perkeep/server/go/camlistored/camlistored.go

/*
Copyright 2011 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
	"big"
	"crypto/x509/pkix"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"flag"
	"fmt"
	"log"
	"runtime"
	"strings"
	"time"
	"os"
	"path/filepath"

	"camli/osutil"
	"camli/serverconfig"
	"camli/webserver"

	// Storage options:
	_ "camli/blobserver/cond"
	_ "camli/blobserver/localdisk"
	_ "camli/blobserver/remote"
	_ "camli/blobserver/replica"
	_ "camli/blobserver/s3"
	_ "camli/blobserver/shard"
	_ "camli/mysqlindexer" // indexer, but uses storage interface
	// Handlers:
	_ "camli/search"
	_ "camli/server" // UI, publish, etc
)

const defCert = "config/selfgen_cert.pem"
const defKey = "config/selfgen_key.pem"

var flagConfigFile = flag.String("configfile", "serverconfig",
	"Config file to use, relative to camli config dir root, or blank to not use config files.")

func exitFailure(pattern string, args ...interface{}) {
	if !strings.HasSuffix(pattern, "\n") {
		pattern = pattern + "\n"
	}
	fmt.Fprintf(os.Stderr, pattern, args...)
	os.Exit(1)
}

// Mostly copied from $GOROOT/src/pkg/crypto/tls/generate_cert.go
func genSelfTLS() os.Error {
	priv, err := rsa.GenerateKey(rand.Reader, 1024)
	if err != nil {
		return fmt.Errorf("failed to generate private key: %s", err)
	}

	now := time.Seconds()

	baseurl := os.Getenv("CAMLI_BASEURL")
	if baseurl == "" {
		return fmt.Errorf("CAMLI_BASEURL is not set")
	}
	split := strings.Split(baseurl, ":")
	hostname := split[1]
	hostname = hostname[2:len(hostname)]

	template := x509.Certificate{
		SerialNumber: new(big.Int).SetInt64(0),
		Subject: pkix.Name{
			CommonName:   hostname,
			Organization: []string{hostname},
		},
		NotBefore: time.SecondsToUTC(now - 300),
		NotAfter:  time.SecondsToUTC(now + 60*60*24*365), // valid for 1 year.

		SubjectKeyId: []byte{1, 2, 3, 4},
		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
	}

	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
	if err != nil {
		return fmt.Errorf("Failed to create certificate: %s", err)
	}

	certOut, err := os.Create(defCert)
	if err != nil {
		return fmt.Errorf("failed to open %s for writing: %s", defCert, err)
	}
	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
	certOut.Close()
	log.Printf("written %s\n", defCert)

	keyOut, err := os.OpenFile(defKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
	if err != nil {
		return fmt.Errorf("failed to open %s for writing:", defKey, err)
	}
	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
	keyOut.Close()
	log.Printf("written %s\n", defKey)
	return nil
}

func notExist(err os.Error) bool {
	pe, ok := err.(*os.PathError)
	return ok && pe.Error == os.ENOENT
}

func main() {
	flag.Parse()

	file := *flagConfigFile
	if !filepath.IsAbs(file) {
		file = filepath.Join(osutil.CamliConfigDir(), file)
	}
	config, err := serverconfig.Load(file)
	if err != nil {
		exitFailure("Could not load server config: %v", err)
	}

	ws := webserver.New()
	baseURL := ws.BaseURL()

	{
		cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "")
		secure := config.OptionalBool("https", true)
		if secure {
			if (cert != "") != (key != "") {
				exitFailure("TLSCertFile and TLSKeyFile must both be either present or absent")
			}

			if cert == defCert && key == defKey {
				_, err1 := os.Stat(cert)
				_, err2 := os.Stat(key)
				if err1 != nil || err2 != nil {
					if notExist(err1) || notExist(err2) {
						err = genSelfTLS()
						if err != nil {
							exitFailure("Could not generate self signed creds: %q", err)
						}
					} else {
						exitFailure("Could not stat cert or key: %q, %q", err1, err2)
					}
				}
			}
			if cert == "" && key == "" {
				err = genSelfTLS()
				if err != nil {
					exitFailure("Could not generate self signed creds: %q", err)
				}
				cert = defCert
				key = defKey
			}
			ws.SetTLS(cert, key)
		}
	}

