Beispiel #1
0
// Use is an exported function that
// define routing for user
func Use(r *gin.RouterGroup) {
	r.Use()
	{
		r.GET("/user", getUsers)
		r.GET("/user/:id", getUser)
		r.POST("/user", postUser)
		r.PATCH("/user/:id", updateUser)
		r.DELETE("/user/:id", deleteUser)
	}
}
Beispiel #2
0
func (svc *Service) Run(cfg ServerSettings) error {
	config = cfg // save config in global

	// init gin
	if !config.Configuration.DebugEnabled {
		gin.SetMode(gin.ReleaseMode)
	}

	var oauth2Endpoint = oauth2.Endpoint{
		AuthURL:  config.Configuration.AuthURL,
		TokenURL: config.Configuration.TokenURL,
	}

	// Middleware
	router := gin.New()
	// use glog for logging
	router.Use(ginglog.Logger(config.Configuration.LogFlushInterval))
	// monitoring GO internals and counter middleware
	counterAspect := &ginmon.CounterAspect{0}
	asps := []aspects.Aspect{counterAspect}
	router.Use(ginmon.CounterHandler(counterAspect))
	router.Use(gomonitor.Metrics(9000, asps))
	router.Use(ginoauth2.RequestLogger([]string{"uid", "team"}, "data"))
	// last middleware
	router.Use(gin.Recovery())

	// OAuth2 secured if conf.Oauth2Enabled is set
	var private *gin.RouterGroup
	//ATM team or user auth is mutually exclusive, we have to look for a better solution
	if config.Configuration.Oauth2Enabled {
		private = router.Group("")
		if config.Configuration.TeamAuthorization {
			var accessTuple []zalando.AccessTuple = make([]zalando.AccessTuple, len(config.Configuration.AuthorizedTeams))
			for i, v := range config.Configuration.AuthorizedTeams {
				accessTuple[i] = zalando.AccessTuple{Realm: v.Realm, Uid: v.Uid, Cn: v.Cn}
			}
			zalando.AccessTuples = accessTuple
			private.Use(ginoauth2.Auth(zalando.GroupCheck, oauth2Endpoint))
		} else {
			var accessTuple []zalando.AccessTuple = make([]zalando.AccessTuple, len(config.Configuration.AuthorizedUsers))
			for i, v := range config.Configuration.AuthorizedUsers {
				accessTuple[i] = zalando.AccessTuple{Realm: v.Realm, Uid: v.Uid, Cn: v.Cn}
			}
			private.Use(ginoauth2.Auth(zalando.UidCheck, oauth2Endpoint))
		}
	}

	//non authenticated routes
	router.GET("/", rootHandler)
	router.GET("/health", healthHandler)
	//authenticated routes
	if config.Configuration.Oauth2Enabled {
		private.GET("/deployments", deployList)
		private.GET("/deployments/:name", deployInfo)
		private.POST("/deployments", deployCreate)
		private.PUT("/deployments/:name", deployUpsert)
		private.DELETE("/deployments/:name", deployDelete)
		private.PATCH("/deployments/:name/replicas/:num", deployReplicasModify)
	} else {
		router.GET("/deployments", deployList)
		router.GET("/deployments/:name", deployInfo)
		router.POST("/deployments", deployCreate)
		router.PUT("/deployments/:name", deployUpsert)
		router.DELETE("/deployments/:name", deployDelete)
		router.PATCH("/deployments/:name/replicas/:num", deployReplicasModify)
	}

	// TLS config
	var tls_config tls.Config = tls.Config{}
	if !config.Httponly {
		tls_config.Certificates = []tls.Certificate{config.CertKeyPair}
		tls_config.NextProtos = []string{"http/1.1"}
		tls_config.Rand = rand.Reader // Strictly not necessary, should be default
	}

	// run backend
	Start()

	// run frontend server
	serve := &http.Server{
		Addr:      fmt.Sprintf(":%d", config.Configuration.Port),
		Handler:   router,
		TLSConfig: &tls_config,
	}
	if config.Httponly {
		serve.ListenAndServe()
	} else {
		conn, err := net.Listen("tcp", serve.Addr)
		if err != nil {
			panic(err)
		}
		tlsListener := tls.NewListener(conn, &tls_config)
		err = serve.Serve(tlsListener)
		if err != nil {
			glog.Fatalf("Can not Serve TLS, caused by: %s\n", err)
		}
	}
	return nil
}