HttpErr( w, HttpErrIdNotAuthenticated, "Not authenticated", http.StatusUnauthorized, ) }, )(ChainMiddlewares(setupTestEndpoints(), passkeyIdToAccountIdTransformerMiddleware)), ) return mux } func buildPasskeyAuthRouter(pkey *passkey.Passkey) http.Handler { router := http.NewServeMux() pkey.MountRoutes(router, "/") return router } func (s *Server) Start(addr string) error { log.Info().Str("addr", addr).Msg("Starting server") return http.ListenAndServe(addr, s.router) }