forked from rcrowley/go-tigertonic
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.go
186 lines (169 loc) · 4.08 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
package tigertonic
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net"
"net/http"
"sync"
)
// Server is an http.Server with better defaults.
type Server struct {
http.Server
ch chan<- struct{}
listener net.Listener
waitGroup sync.WaitGroup
}
// NewServer returns an http.Server with better defaults.
func NewServer(addr string, handler http.Handler) *Server {
ch := make(chan struct{})
return &Server{
Server: http.Server{
Addr: addr,
Handler: &serverHandler{
Handler: handler,
ch: ch,
},
MaxHeaderBytes: 4096,
ReadTimeout: 60e9, // These are absolute times which must be
WriteTimeout: 60e9, // longer than the longest {up,down}load.
},
ch: ch,
}
}
// NewTLSServer returns an http.Server with better defaults configured to use
// the certificate and private key files.
func NewTLSServer(
addr, cert, key string,
handler http.Handler,
) (*Server, error) {
s := NewServer(addr, handler)
return s, s.TLS(cert, key)
}
// CA overrides the certificate authority on the server's TLSConfig field.
func (s *Server) CA(ca string) error {
certPool := x509.NewCertPool()
buf, err := ioutil.ReadFile(ca)
if nil != err {
return err
}
certPool.AppendCertsFromPEM(buf)
s.tlsConfig()
s.TLSConfig.RootCAs = certPool
return nil
}
// ClientCA configures the CA pool for verifying client side certificates.
func (s *Server) ClientCA(ca string) error {
certPool := x509.NewCertPool()
buf, err := ioutil.ReadFile(ca)
if nil != err {
return err
}
certPool.AppendCertsFromPEM(buf)
s.tlsConfig()
s.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
s.TLSConfig.ClientCAs = certPool
return nil
}
// Close closes the listener the server is using and signals open connections
// to close at their earliest convenience. Then it waits for all open
// connections to become closed.
func (s *Server) Close() error {
close(s.ch)
if err := s.listener.Close(); nil != err {
return err
}
s.waitGroup.Wait()
return nil
}
// ListenAndServe calls net.Listen with s.Addr and then calls s.Serve.
func (s *Server) ListenAndServe() error {
addr := s.Addr
if "" == addr {
if nil == s.TLSConfig {
addr = ":http"
} else {
addr = ":https"
}
}
l, err := net.Listen("tcp", addr)
if nil != err {
return err
}
if nil != s.TLSConfig {
l = tls.NewListener(l, s.TLSConfig)
}
return s.Serve(l)
}
// ListenAndServeTLS calls s.TLS with the given certificate and private key
// files and then calls s.ListenAndServe.
func (s *Server) ListenAndServeTLS(cert, key string) error {
s.TLS(cert, key)
return s.ListenAndServe()
}
// Serve behaves like http.Server.Serve with the added option to stop the
// server gracefully with the s.Close method.
func (s *Server) Serve(l net.Listener) error {
s.listener = &Listener{
Listener: l,
waitGroup: &s.waitGroup,
}
return s.Server.Serve(s.listener)
}
// TLS configures this server to be a TLS server using the given certificate
// and private key files.
func (s *Server) TLS(cert, key string) error {
c, err := tls.LoadX509KeyPair(cert, key)
if nil != err {
return err
}
s.tlsConfig()
s.TLSConfig.Certificates = []tls.Certificate{c}
return nil
}
func (s *Server) tlsConfig() {
if nil == s.TLSConfig {
s.TLSConfig = &tls.Config{
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
tls.TLS_RSA_WITH_RC4_128_SHA,
},
NextProtos: []string{"http/1.1"},
}
}
}
type closingResponseWriter struct {
http.Flusher
http.ResponseWriter
ch <-chan struct{}
}
func (w closingResponseWriter) Flush() {
if f, ok := w.ResponseWriter.(http.Flusher); ok {
f.Flush()
}
}
func (w closingResponseWriter) WriteHeader(code int) {
select {
case <-w.ch:
w.Header().Set("Connection", "close")
default:
}
w.ResponseWriter.WriteHeader(code)
}
type serverHandler struct {
http.Handler
ch <-chan struct{}
}
func (h *serverHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// r.Header.Set("Host", r.Host) // Should I?
r.URL.Host = r.Host
if nil != r.TLS {
r.URL.Scheme = "https"
} else {
r.URL.Scheme = "http"
}
h.Handler.ServeHTTP(closingResponseWriter{
ResponseWriter: w,
ch: h.ch,
}, r)
}