	err = config.InstallHandlers(ws, baseURL, nil)
	if err != nil {
		exitFailure("Error parsing config: %v", err)
	}

	ws.Listen()

	if config.UIPath != "" {
		uiURL := ws.BaseURL() + config.UIPath
		log.Printf("UI available at %s", uiURL)
		if runtime.GOOS == "windows" {
			// Might be double-clicking an icon with no shell window?
			// Just open the URL for them.
			osutil.OpenURL(uiURL)
		}
	}
	ws.Serve()
}
Fix copyright license. Not mine. 2011-03-30 00:42:49 +00:00			`/*`
			`Copyright 2011 Google Inc.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`
start of storage server 2010-06-12 21:45:58 +00:00
			`package main`

work on preupload, and split blobref stuff to its own file 2010-07-11 04:18:16 +00:00			`import (`
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`"big"`
			`"crypto/x509/pkix"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
some cleanup of camlistored 2011-04-02 05:14:23 +00:00			`"flag"`
			`"fmt"`
			`"log"`
open admin UI on windows Change-Id: I0df5042ddd9bb9058660468b862916a97b86c280 2011-07-18 00:30:40 +00:00			`"runtime"`
some cleanup of camlistored 2011-04-02 05:14:23 +00:00			`"strings"`
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`"time"`
some cleanup of camlistored 2011-04-02 05:14:23 +00:00			`"os"`
serverconfig: push abs path business to caller 2011-10-04 23:22:12 +00:00			`"path/filepath"`
some cleanup of camlistored 2011-04-02 05:14:23 +00:00
Server config file support. 2011-04-03 15:07:40 +00:00			`"camli/osutil"`
camlistored: Refactor main() into tiny main and loader library This will make running on App Engine a lot easier, letting us share code. Change-Id: Ibe989387d44d94869c31c8306683e49af261496a 2011-09-30 05:07:04 +00:00			`"camli/serverconfig"`
camlistored: configuration + cleanup work working on gutting partition stuff from everywhere, and gutting the command-line mode that statically mounted various dev handlers based on flags. more stuff moves into the config file now and jsonconfig is used in more places. 2011-04-16 05:25:45 +00:00			`"camli/webserver"`
some cleanup of camlistored 2011-04-02 05:14:23 +00:00
			`// Storage options:`
Start of 'cond' handler. 2011-06-04 04:52:56 +00:00			`_ "camli/blobserver/cond"`
remove camlistored command-line configuration mode 2011-05-09 19:07:56 +00:00			`_ "camli/blobserver/localdisk"`
Make blob storage constructors take a blobserver.Loader 2011-05-21 20:40:17 +00:00			`_ "camli/blobserver/remote"`
Replica blob handler for live replication. 2011-05-23 04:22:21 +00:00			`_ "camli/blobserver/replica"`
Make s3 storage use registry; start trimming blobserver 2011-04-02 03:45:40 +00:00			`_ "camli/blobserver/s3"`
Start of 'shard' handler. 2011-05-21 16:26:20 +00:00			`_ "camli/blobserver/shard"`
jsonconfig expansion support; start making dev-* helper scripts use config files 2011-05-01 23:10:53 +00:00			`_ "camli/mysqlindexer" // indexer, but uses storage interface`
convert search to use handler registry 2011-05-30 05:52:31 +00:00			`// Handlers:`
			`_ "camli/search"`
Move all the camlistored handlers (UI, signing, etc) into a package. Change-Id: Idf63c83cd7faf006e4a9047b47a16ea2950e5147 2011-10-18 18:12:01 +00:00			`_ "camli/server" // UI, publish, etc`
work on preupload, and split blobref stuff to its own file 2010-07-11 04:18:16 +00:00			`)`
Start of blob upload using new multipart code (not yet) in Go. Also s/objref/blobref/ and gofmt changes. 2010-07-07 04:57:53 +00:00
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`const defCert = "config/selfgen_cert.pem"`
			`const defKey = "config/selfgen_key.pem"`

