Merge pull request #10 from github/vdye/https

Add option for serving over HTTPS

Author: vdye

cmd/git-bundle-server/web-server.go

@@ -2,11 +2,13 @@ package main
 
 import (
 	"errors"
+	"flag"
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 
+	"github.com/github/git-bundle-server/cmd/utils"
 	"github.com/github/git-bundle-server/internal/argparse"
 	"github.com/github/git-bundle-server/internal/common"
 	"github.com/github/git-bundle-server/internal/daemon"
@@ -77,9 +79,19 @@ func (w *webServer) getDaemonConfig() (*daemon.DaemonConfig, error) {
 func (w *webServer) startServer(args []string) error {
 	// Parse subcommand arguments
 	parser := argparse.NewArgParser("git-bundle-server web-server start [-f|--force]")
+
+	// Args for 'git-bundle-server web-server start'
 	force := parser.Bool("force", false, "Whether to force reconfiguration of the web server daemon")
 	parser.BoolVar(force, "f", false, "Alias of --force")
+
+	// Arguments passed through to 'git-bundle-web-server'
+	webServerFlags, validate := utils.WebServerFlags(parser)
+	webServerFlags.VisitAll(func(f *flag.Flag) {
+		parser.Var(f.Value, f.Name, fmt.Sprintf("[Web server] %s", f.Usage))
+	})
+
 	parser.Parse(args)
+	validate()
 
 	d, err := daemon.NewDaemonProvider(w.user, w.cmdExec, w.fileSystem)
 	if err != nil {
@@ -91,6 +103,33 @@ func (w *webServer) startServer(args []string) error {
 		return err
 	}
 
+	// Configure flags
+	loopErr := error(nil)
+	parser.Visit(func(f *flag.Flag) {
+		if webServerFlags.Lookup(f.Name) != nil {
+			value := f.Value.String()
+			if f.Name == "cert" || f.Name == "key" {
+				// Need the absolute value of the path
+				value, err = filepath.Abs(value)
+				if err != nil {
+					if loopErr == nil {
+						// NEEDSWORK: Only report the first error because Go
+						// doesn't like it when you manually chain errors :(
+						// Luckily, this is slated to change in v1.20, per
+						// https://tip.golang.org/doc/go1.20#errors
+						loopErr = fmt.Errorf("could not get absolute path of '%s': %w", f.Name, err)
+					}
+					return
+				}
+			}
+			config.Arguments = append(config.Arguments, fmt.Sprintf("--%s", f.Name), value)
+		}
+	})
+	if loopErr != nil {
+		// Error happened in 'Visit'
+		return loopErr
+	}
+
 	err = d.Create(config, *force)
 	if err != nil {
 		return err

cmd/git-bundle-web-server/main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"flag"
 	"fmt"
 	"log"
 	"net/http"
@@ -11,34 +12,25 @@ import (
 	"sync"
 	"syscall"
 
+	"github.com/github/git-bundle-server/cmd/utils"
+	"github.com/github/git-bundle-server/internal/argparse"
 	"github.com/github/git-bundle-server/internal/core"
 )
 
 func parseRoute(path string) (string, string, string, error) {
-	if len(path) == 0 {
+	elements := strings.FieldsFunc(path, func(char rune) bool { return char == '/' })
+	switch len(elements) {
+	case 0:
 		return "", "", "", fmt.Errorf("empty route")
-	}
-
-	if path[0] == '/' {
-		path = path[1:]
-	}
-
-	slash1 := strings.Index(path, "/")
-	if slash1 < 0 {
+	case 1:
 		return "", "", "", fmt.Errorf("route has owner, but no repo")
-	}
-	slash2 := strings.Index(path[slash1+1:], "/")
-	if slash2 < 0 {
-		// No trailing slash.
-		return path[:slash1], path[slash1+1:], "", nil
-	}
-	slash2 += slash1 + 1
-	slash3 := strings.Index(path[slash2+1:], "/")
-	if slash3 >= 0 {
+	case 2:
+		return elements[0], elements[1], "", nil
+	case 3:
+		return elements[0], elements[1], elements[2], nil
+	default:
 		return "", "", "", fmt.Errorf("path has depth exceeding three")
 	}
-
-	return path[:slash1], path[slash1+1 : slash2], path[slash2+1:], nil
 }
 
 func serve(w http.ResponseWriter, r *http.Request) {
@@ -83,36 +75,57 @@ func serve(w http.ResponseWriter, r *http.Request) {
 	w.Write(data)
 }
 
