mystiatech/GreenCoast
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed up the .gitignore

Browse Source 
More push to move towards a deployment stage
This commit is contained in:
Dani
2025-08-21 20:57:23 -04:00
parent 9502d1b1be
commit e2651456da
12 changed files with 379 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

276
internal/api/http.go
View File

@@ -13,8 +13,10 @@ import (
"log"
"net"
"net/http"
"net/url"
"os"
"sort"
"strconv"
"strings"
"sync"
"time"
@@ -57,8 +59,17 @@ func newHub() *hub { return &hub{subs: make(map[chan []byte]struct{})} }
func (h *hub) subscribe() (ch chan []byte, cancel func()) {
ch = make(chan []byte, 16)
h.mu.Lock(); h.subs[ch] = struct{}{}; h.mu.Unlock()
cancel = func() { h.mu.Lock(); if _, ok := h.subs[ch]; ok { delete(h.subs, ch); close(ch) }; h.mu.Unlock() }
h.mu.Lock()
h.subs[ch] = struct{}{}
h.mu.Unlock()
cancel = func() {
h.mu.Lock()
if _, ok := h.subs[ch]; ok {
delete(h.subs, ch)
close(ch)
}
h.mu.Unlock()
}
return ch, cancel
}
func (h *hub) broadcast(ev sseEvent) {
@@ -67,7 +78,10 @@ func (h *hub) broadcast(ev sseEvent) {
line = append(line, '\n', '\n')
h.mu.Lock()
for ch := range h.subs {
select { case ch <- line: default: }
select {
case ch <- line:
default:
}
}
h.mu.Unlock()
}
@@ -93,11 +107,15 @@ type Server struct {
func New(store *storage.FSStore, idx *index.Index, coarseTimestamps bool, zeroTrust bool, auth AuthProviders) *Server {
devAllow := strings.ToLower(os.Getenv("GC_DEV_ALLOW_UNAUTH")) == "true"
devToken := os.Getenv("GC_DEV_BEARER")
if devToken == "" { devToken = "dev-local-token" }
if devToken == "" {
devToken = "dev-local-token"
}
sec := make([]byte, 0)
if auth.SigningSecretHex != "" {
if b, err := hex.DecodeString(auth.SigningSecretHex); err == nil { sec = b }
if b, err := hex.DecodeString(auth.SigningSecretHex); err == nil {
sec = b
}
}
s := &Server{
@@ -116,29 +134,25 @@ func New(store *storage.FSStore, idx *index.Index, coarseTimestamps bool, zeroTr
return s
}
// ---------- middleware helpers (privacy, CORS, auth) ----------
// ---------- helpers (privacy headers, CORS, util) ----------
func (s *Server) secureHeaders(w http.ResponseWriter) {
// Anti-fingerprinting posture: do not echo request details; set strict policies.
// Anti-fingerprinting posture
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Permissions-Policy", "camera=(), microphone=(), geolocation=(), interest-cohort=(), browsing-topics=()")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-site")
// CORS: allow simple cross-origin usage without credentials (we do not use cookies).
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, X-GC-Private, X-GC-3P-Assent")
w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS")
// No-store by default (content blobs may be large but not user-identifying)
w.Header().Set("Cache-Control", "no-store")
// HSTS is meaningful over HTTPS; harmless otherwise.
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
}
func (s *Server) with(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
s.secureHeaders(w)
// Handle CORS preflight
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
@@ -146,30 +160,57 @@ func (s *Server) with(w http.ResponseWriter, r *http.Request, handler func(http.
handler(w, r)
}
func urlq(v string) string { return url.QueryEscape(v) }
// Generic helper must be package-level (methods cannot have type parameters).
