Merge pull request #485 from ClusterCockpit/change-web-framework

Change web framework

Author: moebiusband73

cmd/cc-backend/server.go

@@ -14,7 +14,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net"
 	"net/http"
 	"os"
@@ -36,8 +35,9 @@ import (
 	cclog "github.com/ClusterCockpit/cc-lib/v2/ccLogger"
 	"github.com/ClusterCockpit/cc-lib/v2/nats"
 	"github.com/ClusterCockpit/cc-lib/v2/runtime"
-	"github.com/gorilla/handlers"
-	"github.com/gorilla/mux"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 	httpSwagger "github.com/swaggo/http-swagger"
 )
 
@@ -50,7 +50,7 @@ const (
 
 // Server encapsulates the HTTP server state and dependencies
 type Server struct {
-	router        *mux.Router
+	router        chi.Router
 	server        *http.Server
 	restAPIHandle *api.RestAPI
 	natsAPIHandle *api.NatsAPI
@@ -70,7 +70,7 @@ func NewServer(version, commit, buildDate string) (*Server, error) {
 	buildInfo = web.Build{Version: version, Hash: commit, Buildtime: buildDate}
 
 	s := &Server{
-		router: mux.NewRouter(),
+		router: chi.NewRouter(),
 	}
 
 	if err := s.init(); err != nil {
@@ -106,6 +106,27 @@ func (s *Server) init() error {
 
 	authHandle := auth.GetAuthInstance()
 
+	// Middleware must be defined before routes in chi
+	s.router.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+			start := time.Now()
+			ww := middleware.NewWrapResponseWriter(rw, r.ProtoMajor)
+			next.ServeHTTP(ww, r)
+			cclog.Debugf("%s %s (%d, %.02fkb, %dms)",
+				r.Method, r.URL.RequestURI(),
+				ww.Status(), float32(ww.BytesWritten())/1024,
+				time.Since(start).Milliseconds())
+		})
+	})
+	s.router.Use(middleware.Compress(5))
+	s.router.Use(middleware.Recoverer)
+	s.router.Use(cors.Handler(cors.Options{
+		AllowCredentials: true,
+		AllowedHeaders:   []string{"X-Requested-With", "Content-Type", "Authorization", "Origin"},
+		AllowedMethods:   []string{"GET", "POST", "HEAD", "OPTIONS"},
+		AllowedOrigins:   []string{"*"},
+	}))
+
 	s.restAPIHandle = api.New()
 
 	info := map[string]any{}
@@ -117,11 +138,11 @@ func (s *Server) init() error {
 		info["hasOpenIDConnect"] = true
 	}
 
-	s.router.HandleFunc("/login", func(rw http.ResponseWriter, r *http.Request) {
+	s.router.Get("/login", func(rw http.ResponseWriter, r *http.Request) {
 		rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 		cclog.Debugf("##%v##", info)
 		web.RenderTemplate(rw, "login.tmpl", &web.Page{Title: "Login", Build: buildInfo, Infos: info})
-	}).Methods(http.MethodGet)
+	})
 	s.router.HandleFunc("/imprint", func(rw http.ResponseWriter, r *http.Request) {
 		rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 		web.RenderTemplate(rw, "imprint.tmpl", &web.Page{Title: "Imprint", Build: buildInfo})
@@ -131,13 +152,6 @@ func (s *Server) init() error {
 		web.RenderTemplate(rw, "privacy.tmpl", &web.Page{Title: "Privacy", Build: buildInfo})
 	})
 
-	secured := s.router.PathPrefix("/").Subrouter()
-	securedapi := s.router.PathPrefix("/api").Subrouter()
-	userapi := s.router.PathPrefix("/userapi").Subrouter()
-	configapi := s.router.PathPrefix("/config").Subrouter()
-	frontendapi := s.router.PathPrefix("/frontend").Subrouter()
-	metricstoreapi := s.router.PathPrefix("/api").Subrouter()
-
 	if !config.Keys.DisableAuthentication {
 		// Create login failure handler (used by both /login and /jwt-login)
 		loginFailureHandler := func(rw http.ResponseWriter, r *http.Request, err error) {
@@ -152,10 +166,10 @@ func (s *Server) init() error {
 			})
 		}
 