-func createAndStartServer(address string, serverWaitGroup *sync.WaitGroup) *http.Server {
-	// Create the HTTP server
-	server := &http.Server{Addr: address}
-
-	// API routes
-	http.HandleFunc("/", serve)
-
+func startServer(server *http.Server,
+	cert string, key string,
+	serverWaitGroup *sync.WaitGroup,
+) {
 	// Add to wait group
 	serverWaitGroup.Add(1)
 
 	go func() {
 		defer serverWaitGroup.Done()
 
 		// Return error unless it indicates graceful shutdown
-		err := server.ListenAndServe()
-		if err != http.ErrServerClosed {
+		var err error
+		if cert != "" {
+			err = server.ListenAndServeTLS(cert, key)
+		} else {
+			err = server.ListenAndServe()
+		}
+
+		if err != nil && err != http.ErrServerClosed {
 			log.Fatal(err)
 		}
 	}()
 
-	fmt.Println("Server is running at address " + address)
-	return server
+	fmt.Println("Server is running at address " + server.Addr)
 }
 
 func main() {
+	parser := argparse.NewArgParser("git-bundle-web-server [--port <port>] [--cert <filename> --key <filename>]")
+	flags, validate := utils.WebServerFlags(parser)
+	flags.VisitAll(func(f *flag.Flag) {
+		parser.Var(f.Value, f.Name, f.Usage)
+	})
+	parser.Parse(os.Args[1:])
+	validate()
+
+	// Get the flag values
+	port := utils.GetFlagValue[string](parser, "port")
+	cert := utils.GetFlagValue[string](parser, "cert")
+	key := utils.GetFlagValue[string](parser, "key")
+
+	// Configure the server
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", serve)
+	server := &http.Server{
+		Handler: mux,
+		Addr:    ":" + port,
+	}
 	serverWaitGroup := &sync.WaitGroup{}
 
 	// Start the server asynchronously
-	port := ":8080"
-	server := createAndStartServer(port, serverWaitGroup)
+	startServer(server, cert, key, serverWaitGroup)
 
 	// Intercept interrupt signals
 	c := make(chan os.Signal, 1)

cmd/utils/common-args.go

@@ -0,0 +1,59 @@
+package utils
+
+import (
+	"flag"
+	"fmt"
+	"strconv"
+)
+
+// Helpers
+
+// Forward declaration (kinda) of argParser.
+// 'argparse.argParser' is private, but we want to be able to pass instances
+// of it to functions, so we need to define an interface that includes the
+// functions we want to call from the parser.
+type argParser interface {
+	Lookup(name string) *flag.Flag
+	Usage(errFmt string, args ...any)
+}
+
+func GetFlagValue[T any](parser argParser, name string) T {
+	flagVal := parser.Lookup(name)
+	if flagVal == nil {
+		panic(fmt.Sprintf("flag '--%s' is undefined", name))
+	}
+
+	flagGetter, ok := flagVal.Value.(flag.Getter)
+	if !ok {
+		panic(fmt.Sprintf("flag '--%s' is invalid (does not implement flag.Getter)", name))
+	}
+
+	value, ok := flagGetter.Get().(T)
+	if !ok {
+		panic(fmt.Sprintf("flag '--%s' is invalid (cannot cast to appropriate type)", name))
+	}
+
+	return value
+}
+
+// Sets of flags shared between multiple commands/programs
+
+func WebServerFlags(parser argParser) (*flag.FlagSet, func()) {
+	f := flag.NewFlagSet("", flag.ContinueOnError)
+	port := f.String("port", "8080", "The port on which the server should be hosted")
+	cert := f.String("cert", "", "The path to the X.509 SSL certificate file to use in securely hosting the server")
+	key := f.String("key", "", "The path to the certificate's private key")
+
+	// Function to call for additional arg validation (may exit with 'Usage()')
+	validationFunc := func() {
+		p, err := strconv.Atoi(*port)
+		if err != nil || p < 0 || p > 65535 {
+			parser.Usage("Invalid port '%s'.", *port)
+		}
+		if (*cert == "") != (*key == "") {
+			parser.Usage("Both '--cert' and '--key' are needed to specify SSL configuration.")
+		}
+	}
+
+	return f, validationFunc
+}

internal/daemon/daemon.go

@@ -11,6 +11,7 @@ type DaemonConfig struct {
 	Label       string
 	Description string
 	Program     string
+	Arguments   []string
 }
 
 type DaemonProvider interface {

internal/daemon/launchd.go

@@ -2,24 +2,54 @@ package daemon
 
 import (
 	"bytes"
+	"encoding/xml"
 	"fmt"
 	"path/filepath"
-	"text/template"
 