func ternary[T any](cond bool, a, b T) T {
if cond {
return a
}
return b
}
func randHex(n int) string {
b := make([]byte, n)
if _, err := rand.Read(b); err != nil {
ts := time.Now().UnixNano()
for i := 0; i < n; i++ {
b[i] = byte(ts >> (8 * (i % 8)))
}
}
return hex.EncodeToString(b)
}
// ---------- auth middleware ----------
func (s *Server) auth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
s.secureHeaders(w)
if !s.zeroTrust {
next.ServeHTTP(w, r); return
next.ServeHTTP(w, r)
return
}
authz := r.Header.Get("Authorization")
// Dev bypass if explicitly enabled
if s.devAllow {
if authz == "" || authz == "Bearer "+s.devToken {
next.ServeHTTP(w, r); return
next.ServeHTTP(w, r)
return
}
}
if !strings.HasPrefix(authz, "Bearer ") {
http.Error(w, "unauthorized", http.StatusUnauthorized); return
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
if len(s.signingSecret) == 0 {
// If no signing secret configured, accept presence only (dev posture).
next.ServeHTTP(w, r); return
next.ServeHTTP(w, r)
return
}
token := strings.TrimPrefix(authz, "Bearer ")
if ok := s.verifyShardToken(token); !ok {
http.Error(w, "unauthorized", http.StatusUnauthorized); return
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
}
@@ -188,24 +229,26 @@ func (s *Server) signShardToken(provider, subject string, exp time.Time) (string
sig := hex.EncodeToString(mac.Sum(nil))
return "gc|" + msg + "|" + sig, nil
}
func (s *Server) verifyShardToken(tok string) bool {
parts := strings.Split(tok, "|")
if len(parts) != 5 || parts[0] != "gc" { return false }
if len(parts) != 5 || parts[0] != "gc" {
return false
}
prov, sub, expStr, sig := parts[1], parts[2], parts[3], parts[4]
_ = prov
_ = sub
msg := prov + "|" + sub + "|" + expStr
mac := hmac.New(sha256.New, s.signingSecret)
_, _ = mac.Write([]byte(msg))
want := hex.EncodeToString(mac.Sum(nil))
if !hmac.Equal([]byte(want), []byte(sig)) { return false }
// expiry
secs, err := time.ParseDuration(expStr + "s")
if err != nil {
// expStr is epoch; parse manually
epoch, e2 := time.ParseDuration("0s"); _ = epoch; _ = e2
if !hmac.Equal([]byte(want), []byte(sig)) {
return false
}
expUnix, err := strconv.ParseInt(expStr, 10, 64)
if err != nil {
return false
}
// treat expStr as epoch seconds
var expUnix int64
fmt.Sscan(expStr, &expUnix)
return time.Now().UTC().Unix() < expUnix
}
@@ -223,11 +266,15 @@ func (s *Server) routes() {
s.mux.HandleFunc("/v1/object", s.auth(func(w http.ResponseWriter, r *http.Request) {
s.with(w, r, func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPut {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed); return
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
isPrivate := strings.TrimSpace(r.Header.Get("X-GC-Private")) == "1"
hash, n, err := s.store.Put(r.Body)
if err != nil { http.Error(w, err.Error(), http.StatusBadRequest); return }
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
ts := s.nowCoarse()
_ = s.idx.AppendPut(index.Entry{
Hash: hash, Bytes: n, StoredAt: s.parseRFC3339(ts), Private: isPrivate,
@@ -247,15 +294,24 @@ func (s *Server) routes() {
case http.MethodGet:
hash := strings.TrimPrefix(r.URL.Path, "/v1/object/")
p, err := s.store.Get(hash)
if err != nil { http.NotFound(w, r); return }
if err != nil {
http.NotFound(w, r)
return
}
f, err := os.Open(p)
if err != nil { http.Error(w, "open error", http.StatusInternalServerError); return }
if err != nil {
http.Error(w, "open error", http.StatusInternalServerError)
return
}
defer f.Close()
w.Header().Set("Content-Type", "application/octet-stream")
_, _ = io.Copy(w, f)
case http.MethodDelete:
hash := strings.TrimPrefix(r.URL.Path, "/v1/object/")
if err := s.store.Delete(hash); err != nil { http.NotFound(w, r); return }
if err := s.store.Delete(hash); err != nil {