-		s.router.Handle("/login", authHandle.Login(loginFailureHandler)).Methods(http.MethodPost)
-		s.router.Handle("/jwt-login", authHandle.Login(loginFailureHandler))
+		s.router.Post("/login", authHandle.Login(loginFailureHandler).ServeHTTP)
+		s.router.HandleFunc("/jwt-login", authHandle.Login(loginFailureHandler).ServeHTTP)
 
-		s.router.Handle("/logout", authHandle.Logout(
+		s.router.Post("/logout", authHandle.Logout(
 			http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 				rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 				rw.WriteHeader(http.StatusOK)
@@ -166,86 +180,97 @@ func (s *Server) init() error {
 					Build:   buildInfo,
 					Infos:   info,
 				})
-			}))).Methods(http.MethodPost)
-
-		secured.Use(func(next http.Handler) http.Handler {
-			return authHandle.Auth(
-				// On success;
-				next,
-
-				// On failure:
-				func(rw http.ResponseWriter, r *http.Request, err error) {
-					rw.WriteHeader(http.StatusUnauthorized)
-					web.RenderTemplate(rw, "login.tmpl", &web.Page{
-						Title:    "Authentication failed - ClusterCockpit",
-						MsgType:  "alert-danger",
-						Message:  err.Error(),
-						Build:    buildInfo,
-						Infos:    info,
-						Redirect: r.RequestURI,
+			})).ServeHTTP)
+	}
+
+	if flagDev {
+		s.router.Handle("/playground", playground.Handler("GraphQL playground", "/query"))
+		s.router.Get("/swagger/*", httpSwagger.Handler(
+			httpSwagger.URL("http://"+config.Keys.Addr+"/swagger/doc.json")))
+	}
+
+	// Secured routes (require authentication)
+	s.router.Group(func(secured chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			secured.Use(func(next http.Handler) http.Handler {
+				return authHandle.Auth(
+					next,
+					func(rw http.ResponseWriter, r *http.Request, err error) {
+						rw.WriteHeader(http.StatusUnauthorized)
+						web.RenderTemplate(rw, "login.tmpl", &web.Page{
+							Title:    "Authentication failed - ClusterCockpit",
+							MsgType:  "alert-danger",
+							Message:  err.Error(),
+							Build:    buildInfo,
+							Infos:    info,
+							Redirect: r.RequestURI,
+						})
 					})
-				})
-		})
+			})
+		}
 
-		securedapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
+		secured.Handle("/query", graphQLServer)
 
-		userapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthUserAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
+		secured.HandleFunc("/search", func(rw http.ResponseWriter, r *http.Request) {
+			routerConfig.HandleSearchBar(rw, r, buildInfo)
 		})
 
-		metricstoreapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthMetricStoreAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
+		routerConfig.SetupRoutes(secured, buildInfo)
+	})
 
-		configapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthConfigAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
+	// API routes (JWT token auth)
+	s.router.Route("/api", func(apiRouter chi.Router) {
+		// Main API routes with API auth
+		apiRouter.Group(func(securedapi chi.Router) {
+			if !config.Keys.DisableAuthentication {
+				securedapi.Use(func(next http.Handler) http.Handler {
+					return authHandle.AuthAPI(next, onFailureResponse)
+				})
+			}
+			s.restAPIHandle.MountAPIRoutes(securedapi)
 		})
 
-		frontendapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthFrontendAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
+		// Metric store API routes with separate auth
+		apiRouter.Group(func(metricstoreapi chi.Router) {
+			if !config.Keys.DisableAuthentication {
+				metricstoreapi.Use(func(next http.Handler) http.Handler {
+					return authHandle.AuthMetricStoreAPI(next, onFailureResponse)
+				})
+			}
+			s.restAPIHandle.MountMetricStoreAPIRoutes(metricstoreapi)
 		})
-	}
+	})
 