 	"github.com/github/git-bundle-server/internal/common"
+	"github.com/github/git-bundle-server/internal/utils"
 )
 
-const launchTemplate string = `<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-  <dict>
-    <key>Label</key><string>{{.Label}}</string>
-    <key>Program</key><string>{{.Program}}</string>
-    <key>StandardOutPath</key><string>{{.StdOut}}</string>
-    <key>StandardErrorPath</key><string>{{.StdErr}}</string>
-  </dict>
-</plist>
-`
+type xmlItem struct {
+	XMLName xml.Name
+	Value   string `xml:",chardata"`
+}
+
+type xmlArray struct {
+	XMLName  xml.Name
+	Elements []interface{} `xml:",any"`
+}
+
+type plist struct {
+	XMLName xml.Name `xml:"plist"`
+	Version string   `xml:"version,attr"`
+	Config  xmlArray `xml:"dict"`
+}
+
+const plistHeader string = `<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">`
+
+func xmlName(name string) xml.Name {
+	return xml.Name{Local: name}
+}
+
+func (p *plist) addKeyValue(key string, value any) {
+	p.Config.Elements = append(p.Config.Elements, xmlItem{XMLName: xmlName("key"), Value: key})
+	switch value := value.(type) {
+	case string:
+		p.Config.Elements = append(p.Config.Elements, xmlItem{XMLName: xmlName("string"), Value: value})
+	case []string:
+		p.Config.Elements = append(p.Config.Elements,
+			xmlArray{
+				XMLName: xmlName("array"),
+				Elements: utils.Map(value, func(e string) interface{} {
+					return xmlItem{XMLName: xmlName("string"), Value: e}
+				}),
+			},
+		)
+	default:
+		panic("Invalid value type in 'addKeyValue'")
+	}
+}
 
 const domainFormat string = "gui/%s"
 
@@ -31,6 +61,31 @@ type launchdConfig struct {
 	StdErr string
 }
 
+func (c *launchdConfig) toPlist() *plist {
+	p := &plist{
+		Version: "1.0",
+		Config:  xmlArray{Elements: []interface{}{}},
+	}
+	p.addKeyValue("Label", c.Label)
+	p.addKeyValue("Program", c.Program)
+	p.addKeyValue("StandardOutPath", c.StdOut)
+	p.addKeyValue("StandardErrorPath", c.StdErr)
+
+	// IMPORTANT!!!
+	// You must explicitly set the first argument to the executable path
+	// because 'ProgramArguments' maps directly 'argv' in 'execvp'. The
+	// programs calling this library likely will, by convention, assume the
+	// first element of 'argv' is the executing program.
+	// See https://www.unix.com/man-page/osx/5/launchd.plist/ and
+	// https://man7.org/linux/man-pages/man3/execvp.3.html for more details.
+	args := make([]string, len(c.Arguments)+1)
+	args[0] = c.Program
+	copy(args[1:], c.Arguments[:])
+	p.addKeyValue("ProgramArguments", args)
+
+	return p
+}
+
 type launchd struct {
 	user       common.UserProvider
 	cmdExec    common.CommandExecutor
@@ -104,11 +159,14 @@ func (l *launchd) Create(config *DaemonConfig, force bool) error {
 
 	// Generate the configuration
 	var newPlist bytes.Buffer
-	t, err := template.New(config.Label).Parse(launchTemplate)
+	newPlist.WriteString(xml.Header)
+	newPlist.WriteString(plistHeader)
+	encoder := xml.NewEncoder(&newPlist)
+	encoder.Indent("", "  ")
+	err := encoder.Encode(lConfig.toPlist())
 	if err != nil {
-		return fmt.Errorf("unable to generate launchd configuration: %w", err)
+		return fmt.Errorf("could not encode plist: %w", err)
 	}
-	t.Execute(&newPlist, lConfig)
 
 	// Check the existing file - if it's the same as the new content, do not overwrite
 	user, err := l.user.CurrentUser()