linstrom/server/server.go

package server

import (
	"io/fs"
	"net/http"

	"github.com/mstarongithub/passkey"
	"github.com/rs/zerolog/log"
	"gitlab.com/mstarongitlab/goutils/other"
	"gitlab.com/mstarongitlab/linstrom/config"
	"gitlab.com/mstarongitlab/linstrom/storage"
)

type Server struct {
	store  *storage.Storage
	router http.Handler
}

func NewServer(store *storage.Storage, pkey *passkey.Passkey, reactiveFS, staticFS fs.FS) *Server {
	handler := buildRootHandler(pkey, reactiveFS, staticFS)
	handler = ChainMiddlewares(handler, LoggingMiddleware, ContextValsMiddleware(map[any]any{
		ContextKeyStorage: store,
	}))
	return &Server{
		store:  store,
		router: handler,
	}
}

func buildRootHandler(pkey *passkey.Passkey, reactiveFS, staticFS fs.FS) http.Handler {
	mux := http.NewServeMux()
	pkey.MountRoutes(mux, "/webauthn/")
	mux.Handle("/", setupFrontendRouter(reactiveFS, staticFS))
	mux.Handle("/pk/", http.StripPrefix("/pk", http.FileServer(http.Dir("pk-auth"))))
	mux.HandleFunc("/alive", isAliveHandler)

	profilingHandler := setupProfilingHandler()
	mux.Handle("/profiling/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Only allow access to profiling if a password is provided and it matches the one in the config
		if r.FormValue("password") != config.GlobalConfig.Admin.ProfilingPassword {
			// Specifically reply with a plain 404
			http.Error(w, "", 404)
			return
		}
		profilingHandler.ServeHTTP(w, r)
	}))
	mux.Handle(
		"/authonly/",
		pkey.Auth(
			ContextKeyPasskeyUsername,
			nil,
			func(w http.ResponseWriter, r *http.Request) {
				other.HttpErr(
					w,
					HttpErrIdNotAuthenticated,
					"Not authenticated",
					http.StatusUnauthorized,
				)
			},
		)(ChainMiddlewares(setupTestEndpoints(), passkeyIdToAccountIdTransformerMiddleware)),
	)

	return mux
}

func (s *Server) Start(addr string) error {
	log.Info().Str("addr", addr).Msg("Starting server")
	return http.ListenAndServe(addr, s.router)
}