transmet/main.go

package main

import (
	"database/sql"
	"encoding/json"
	"flag"
	"fmt"
	"github.com/gorilla/csrf"
	"github.com/gorilla/sessions"
	_ "github.com/lib/pq"
	"net/http"
	"os"
)

const (
	VERSION      = "0.1"
	MAX_DB_CONNS = 10 // already excessive for personal app
)

type Config struct {
	Sql struct {
		Host     string
		Dbname   string
		Username string
		Password string
	}
	Port string
	Url  string
}

const (
	flash_err  = "_flash_err"
	flash_info = "_flash_info"
)

var (
	config Config
	db     *sql.DB
	store  = sessions.NewCookieStore([]byte("key-store-auth-secret"))
)

func loadConfig(env string) {
	file, err := os.Open("config/" + env + ".json")
	if err != nil {
		fmt.Println("Error: cannot open config file: config/" + env + ".json")
		os.Exit(-1)
	}
	defer file.Close()
	decoder := json.NewDecoder(file)
	err = decoder.Decode(&config)
	if err != nil {
		fmt.Println("Error: cannot decode config file: ", err)
		os.Exit(-1)
	}
}

func dbConnect() {
	var err error
	db, err = sql.Open("postgres", fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=require", config.Sql.Username, config.Sql.Password, config.Sql.Host, config.Sql.Dbname))

	if err != nil {
		fmt.Println("DB ERROR: ", err)
	}
	db.SetMaxIdleConns(MAX_DB_CONNS)
	err = db.Ping()
	if err != nil {
		fmt.Println("DB Error on Ping(): ", err)
		os.Exit(-1)
	}
}

func csrfSecret() string {
	file, err := os.Open("csrf-secret.txt")
	if err != nil {
		fmt.Println("Error: cannot open csrf-secret.txt (run gen-csrf.sh to generate)")
		os.Exit(-1)
	}
	defer file.Close()
	var bytes []byte = make([]byte, 32)
	n, err := file.Read(bytes)
	if err != nil || n != 32 {
		fmt.Println("Error: cannot open csrf-secret.txt (run gen-csrf.sh to generate)")
	}
	return string(bytes)
}

type CSRFErrorHandler struct{}

func (self CSRFErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	fmt.Println("csrf Failure: ")
	fmt.Println(csrf.FailureReason(r))
	fmt.Println("-----")
}

func main() {
	fmt.Println("transmet ", VERSION)

	envFlag := flag.String("env", "local", "load config/{env}.json")
	flag.Parse()

	fmt.Println("Loading...")

	loadConfig(*envFlag)
	dbConnect()
	initTemplates()
	muxRouter := init_route_handlers()
	//errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )

	// Terrible. TODO: Get SSL for prod, and then wrap in if(dev) { {
	//csrfSecurityOption := csrf.Secure(false)
	//csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room

	fmt.Println("Listening on", config.Port, "...")

	// Disabled CSRF until SSL (and sorting why the popup is throwing CSRF errs
	//   for tor and FF with ublock + https everywhere)
	//err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))
	err := http.ListenAndServe(":"+config.Port, muxRouter)
	if err != nil {
		fmt.Println("Fatal Error: ", err)
	}

	db.Close()
}
stub main, load config 2015-04-27 17:31:51 +02:00			`package main`

			`import (`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`"database/sql"`
stub main, load config 2015-04-27 17:31:51 +02:00			`"encoding/json"`
gofmt, delete works 2015-09-13 23:57:22 +02:00			`"flag"`
stub main, load config 2015-04-27 17:31:51 +02:00			`"fmt"`
start using gorilla csrf - in place but not used 2015-11-02 17:07:22 +01:00			`"github.com/gorilla/csrf"`
implement CSRF per docs - doesnt work. css,js files 404 and get csrf invalid errors on form submit 2015-11-03 17:16:59 +01:00			`"github.com/gorilla/sessions"`
import base html core + bootstrap from warren 2015-04-28 17:10:40 +02:00			`_ "github.com/lib/pq"`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`"net/http"`
			`"os"`
stub main, load config 2015-04-27 17:31:51 +02:00			`)`

limit db pool 2015-05-18 04:25:32 +02:00			`const (`
gofmt, delete works 2015-09-13 23:57:22 +02:00			`VERSION = "0.1"`
limit db pool 2015-05-18 04:25:32 +02:00			`MAX_DB_CONNS = 10 // already excessive for personal app`
			`)`
stub main, load config 2015-04-27 17:31:51 +02:00
			`type Config struct {`
			`Sql struct {`
			`Host string`
			`Dbname string`
			`Username string`
			`Password string`
			`}`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`Port string`
gofmt, delete works 2015-09-13 23:57:22 +02:00			`Url string`
stub main, load config 2015-04-27 17:31:51 +02:00			`}`

fonts, routing setup 2015-04-29 17:25:48 +02:00			`const (`
			`flash_err = "_flash_err"`
			`flash_info = "_flash_info"`
			`)`

stub main, load config 2015-04-27 17:31:51 +02:00			`var (`
gofmt, delete works 2015-09-13 23:57:22 +02:00			`config Config`
			`db *sql.DB`
			`store = sessions.NewCookieStore([]byte("key-store-auth-secret"))`
stub main, load config 2015-04-27 17:31:51 +02:00			`)`