jsonconfig expansion support; start making dev-* helper scripts use config files 2011-05-01 23:10:53 +00:00			`var flagConfigFile = flag.String("configfile", "serverconfig",`
			`"Config file to use, relative to camli config dir root, or blank to not use config files.")`
mysql client pool work for indexer; temporary glue in blobserver 2011-03-05 23:09:36 +00:00
blobserver: library-ify preupload and upload. 2011-02-04 22:31:23 +00:00			`func exitFailure(pattern string, args ...interface{}) {`
			`if !strings.HasSuffix(pattern, "\n") {`
			`pattern = pattern + "\n"`
			`}`
			`fmt.Fprintf(os.Stderr, pattern, args...)`
			`os.Exit(1)`
start of storage server 2010-06-12 21:45:58 +00:00			`}`

auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`// Mostly copied from $GOROOT/src/pkg/crypto/tls/generate_cert.go`
			`func genSelfTLS() os.Error {`
			`priv, err := rsa.GenerateKey(rand.Reader, 1024)`
			`if err != nil {`
			`return fmt.Errorf("failed to generate private key: %s", err)`
			`}`

			`now := time.Seconds()`

			`baseurl := os.Getenv("CAMLI_BASEURL")`
			`if baseurl == "" {`
			`return fmt.Errorf("CAMLI_BASEURL is not set")`
			`}`
			`split := strings.Split(baseurl, ":")`
			`hostname := split[1]`
			`hostname = hostname[2:len(hostname)]`

			`template := x509.Certificate{`
			`SerialNumber: new(big.Int).SetInt64(0),`
			`Subject: pkix.Name{`
			`CommonName: hostname,`
			`Organization: []string{hostname},`
			`},`
			`NotBefore: time.SecondsToUTC(now - 300),`
			`NotAfter: time.SecondsToUTC(now + 606024*365), // valid for 1 year.`

			`SubjectKeyId: []byte{1, 2, 3, 4},`
			`KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,`
			`}`

			`derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)`
			`if err != nil {`
			`return fmt.Errorf("Failed to create certificate: %s", err)`
			`}`

			`certOut, err := os.Create(defCert)`
			`if err != nil {`
			`return fmt.Errorf("failed to open %s for writing: %s", defCert, err)`
			`}`
			`pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})`
			`certOut.Close()`
			`log.Printf("written %s\n", defCert)`

			`keyOut, err := os.OpenFile(defKey, os.O_WRONLY\|os.O_CREATE\|os.O_TRUNC, 0600)`
			`if err != nil {`
			`return fmt.Errorf("failed to open %s for writing:", defKey, err)`
			`}`
			`pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})`
			`keyOut.Close()`
			`log.Printf("written %s\n", defKey)`
			`return nil`
			`}`

auth: added username, camput can do https Change-Id: I14a047f1a164b64062d94da0db7a64a658b086ae 2011-11-16 10:41:38 +00:00			`func notExist(err os.Error) bool {`
			`pe, ok := err.(*os.PathError)`
			`return ok && pe.Error == os.ENOENT`
			`}`

start of storage server 2010-06-12 21:45:58 +00:00			`func main() {`
			`flag.Parse()`

serverconfig: push abs path business to caller 2011-10-04 23:22:12 +00:00			`file := *flagConfigFile`
			`if !filepath.IsAbs(file) {`
			`file = filepath.Join(osutil.CamliConfigDir(), file)`
			`}`
			`config, err := serverconfig.Load(file)`
camlistored: Refactor main() into tiny main and loader library This will make running on App Engine a lot easier, letting us share code. Change-Id: Ibe989387d44d94869c31c8306683e49af261496a 2011-09-30 05:07:04 +00:00			`if err != nil {`
			`exitFailure("Could not load server config: %v", err)`
			`}`

fix extra slash in partition base URLs. 2011-04-04 02:58:20 +00:00			`ws := webserver.New()`
			`baseURL := ws.BaseURL()`

