Sudo-Ivan
5b8daa638d
- Added a flag to disable the verifier UI and logic for user preferences. - Implemented Cache-Control headers for static assets in production. - Updated the SoftwareCard component to include a copy hash feature and display release dates. - Introduced a Markdown component for rendering documentation content. - Enhanced the verification process with speed updates during asset downloads. - Improved the user interface for verification toasts and modals. - Updated legal documents with new versions and additional privacy features. - Added new API documentation and routes for better user guidance.
207 lines
6.3 KiB
Go
207 lines
6.3 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"embed"
|
|
"flag"
|
|
"fmt"
|
|
"io/fs"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"strings"
|
|
"syscall"
|
|
"time"
|
|
|
|
"software-station/internal/api"
|
|
"software-station/internal/config"
|
|
"software-station/internal/security"
|
|
"software-station/internal/stats"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
"github.com/go-chi/cors"
|
|
"github.com/go-chi/httprate"
|
|
"github.com/unrolled/secure"
|
|
)
|
|
|
|
//go:embed all:frontend/build
|
|
var frontendBuild embed.FS
|
|
|
|
var (
|
|
giteaToken string
|
|
giteaServer string
|
|
configPath string
|
|
)
|
|
|
|
func main() {
|
|
flag.StringVar(&giteaToken, "t", os.Getenv("GITEA_TOKEN"), "Gitea API Token")
|
|
flag.StringVar(&giteaServer, "s", getEnv("GITEA_SERVER", "https://git.quad4.io"), "Gitea Server URL")
|
|
flag.StringVar(&configPath, "c", getEnv("CONFIG_PATH", config.DefaultConfigPath), "Path to software.txt (local or remote)")
|
|
uaBlocklistPath := flag.String("ua-blocklist", getEnv("UA_BLOCKLIST_PATH", "ua-blocklist.txt"), "Path to ua-blocklist.txt (optional)")
|
|
port := flag.String("p", getEnv("PORT", "8080"), "Server port")
|
|
isProd := flag.Bool("prod", os.Getenv("NODE_ENV") == "production", "Run in production mode")
|
|
disableVerifier := flag.Bool("disable-verifier", getEnv("DISABLE_VERIFIER", "false") == "true", "Completely disable the verifier UI and logic")
|
|
updateInterval := flag.Duration("u", 1*time.Hour, "Software update interval")
|
|
flag.Parse()
|
|
|
|
statsService := stats.NewService(stats.DefaultHashesFile)
|
|
statsService.LoadHashes()
|
|
statsService.Start()
|
|
defer statsService.Stop()
|
|
|
|
botBlocker := security.NewBotBlocker(*uaBlocklistPath)
|
|
|
|
initialSoftware := config.LoadSoftware(configPath, giteaServer, giteaToken)
|
|
apiServer := api.NewServer(giteaToken, initialSoftware, statsService)
|
|
config.StartBackgroundUpdater(configPath, giteaServer, giteaToken, *updateInterval, apiServer.UpdateSoftwareList)
|
|
|
|
r := chi.NewRouter()
|
|
|
|
allowedOriginsStr := getEnv("ALLOWED_ORIGINS", "*")
|
|
if allowedOriginsStr == "" {
|
|
allowedOriginsStr = "*"
|
|
}
|
|
allowedOrigins := strings.Split(allowedOriginsStr, ",")
|
|
r.Use(cors.Handler(cors.Options{
|
|
AllowedOrigins: allowedOrigins,
|
|
AllowedMethods: []string{"GET", "POST", "OPTIONS"},
|
|
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Account-Number"},
|
|
ExposedHeaders: []string{"Link"},
|
|
AllowCredentials: true,
|
|
MaxAge: 300,
|
|
}))
|
|
|
|
secureMiddleware := secure.New(secure.Options{
|
|
FrameDeny: true,
|
|
ContentTypeNosniff: true,
|
|
BrowserXssFilter: true,
|
|
ContentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self';",
|
|
IsDevelopment: !*isProd,
|
|
})
|
|
r.Use(secureMiddleware.Handler)
|
|
|
|
r.Use(middleware.RealIP)
|
|
r.Use(middleware.Logger)
|
|
r.Use(middleware.Recoverer)
|
|
r.Use(middleware.Compress(api.CompressionLevel))