http.NotFound(w, r)
return
}
_ = s.idx.AppendDelete(hash)
s.live.broadcast(sseEvent{Event: "delete", Data: map[string]any{"hash": hash}})
w.Header().Set("Content-Type", "application/json")
@@ -269,9 +325,15 @@ func (s *Server) routes() {
// Index snapshot
s.mux.HandleFunc("/v1/index", s.auth(func(w http.ResponseWriter, r *http.Request) {
s.with(w, r, func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodGet { http.Error(w, "method not allowed", http.StatusMethodNotAllowed); return }
if r.Method != http.MethodGet {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
entries, err := s.idx.Snapshot()
if err != nil { http.Error(w, err.Error(), 500); return }
if err != nil {
http.Error(w, err.Error(), 500)
return
}
sort.Slice(entries, func(i, j int) bool { return entries[i].StoredAt.After(entries[j].StoredAt) })
w.Header().Set("Content-Type", "application/json")
_ = json.NewEncoder(w).Encode(entries)
@@ -282,7 +344,10 @@ func (s *Server) routes() {
s.mux.HandleFunc("/v1/index/stream", s.auth(func(w http.ResponseWriter, r *http.Request) {
s.secureHeaders(w)
flusher, ok := w.(http.Flusher)
if !ok { http.Error(w, "stream unsupported", http.StatusInternalServerError); return }
if !ok {
http.Error(w, "stream unsupported", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "text/event-stream")
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Connection", "keep-alive")
@@ -290,17 +355,24 @@ func (s *Server) routes() {
ch, cancel := s.live.subscribe()
defer cancel()
_, _ = w.Write([]byte(": ok\n\n")); flusher.Flush()
ticker := time.NewTicker(25 * time.Second); defer ticker.Stop()
_, _ = w.Write([]byte(": ok\n\n"))
flusher.Flush()
ticker := time.NewTicker(25 * time.Second)
defer ticker.Stop()
notify := r.Context().Done()
for {
select {
case <-notify: return
case <-notify:
return
case <-ticker.C:
_, _ = w.Write([]byte(": ping\n\n")); flusher.Flush()
_, _ = w.Write([]byte(": ping\n\n"))
flusher.Flush()
case msg, ok := <-ch:
if !ok { return }
_, _ = w.Write(msg); flusher.Flush()
if !ok {
return
}
_, _ = w.Write(msg)
flusher.Flush()
}
}
}))
@@ -312,7 +384,7 @@ func (s *Server) routes() {
_ = json.NewEncoder(w).Encode(map[string]any{
"collect_ip": false,
"collect_useragent": false,
"timestamp_policy": s.ternary(s.coarseTS, "coarse-hour", "exact"),
"timestamp_policy": ternary(s.coarseTS, "coarse-hour", "exact"),
"stores_pii": false,
"erasure": "DELETE /v1/object/{hash}",
"portability": "GET /v1/object/{hash}",
@@ -328,10 +400,12 @@ func (s *Server) routes() {
s.with(w, r, func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if !s.discord.Enabled {
http.Error(w, "discord SSO disabled", http.StatusNotImplemented); return
http.Error(w, "discord SSO disabled", http.StatusNotImplemented)
return
}
if !assented(r) {
http.Error(w, "third-party assent required (set header X-GC-3P-Assent: 1)", http.StatusPreconditionFailed); return
http.Error(w, "third-party assent required (set header X-GC-3P-Assent: 1)", http.StatusPreconditionFailed)
return
}
state := randHex(24)
url := "https://discord.com/api/oauth2/authorize" +
@@ -341,7 +415,6 @@ func (s *Server) routes() {
"&redirect_uri=" + urlq(s.discord.RedirectURI) +
"&prompt=consent" +
"&state=" + urlq(state)
_ = state // stateless; client returns same state to callback; you can verify in client
_ = json.NewEncoder(w).Encode(map[string]any{"url": url, "note": "We cannot vouch for external IdP security."})
})
})
@@ -352,15 +425,19 @@ func (s *Server) routes() {
s.with(w, r, func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
if !s.discord.Enabled {
http.Error(w, "discord SSO disabled", http.StatusNotImplemented); return
http.Error(w, "discord SSO disabled", http.StatusNotImplemented)
return
}
