improvement: change http(s) listener to web listener addr and a public web addr

Author: jsiebens

internal/cmd/configure.go

@@ -52,10 +52,9 @@ func configureCommand() *cobra.Command {
 	command.RunE = func(command *cobra.Command, args []string) error {
 		c := &config.Config{}
 
-		c.HttpListenAddr = "0.0.0.0:80"
-		c.HttpsListenAddr = "0.0.0.0:443"
+		c.WebListenAddr = "0.0.0.0:443"
 		c.MetricsListenAddr = "127.0.0.1:9090"
-		c.ServerUrl = fmt.Sprintf("https://%s", domain)
+		c.WebPublicAddr = fmt.Sprintf("%s:443", domain)
 
 		c.Keys = config.Keys{
 			ControlKey:       key.NewServerKey().String(),

internal/config/config.go

@@ -11,9 +11,9 @@ import (
 	"github.com/jsiebens/ionscale/internal/util"
 	"github.com/mitchellh/go-homedir"
 	"gopkg.in/yaml.v3"
+	"net/url"
 	"os"
 	"path/filepath"
-	"strings"
 	tkey "tailscale.com/types/key"
 	"time"
 )
@@ -95,15 +95,13 @@ func LoadConfig(path string) (*Config, error) {
 		dnsProviderConfigured = true
 	}
 
-	return cfg, nil
+	return cfg.Validate()
 }
 
 func defaultConfig() *Config {
 	return &Config{
-		HttpListenAddr:    ":8080",
-		HttpsListenAddr:   ":8443",
+		WebListenAddr:     ":8080",
 		MetricsListenAddr: ":9091",
-		ServerUrl:         "https://localhost:8843",
 		Database: Database{
 			Type:         "sqlite",
 			Url:          "./ionscale.db?_pragma=busy_timeout(5000)&_pragma=journal_mode(WAL)&_pragma=foreign_keys(ON)",
@@ -135,17 +133,18 @@ type ServerKeys struct {
 }
 
 type Config struct {
-	HttpListenAddr    string   `yaml:"http_listen_addr,omitempty" env:"HTTP_LISTEN_ADDR"`
-	HttpsListenAddr   string   `yaml:"https_listen_addr,omitempty" env:"HTTPS_LISTEN_ADDR"`
+	WebListenAddr     string   `yaml:"web_listen_addr,omitempty" env:"WEB_LISTEN_ADDR"`
 	MetricsListenAddr string   `yaml:"metrics_listen_addr,omitempty" env:"METRICS_LISTEN_ADDR"`
-	ServerUrl         string   `yaml:"server_url,omitempty" env:"SERVER_URL"`
+	WebPublicAddr     string   `yaml:"web_public_addr,omitempty" env:"WEB_PUBLIC_ADDR"`
 	Tls               Tls      `yaml:"tls,omitempty" envPrefix:"TLS_"`
 	PollNet           PollNet  `yaml:"poll_net,omitempty" envPrefix:"POLL_NET_"`
 	Keys              Keys     `yaml:"keys,omitempty" envPrefix:"KEYS_"`
 	Database          Database `yaml:"database,omitempty" envPrefix:"DB_"`
 	Auth              Auth     `yaml:"auth,omitempty" envPrefix:"AUTH_"`
 	DNS               DNS      `yaml:"dns,omitempty"`
 	Logging           Logging  `yaml:"logging,omitempty" envPrefix:"LOGGING_"`
+
+	WebPublicUrl *url.URL `yaml:"-"`
 }
 
 type Tls struct {
@@ -212,9 +211,24 @@ type SystemAdminPolicy struct {
 	Filters []string `yaml:"filters,omitempty"`
 }
 
+func (c *Config) Validate() (*Config, error) {
+	publicWebUrl, err := publicAddrToUrl(c.WebPublicAddr)
+	if err != nil {
+		return nil, err
+	}
+
+	c.WebPublicUrl = publicWebUrl
+	return c, nil
+}
+
 func (c *Config) CreateUrl(format string, a ...interface{}) string {
 	path := fmt.Sprintf(format, a...)
-	return strings.TrimSuffix(c.ServerUrl, "/") + "/" + strings.TrimPrefix(path, "/")
+	u := url.URL{
+		Scheme: c.WebPublicUrl.Scheme,
+		Host:   c.WebPublicUrl.Host,
+		Path:   path,
+	}
+	return u.String()
 }
 
 func (c *Config) ReadServerKeys(defaultKeys *domain.ControlKeys) (*ServerKeys, error) {