run on prod env 2015-05-14 16:20:30 +02:00			`func loadConfig(env string) {`
			`file, err := os.Open("config/" + env + ".json")`
stub main, load config 2015-04-27 17:31:51 +02:00			`if err != nil {`
run on prod env 2015-05-14 16:20:30 +02:00			`fmt.Println("Error: cannot open config file: config/" + env + ".json")`
stub main, load config 2015-04-27 17:31:51 +02:00			`os.Exit(-1)`
			`}`
implement CSRF per docs - doesnt work. css,js files 404 and get csrf invalid errors on form submit 2015-11-03 17:16:59 +01:00			`defer file.Close()`
stub main, load config 2015-04-27 17:31:51 +02:00			`decoder := json.NewDecoder(file)`
routing, user handling 2015-04-30 06:32:39 +02:00			`err = decoder.Decode(&config)`
			`if err != nil {`
			`fmt.Println("Error: cannot decode config file: ", err)`
			`os.Exit(-1)`
			`}`
stub main, load config 2015-04-27 17:31:51 +02:00			`}`

import base html core + bootstrap from warren 2015-04-28 17:10:40 +02:00			`func dbConnect() {`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`var err error`
import base html core + bootstrap from warren 2015-04-28 17:10:40 +02:00			`db, err = sql.Open("postgres", fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=require", config.Sql.Username, config.Sql.Password, config.Sql.Host, config.Sql.Dbname))`

			`if err != nil {`
			`fmt.Println("DB ERROR: ", err)`
			`}`
resource managment 2015-05-18 05:18:28 +02:00			`db.SetMaxIdleConns(MAX_DB_CONNS)`
import base html core + bootstrap from warren 2015-04-28 17:10:40 +02:00			`err = db.Ping()`
			`if err != nil {`
			`fmt.Println("DB Error on Ping(): ", err)`
			`os.Exit(-1)`
			`}`
			`}`

start using gorilla csrf - in place but not used 2015-11-02 17:07:22 +01:00			`func csrfSecret() string {`
			`file, err := os.Open("csrf-secret.txt")`
			`if err != nil {`
			`fmt.Println("Error: cannot open csrf-secret.txt (run gen-csrf.sh to generate)")`
			`os.Exit(-1)`
			`}`
implement CSRF per docs - doesnt work. css,js files 404 and get csrf invalid errors on form submit 2015-11-03 17:16:59 +01:00			`defer file.Close()`
start using gorilla csrf - in place but not used 2015-11-02 17:07:22 +01:00			`var bytes []byte = make([]byte, 32)`
			`n, err := file.Read(bytes)`
			`if err != nil \|\| n != 32 {`
			`fmt.Println("Error: cannot open csrf-secret.txt (run gen-csrf.sh to generate)")`
			`}`
			`return string(bytes)`
			`}`
gofmt 2015-11-20 05:03:51 +01:00
			`type CSRFErrorHandler struct{}`
proof of concept csrf working. needs cleaning up and securing 2015-11-08 00:32:28 +01:00
			`func (self CSRFErrorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {`
gofmt 2015-11-20 05:03:51 +01:00			`fmt.Println("csrf Failure: ")`
			`fmt.Println(csrf.FailureReason(r))`
			`fmt.Println("-----")`
proof of concept csrf working. needs cleaning up and securing 2015-11-08 00:32:28 +01:00			`}`
start using gorilla csrf - in place but not used 2015-11-02 17:07:22 +01:00
stub main, load config 2015-04-27 17:31:51 +02:00			`func main() {`
			`fmt.Println("transmet ", VERSION)`
gofmt, delete works 2015-09-13 23:57:22 +02:00
run on prod env 2015-05-14 16:20:30 +02:00			`envFlag := flag.String("env", "local", "load config/{env}.json")`
			`flag.Parse()`

stub main, load config 2015-04-27 17:31:51 +02:00			`fmt.Println("Loading...")`
gofmt, delete works 2015-09-13 23:57:22 +02:00
run on prod env 2015-05-14 16:20:30 +02:00			`loadConfig(*envFlag)`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`dbConnect()`
			`initTemplates()`
work on porting routers to more gorilla/mux style and making all actions POST and csrf trackable 2015-11-11 18:28:07 +01:00			`muxRouter := init_route_handlers()`
disable csrf until SSL 2015-12-25 22:21:59 +01:00			`//errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )`
gofmt 2015-11-20 05:03:51 +01:00
work on porting routers to more gorilla/mux style and making all actions POST and csrf trackable 2015-11-11 18:28:07 +01:00			`// Terrible. TODO: Get SSL for prod, and then wrap in if(dev) { {`
disable csrf until SSL 2015-12-25 22:21:59 +01:00			`//csrfSecurityOption := csrf.Secure(false)`
			`//csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room`
gofmt 2015-11-20 05:03:51 +01:00
minor login work 2015-05-01 17:20:02 +02:00			`fmt.Println("Listening on", config.Port, "...")`
gofmt 2015-11-20 05:03:51 +01:00
disable csrf until SSL 2015-12-25 22:21:59 +01:00			`// Disabled CSRF until SSL (and sorting why the popup is throwing CSRF errs`
			`// for tor and FF with ublock + https everywhere)`
			`//err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))`
			`err := http.ListenAndServe(":"+config.Port, muxRouter)`
fonts, routing setup 2015-04-29 17:25:48 +02:00			`if err != nil {`
			`fmt.Println("Fatal Error: ", err)`
			`}`

import base html core + bootstrap from warren 2015-04-28 17:10:40 +02:00			`db.Close()`
stub main, load config 2015-04-27 17:31:51 +02:00			`}`