if !assented(r) {
http.Error(w, "third-party assent required (set header X-GC-3P-Assent: 1)", http.StatusPreconditionFailed); return
http.Error(w, "third-party assent required (set header X-GC-3P-Assent: 1)", http.StatusPreconditionFailed)
return
}
code := r.URL.Query().Get("code")
if code == "" { http.Error(w, "missing code", 400); return }
if code == "" {
http.Error(w, "missing code", 400)
return
}
// Exchange code -> access_token
form := "client_id=" + urlq(s.discord.ClientID) +
"&client_secret=" + urlq(s.discord.ClientSecret) +
"&grant_type=authorization_code" +
@@ -369,32 +446,46 @@ func (s *Server) routes() {
req, _ := http.NewRequest(http.MethodPost, "https://discord.com/api/oauth2/token", strings.NewReader(form))
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
resp, err := http.DefaultClient.Do(req)
if err != nil { http.Error(w, "token exchange failed", 502); return }
if err != nil {
http.Error(w, "token exchange failed", 502)
return
}
defer resp.Body.Close()
var tok struct{ AccessToken, TokenType string `json:"access_token","token_type"` }
var tok struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
}
if err := json.NewDecoder(resp.Body).Decode(&tok); err != nil || tok.AccessToken == "" {
http.Error(w, "invalid token response", 502); return
http.Error(w, "invalid token response", 502)
return
}
// Fetch user id (PII seen in transit only; not stored)
uReq, _ := http.NewRequest(http.MethodGet, "https://discord.com/api/users/@me", nil)
uReq.Header.Set("Authorization", tok.TokenType+" "+tok.AccessToken)
uResp, err := http.DefaultClient.Do(uReq)
if err != nil { http.Error(w, "userinfo failed", 502); return }
if err != nil {
http.Error(w, "userinfo failed", 502)
return
}
defer uResp.Body.Close()
var me struct{ ID string `json:"id"` }
var me struct {
ID string `json:"id"`
}
if err := json.NewDecoder(uResp.Body).Decode(&me); err != nil || me.ID == "" {
http.Error(w, "userinfo parse failed", 502); return
http.Error(w, "userinfo parse failed", 502)
return
}
// Issue shard token
exp := time.Now().UTC().Add(30 * time.Minute)
gcTok, err := s.signShardToken("discord", me.ID, exp)
if err != nil { http.Error(w, err.Error(), 500); return }
if err != nil {
http.Error(w, err.Error(), 500)
return
}
_ = json.NewEncoder(w).Encode(map[string]any{
"ok": true,
"token": gcTok,
"ok": true,
"token": gcTok,
"expires_at": exp.Format(time.RFC3339),
"disclaimer": "This token is issued after authenticating with a third-party provider (Discord). We cannot vouch for third-party security.",
})
@@ -402,57 +493,68 @@ func (s *Server) routes() {
})
}
// ---------- helpers ----------
func (s *Server) nowCoarse() string {
ts := time.Now().UTC()
if s.coarseTS { ts = ts.Truncate(time.Hour) }
return ts.Format(time.RFC3339)
}
func (s *Server) parseRFC3339(v string) time.Time { t, _ := time.Parse(time.RFC3339, v); return t }
func (s *Server) ternary[T any](cond bool, a, b T) T { if cond { return a }; return b }
// ---------- misc helpers ----------
func assented(r *http.Request) bool {
if r.Header.Get("X-GC-3P-Assent") == "1" { return true }
if r.URL.Query().Get("assent") == "1" { return true }
if r.Header.Get("X-GC-3P-Assent") == "1" {
return true
}
if r.URL.Query().Get("assent") == "1" {
return true
}
return false
}
func randHex(n int) string {
b := make([]byte, n)
if _, err := rand.Read(b); err != nil {
// very unlikely; fall back to timestamp bytes
ts := time.Now().UnixNano()
for i := 0; i < n; i++ { b[i] = byte(ts >> (8 * (i % 8))) }
func (s *Server) nowCoarse() string {
ts := time.Now().UTC()
if s.coarseTS {
ts = ts.Truncate(time.Hour)
}
return hex.EncodeToString(b)
return ts.Format(time.RFC3339)
}
// randReader uses crypto/rand without importing directly to keep imports tidy here.
