diff options
Diffstat (limited to 'plugins/http/config')
-rw-r--r-- | plugins/http/config/http.go | 34 | ||||
-rw-r--r-- | plugins/http/config/ssl.go | 69 | ||||
-rw-r--r-- | plugins/http/config/ssl_config_test.go | 116 |
3 files changed, 189 insertions, 30 deletions
diff --git a/plugins/http/config/http.go b/plugins/http/config/http.go index 76547fde..bd689918 100644 --- a/plugins/http/config/http.go +++ b/plugins/http/config/http.go @@ -2,7 +2,6 @@ package config import ( "net" - "os" "runtime" "strings" "time" @@ -13,7 +12,7 @@ import ( // HTTP configures RoadRunner HTTP server. type HTTP struct { - // Port and port to handle as http server. + // Host and port to handle as http server. Address string // SSLConfig defines https server options. @@ -97,8 +96,8 @@ func (c *HTTP) InitDefaults() error { c.SSLConfig = &SSL{} } - if c.SSLConfig.Port == 0 { - c.SSLConfig.Port = 443 + if c.SSLConfig.Address == "" { + c.SSLConfig.Address = ":443" } err := c.HTTP2Config.InitDefaults() @@ -191,30 +190,9 @@ func (c *HTTP) Valid() error { } if c.EnableTLS() { - if _, err := os.Stat(c.SSLConfig.Key); err != nil { - if os.IsNotExist(err) { - return errors.E(op, errors.Errorf("key file '%s' does not exists", c.SSLConfig.Key)) - } - - return err - } - - if _, err := os.Stat(c.SSLConfig.Cert); err != nil { - if os.IsNotExist(err) { - return errors.E(op, errors.Errorf("cert file '%s' does not exists", c.SSLConfig.Cert)) - } - - return err - } - - // RootCA is optional, but if provided - check it - if c.SSLConfig.RootCA != "" { - if _, err := os.Stat(c.SSLConfig.RootCA); err != nil { - if os.IsNotExist(err) { - return errors.E(op, errors.Errorf("root ca path provided, but path '%s' does not exists", c.SSLConfig.RootCA)) - } - return err - } + err := c.SSLConfig.Valid() + if err != nil { + return errors.E(op, err) } } diff --git a/plugins/http/config/ssl.go b/plugins/http/config/ssl.go index aae6e920..c33dbce4 100644 --- a/plugins/http/config/ssl.go +++ b/plugins/http/config/ssl.go @@ -1,9 +1,17 @@ package config +import ( + "os" + "strconv" + "strings" + + "github.com/spiral/errors" +) + // SSL defines https server configuration. type SSL struct { - // Port to listen as HTTPS server, defaults to 443. - Port int + // Address to listen as HTTPS server, defaults to 0.0.0.0:443. + Address string // Redirect when enabled forces all http connections to switch to https. Redirect bool @@ -16,4 +24,61 @@ type SSL struct { // Root CA file RootCA string + + // internal + host string + Port int +} + +func (s *SSL) Valid() error { + const op = errors.Op("ssl_valid") + + parts := strings.Split(s.Address, ":") + switch len(parts) { + // :443 form + // localhost:443 form + // use 0.0.0.0 as host and 443 as port + case 2: + if parts[0] == "" { + s.host = "0.0.0.0" + } else { + s.host = parts[0] + } + + port, err := strconv.Atoi(parts[1]) + if err != nil { + return errors.E(op, err) + } + s.Port = port + default: + return errors.E(op, errors.Errorf("unknown format, accepted format is [:<port> or <host>:<port>], provided: %s", s.Address)) + } + + if _, err := os.Stat(s.Key); err != nil { + if os.IsNotExist(err) { + return errors.E(op, errors.Errorf("key file '%s' does not exists", s.Key)) + } + + return err + } + + if _, err := os.Stat(s.Cert); err != nil { + if os.IsNotExist(err) { + return errors.E(op, errors.Errorf("cert file '%s' does not exists", s.Cert)) + } + + return err + } + + // RootCA is optional, but if provided - check it + if s.RootCA != "" { + if _, err := os.Stat(s.RootCA); err != nil { + if os.IsNotExist(err) { + return errors.E(op, errors.Errorf("root ca path provided, but path '%s' does not exists", s.RootCA)) + } + return err + } + } + + return nil } diff --git a/plugins/http/config/ssl_config_test.go b/plugins/http/config/ssl_config_test.go new file mode 100644 index 00000000..1f5fef0a --- /dev/null +++ b/plugins/http/config/ssl_config_test.go @@ -0,0 +1,116 @@ +package config + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestSSL_Valid1(t *testing.T) { + conf := &SSL{ + Address: "", + Redirect: false, + Key: "", + Cert: "", + RootCA: "", + host: "", + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} + +func TestSSL_Valid2(t *testing.T) { + conf := &SSL{ + Address: ":hello", + Redirect: false, + Key: "", + Cert: "", + RootCA: "", + host: "", + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} + +func TestSSL_Valid3(t *testing.T) { + conf := &SSL{ + Address: ":555", + Redirect: false, + Key: "", + Cert: "", + RootCA: "", + host: "", + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} + +func TestSSL_Valid4(t *testing.T) { + conf := &SSL{ + Address: ":555", + Redirect: false, + Key: "../../../tests/plugins/http/fixtures/server.key", + Cert: "../../../tests/plugins/http/fixtures/server.crt", + RootCA: "", + host: "", + // private + Port: 0, + } + + err := conf.Valid() + assert.NoError(t, err) +} + +func TestSSL_Valid5(t *testing.T) { + conf := &SSL{ + Address: "a:b:c", + Redirect: false, + Key: "../../../tests/plugins/http/fixtures/server.key", + Cert: "../../../tests/plugins/http/fixtures/server.crt", + RootCA: "", + host: "", + // private + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} + +func TestSSL_Valid6(t *testing.T) { + conf := &SSL{ + Address: ":", + Redirect: false, + Key: "../../../tests/plugins/http/fixtures/server.key", + Cert: "../../../tests/plugins/http/fixtures/server.crt", + RootCA: "", + host: "", + // private + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} + +func TestSSL_Valid7(t *testing.T) { + conf := &SSL{ + Address: "localhost:555:1", + Redirect: false, + Key: "../../../tests/plugins/http/fixtures/server.key", + Cert: "../../../tests/plugins/http/fixtures/server.crt", + RootCA: "", + host: "", + // private + Port: 0, + } + + err := conf.Valid() + assert.Error(t, err) +} |