internal/config/funcs.go

@@ -1,6 +1,9 @@
 package config
 
 import (
+	"fmt"
+	"net"
+	"net/url"
 	"os"
 	"strings"
 )
@@ -20,3 +23,28 @@ func GetString(key, defaultValue string) string {
 	}
 	return defaultValue
 }
+
+func publicAddrToUrl(addr string) (*url.URL, error) {
+	scheme := "https"
+
+	if strings.HasPrefix(addr, "http://") {
+		scheme = "http"
+		addr = strings.TrimPrefix(addr, "http://")
+	}
+
+	if strings.HasPrefix(addr, "https://") {
+		scheme = "https"
+		addr = strings.TrimPrefix(addr, "https://")
+	}
+
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, fmt.Errorf("invalid public addr")
+	}
+
+	if (port == "443" && scheme == "https") || (port == "80" && scheme == "http") || port == "" {
+		return &url.URL{Scheme: scheme, Host: host}, nil
+	}
+
+	return &url.URL{Scheme: scheme, Host: fmt.Sprintf("%s:%s", host, port)}, nil
+}

internal/config/funcs_test.go

@@ -0,0 +1,36 @@
+package config
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/require"
+	"net/url"
+	"testing"
+)
+
+func TestPublicAddrToUrl(t *testing.T) {
+	mustParseUrl := func(s string) *url.URL {
+		parse, err := url.Parse(s)
+		require.NoError(t, err)
+		return parse
+	}
+
+	parameters := []struct {
+		input    string
+		expected *url.URL
+		err      error
+	}{
+		{"localtest.me", nil, fmt.Errorf("invalid public addr")},
+		{"localtest.me:443", mustParseUrl("https://localtest.me"), nil},
+		{"localtest.me:80", mustParseUrl("https://localtest.me:80"), nil},
+		{"localtest.me:8080", mustParseUrl("https://localtest.me:8080"), nil},
+		{"http://localtest.me:8080", mustParseUrl("http://localtest.me:8080"), nil},
+	}
+
+	for _, p := range parameters {
+		t.Run(fmt.Sprintf("Testing [%v]", p.input), func(t *testing.T) {
+			url, err := publicAddrToUrl(p.input)
+			require.Equal(t, p.expected, url)
+			require.Equal(t, p.err, err)
+		})
+	}
+}

internal/handlers/http_redirect.go

@@ -1,12 +1,9 @@
 package handlers
 
 import (
-	"github.com/caddyserver/certmagic"
 	"github.com/jsiebens/ionscale/internal/config"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
-	"net"
-	"net/http"
 )
 
 func httpsRedirectSkipper(c config.Tls) func(ctx echo.Context) bool {
@@ -23,38 +20,3 @@ func HttpsRedirect(c config.Tls) echo.MiddlewareFunc {
 		Skipper: httpsRedirectSkipper(c),
 	})
 }
-
-func HttpRedirectHandler(tls config.Tls) echo.HandlerFunc {
-	if tls.Disable {
-		return IndexHandler(http.StatusNotFound)
-	}
-
-	if tls.AcmeEnabled {
-		cfg := certmagic.NewDefault()
-		if len(cfg.Issuers) > 0 {
-			if am, ok := cfg.Issuers[0].(*certmagic.ACMEIssuer); ok {
-				handler := am.HTTPChallengeHandler(http.HandlerFunc(httpRedirectHandler))
-				return echo.WrapHandler(handler)
-			}
-		}
-	}
-
-	return echo.WrapHandler(http.HandlerFunc(httpRedirectHandler))
-}
-
-func httpRedirectHandler(w http.ResponseWriter, r *http.Request) {
-	toURL := "https://"
-	requestHost := hostOnly(r.Host)
-	toURL += requestHost
-	toURL += r.URL.RequestURI()
-	w.Header().Set("Connection", "close")
-	http.Redirect(w, r, toURL, http.StatusMovedPermanently)
-}
-
-func hostOnly(hostport string) string {
-	host, _, err := net.SplitHostPort(hostport)
-	if err != nil {
-		return hostport
-	}
-	return host
-}

internal/handlers/id_token.go

@@ -17,14 +17,14 @@ import (
 func NewIDTokenHandlers(machineKey key.MachinePublic, config *config.Config, repository domain.Repository) *IDTokenHandlers {
 	return &IDTokenHandlers{
 		machineKey: machineKey,
-		issuer:     config.ServerUrl,
+		issuer:     config.WebPublicUrl.String(),
 		repository: repository,
 	}
 }
 
 func NewOIDCConfigHandlers(config *config.Config, repository domain.Repository) *OIDCConfigHandlers {
 	return &OIDCConfigHandlers{
-		issuer:     config.ServerUrl,
+		issuer:     config.WebPublicUrl.String(),
 		jwksUri:    config.CreateUrl("/.well-known/jwks"),
 		repository: repository,
 	}