type randReader struct{}
func (randReader) Read(p []byte) (int, error) { return io.ReadFull(os.OpenFile("/dev/urandom", os.O_RDONLY, 0), p) } // fallback if needed (linux-only)
func (s *Server) parseRFC3339(v string) time.Time {
t, _ := time.Parse(time.RFC3339, v)
return t
}
// ----- listeners -----
func (s *Server) ListenHTTP(addr string) error {
log.Printf("http listening on %s", addr)
server := &http.Server{ Addr: addr, Handler: s.mux, ReadHeaderTimeout: 5 * time.Second }
server := &http.Server{
Addr: addr,
Handler: s.mux,
ReadHeaderTimeout: 5 * time.Second,
}
ln, err := net.Listen("tcp", addr)
if err != nil { return err }
if err != nil {
return err
}
return server.Serve(ln)
}
func (s *Server) ListenHTTPS(addr, certFile, keyFile string) error {
log.Printf("https listening on %s", addr)
server := &http.Server{ Addr: addr, Handler: s.mux, ReadHeaderTimeout: 5 * time.Second }
server := &http.Server{
Addr: addr,
Handler: s.mux,
ReadHeaderTimeout: 5 * time.Second,
}
return server.ListenAndServeTLS(certFile, keyFile)
}
func (s *Server) ListenMTLS(addr string, tlsCfg *tls.Config) error {
log.Printf("federation mTLS listening on %s", addr)
server := &http.Server{ Addr: addr, Handler: s.mux, ReadHeaderTimeout: 5 * time.Second, TLSConfig: tlsCfg }
server := &http.Server{
Addr: addr,
Handler: s.mux,
ReadHeaderTimeout: 5 * time.Second,
TLSConfig: tlsCfg,
}
ln, err := tls.Listen("tcp", addr, tlsCfg)
if err != nil { return err }
if err != nil {
return err
}
return server.Serve(ln)
}

49
internal/api/static.go
View File

@@ -1,14 +1,15 @@
package api
import (
"log"
"net/http"
"os"
"path/filepath"
"strings"
"time"
)
// MountStatic serves files from dir under baseURL. If baseURL == "/", it serves root.
// Directory listings are disabled. Unknown paths fall back to index.html (SPA).
// Mount static on the API mux (kept for compatibility; still serves under API port if you want)
func (s *Server) MountStatic(dir string, baseURL string) {
if dir == "" {
return
@@ -16,20 +17,46 @@ func (s *Server) MountStatic(dir string, baseURL string) {
if baseURL == "" {
baseURL = "/"
}
fs := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.mux.Handle(baseURL, s.staticHandler(dir, baseURL))
if !strings.HasSuffix(baseURL, "/") {
s.mux.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
}
}
// NEW: serve the same static handler on its own port (frontend).
func (s *Server) ListenFrontendHTTP(addr, dir, baseURL string) error {
if dir == "" || addr == "" {
return nil
}
log.Printf("frontend listening on %s (dir=%s base=%s)", addr, dir, baseURL)
mx := http.NewServeMux()
mx.Handle(baseURL, s.staticHandler(dir, baseURL))
if !strings.HasSuffix(baseURL, "/") {
mx.Handle(baseURL+"/", s.staticHandler(dir, baseURL))
}
server := &http.Server{
Addr: addr,
Handler: mx,
ReadHeaderTimeout: 5 * time.Second,
}
return server.ListenAndServe()
}
func (s *Server) staticHandler(dir, baseURL string) http.Handler {
if baseURL == "" {
baseURL = "/"
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.secureHeaders(w)
// normalize path inside dir
up := strings.TrimPrefix(r.URL.Path, baseURL)
if up == "" || strings.HasSuffix(r.URL.Path, "/") {
up = "index.html"
}
full := filepath.Join(dir, filepath.FromSlash(up))
// prevent path escape
if !strings.HasPrefix(filepath.Clean(full), filepath.Clean(dir)) {
http.NotFound(w, r)
return
}
// serve if exists, else SPA fallback
if st, err := os.Stat(full); err == nil && !st.IsDir() {
http.ServeFile(w, r, full)
return
@@ -41,14 +68,4 @@ func (s *Server) MountStatic(dir string, baseURL string) {
}
http.NotFound(w, r)
})
// Root or subpath
if baseURL == "/" {
s.mux.Handle("/", fs)
} else {
if !strings.HasSuffix(baseURL, "/") {
baseURL += "/"
}
s.mux.Handle(baseURL, fs)
s.mux.Handle(baseURL+"", fs) // ensure exact mount works
}
}