Move TLS setup to config file, not flags. Use jsonconfig for root config. 2011-05-09 18:49:02 +00:00			`{`
auth: added username, camput can do https Change-Id: I14a047f1a164b64062d94da0db7a64a658b086ae 2011-11-16 10:41:38 +00:00			`cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "")`
some more auth, continuation of I14a047f1a164b64062d94da0db7a64a658b086ae Change-Id: I763c797f110854e0a3c906aceac72fff234f43df 2011-11-28 17:45:08 +00:00			`secure := config.OptionalBool("https", true)`
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`if secure {`
			`if (cert != "") != (key != "") {`
			`exitFailure("TLSCertFile and TLSKeyFile must both be either present or absent")`
			`}`

auth: added username, camput can do https Change-Id: I14a047f1a164b64062d94da0db7a64a658b086ae 2011-11-16 10:41:38 +00:00			`if cert == defCert && key == defKey {`
			`_, err1 := os.Stat(cert)`
			`_, err2 := os.Stat(key)`
			`if err1 != nil \|\| err2 != nil {`
			`if notExist(err1) \|\| notExist(err2) {`
			`err = genSelfTLS()`
			`if err != nil {`
			`exitFailure("Could not generate self signed creds: %q", err)`
			`}`
			`} else {`
			`exitFailure("Could not stat cert or key: %q, %q", err1, err2)`
			`}`
			`}`
			`}`
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`if cert == "" && key == "" {`
			`err = genSelfTLS()`
			`if err != nil {`
auth: added username, camput can do https Change-Id: I14a047f1a164b64062d94da0db7a64a658b086ae 2011-11-16 10:41:38 +00:00			`exitFailure("Could not generate self signed creds: %q", err)`
auth: config for a non dev mode, self gen tls certs, force https in non dev Change-Id: I7faa6b35f44a7925b06d22ade7f5986a12728362 2011-11-10 15:20:22 +00:00			`}`
			`cert = defCert`
			`key = defKey`
			`}`
Move TLS setup to config file, not flags. Use jsonconfig for root config. 2011-05-09 18:49:02 +00:00			`ws.SetTLS(cert, key)`
			`}`
add password config option 2011-04-04 02:38:22 +00:00			`}`

more App Engine bootstrap work. Change-Id: I11a141b833bf1940aadcd0cd20adc53da8ea4151 2011-10-26 02:40:50 +00:00			`err = config.InstallHandlers(ws, baseURL, nil)`
camlistored: Refactoring main function into smaller pieces. Change-Id: I66cc428c961f4b0582f20d906da4cb621a7e3aaa 2011-09-30 04:18:12 +00:00			`if err != nil {`
camlistored: Refactor main() into tiny main and loader library This will make running on App Engine a lot easier, letting us share code. Change-Id: Ibe989387d44d94869c31c8306683e49af261496a 2011-09-30 05:07:04 +00:00			`exitFailure("Error parsing config: %v", err)`
camlistored: Refactoring main function into smaller pieces. Change-Id: I66cc428c961f4b0582f20d906da4cb621a7e3aaa 2011-09-30 04:18:12 +00:00			`}`

			`ws.Listen()`

camlistored: Refactor main() into tiny main and loader library This will make running on App Engine a lot easier, letting us share code. Change-Id: Ibe989387d44d94869c31c8306683e49af261496a 2011-09-30 05:07:04 +00:00			`if config.UIPath != "" {`
			`uiURL := ws.BaseURL() + config.UIPath`
camlistored: Refactoring main function into smaller pieces. Change-Id: I66cc428c961f4b0582f20d906da4cb621a7e3aaa 2011-09-30 04:18:12 +00:00			`log.Printf("UI available at %s", uiURL)`
			`if runtime.GOOS == "windows" {`
			`// Might be double-clicking an icon with no shell window?`
			`// Just open the URL for them.`
			`osutil.OpenURL(uiURL)`
			`}`
			`}`
			`ws.Serve()`
			`}`