|
|
r.Use(security.SecurityMiddleware(statsService, botBlocker))
|
|
|
|
r.Use(httprate.Limit(
|
|
security.GlobalRateLimit,
|
|
security.GlobalRateWindow,
|
|
httprate.WithKeyFuncs(func(r *http.Request) (string, error) {
|
|
return security.GetRequestFingerprint(r, statsService), nil
|
|
}),
|
|
))
|
|
|
|
r.Route("/api", func(r chi.Router) {
|
|
r.Use(httprate.Limit(
|
|
security.APIRateLimit,
|
|
security.APIRateWindow,
|
|
httprate.WithKeyFuncs(func(r *http.Request) (string, error) {
|
|
return security.GetRequestFingerprint(r, statsService), nil
|
|
}),
|
|
))
|
|
r.Get("/software", apiServer.APISoftwareHandler)
|
|
r.Get("/download", apiServer.DownloadProxyHandler)
|
|
r.Get("/avatar", apiServer.AvatarHandler)
|
|
r.Get("/stats", statsService.APIStatsHandler)
|
|
r.Get("/legal", apiServer.LegalHandler)
|
|
r.Get("/rss", apiServer.RSSHandler)
|
|
})
|
|
|
|
contentStatic, err := fs.Sub(frontendBuild, "frontend/build")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
staticHandler := http.FileServer(http.FS(contentStatic))
|
|
|
|
r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
|
|
path := r.URL.Path
|
|
if path == "/" {
|
|
path = "index.html"
|
|
} else {
|
|
path = strings.TrimPrefix(path, "/")
|
|
}
|
|
|
|
// Set Cache-Control headers for static assets
|
|
if *isProd {
|
|
if strings.HasPrefix(path, "_app/immutable/") {
|
|
// SvelteKit immutable assets (fingerprinted)
|
|
w.Header().Set("Cache-Control", "public, max-age=31536000, immutable")
|
|
} else if strings.HasSuffix(path, ".js") || strings.HasSuffix(path, ".css") ||
|
|
strings.HasSuffix(path, ".png") || strings.HasSuffix(path, ".webp") ||
|
|
strings.HasSuffix(path, ".svg") || strings.HasSuffix(path, ".wasm") {
|
|
// Other static assets (1 week)
|
|
w.Header().Set("Cache-Control", "public, max-age=604800")
|
|
}
|
|
}
|
|
|
|
f, err := contentStatic.Open(path)
|
|
if err != nil {
|
|
if strings.HasPrefix(r.URL.Path, "/api") {
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
indexData, err := fs.ReadFile(contentStatic, "index.html")
|
|
if err != nil {
|
|
http.Error(w, "Index not found", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Inject global configuration
|
|
html := string(indexData)
|
|
configJS := fmt.Sprintf("<script>window.VERIFIER_GLOBALLY_DISABLED = %v;</script>", *disableVerifier)
|
|
html = strings.Replace(html, "</head>", configJS+"</head>", 1)
|
|
|
|
http.ServeContent(w, r, "index.html", time.Unix(0, 0), strings.NewReader(html))
|
|
return
|
|
}
|
|
if err := f.Close(); err != nil {
|
|
log.Printf("Error closing static file: %v", err)
|
|
}
|
|
|
|
staticHandler.ServeHTTP(w, r)
|
|
})
|
|
|
|
server := &http.Server{
|
|
Addr: ":" + *port,
|
|
ReadTimeout: 15 * time.Second,
|
|
WriteTimeout: 30 * time.Second,
|
|
IdleTimeout: 120 * time.Second,
|
|
Handler: r,
|
|
}
|
|
|
|
done := make(chan os.Signal, 1)
|
|
signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
|
|
|
|
go func() {
|
|
fmt.Printf("Server starting on http://localhost:%s (Gitea: %s, Prod: %v)\n", *port, giteaServer, *isProd)
|
|
if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
|
|
log.Printf("Listen error: %s\n", err)
|
|
done <- syscall.SIGTERM
|
|
}
|
|
}()
|
|
|
|
<-done
|
|
fmt.Println("\nServer stopping...")
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
if err := server.Shutdown(ctx); err != nil {
|
|
log.Fatalf("Server shutdown failed: %+v", err)
|
|
}
|
|
fmt.Println("Server exited properly")
|
|
}
|
|
|
|
func getEnv(key, fallback string) string {
|
|
if value, ok := os.LookupEnv(key); ok {
|
|
return value
|
|
}
|
|
return fallback
|
|
}
|