-	if flagDev {
-		s.router.Handle("/playground", playground.Handler("GraphQL playground", "/query"))
-		s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
-			httpSwagger.URL("http://" + config.Keys.Addr + "/swagger/doc.json"))).Methods(http.MethodGet)
-	}
-	secured.Handle("/query", graphQLServer)
+	// User API routes
+	s.router.Route("/userapi", func(userapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			userapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthUserAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountUserAPIRoutes(userapi)
+	})
 
-	// Send a searchId and then reply with a redirect to a user, or directly send query to job table for jobid and project.
-	secured.HandleFunc("/search", func(rw http.ResponseWriter, r *http.Request) {
-		routerConfig.HandleSearchBar(rw, r, buildInfo)
+	// Config API routes (uses Group with full paths to avoid shadowing
+	// the /config page route that is registered in the secured group)
+	s.router.Group(func(configapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			configapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthConfigAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountConfigAPIRoutes(configapi)
 	})
 
-	// Mount all /monitoring/... and /api/... routes.
-	routerConfig.SetupRoutes(secured, buildInfo)
-	s.restAPIHandle.MountAPIRoutes(securedapi)
-	s.restAPIHandle.MountUserAPIRoutes(userapi)
-	s.restAPIHandle.MountConfigAPIRoutes(configapi)
-	s.restAPIHandle.MountFrontendAPIRoutes(frontendapi)
+	// Frontend API routes
+	s.router.Route("/frontend", func(frontendapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			frontendapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthFrontendAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountFrontendAPIRoutes(frontendapi)
+	})
 
 	if config.Keys.APISubjects != nil {
 		s.natsAPIHandle = api.NewNatsAPI()
@@ -254,28 +279,55 @@ func (s *Server) init() error {
 		}
 	}
 
-	s.restAPIHandle.MountMetricStoreAPIRoutes(metricstoreapi)
+	// 404 handler for pages and API routes
+	notFoundHandler := func(rw http.ResponseWriter, r *http.Request) {
+		if strings.HasPrefix(r.URL.Path, "/api/") || strings.HasPrefix(r.URL.Path, "/userapi/") ||
+			strings.HasPrefix(r.URL.Path, "/frontend/") || strings.HasPrefix(r.URL.Path, "/config/") {
+			rw.Header().Set("Content-Type", "application/json")
+			rw.WriteHeader(http.StatusNotFound)
+			json.NewEncoder(rw).Encode(map[string]string{
+				"status": "Resource not found",
+				"error":  "the requested endpoint does not exist",
+			})
+			return
+		}
+		rw.Header().Set("Content-Type", "text/html; charset=utf-8")
+		rw.WriteHeader(http.StatusNotFound)
+		web.RenderTemplate(rw, "404.tmpl", &web.Page{
+			Title: "Page Not Found",
+			Build: buildInfo,
+		})
+	}
 
 	if config.Keys.EmbedStaticFiles {
 		if i, err := os.Stat("./var/img"); err == nil {
 			if i.IsDir() {
 				cclog.Info("Use local directory for static images")
-				s.router.PathPrefix("/img/").Handler(http.StripPrefix("/img/", http.FileServer(http.Dir("./var/img"))))
+				s.router.Handle("/img/*", http.StripPrefix("/img/", http.FileServer(http.Dir("./var/img"))))
 			}
 		}
-		s.router.PathPrefix("/").Handler(http.StripPrefix("/", web.ServeFiles()))
+		fileServer := http.StripPrefix("/", web.ServeFiles())
+		s.router.Handle("/*", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+			if web.StaticFileExists(r.URL.Path) {
+				fileServer.ServeHTTP(rw, r)
+				return
+			}
+			notFoundHandler(rw, r)
+		}))
 	} else {
-		s.router.PathPrefix("/").Handler(http.FileServer(http.Dir(config.Keys.StaticFiles)))
+		staticDir := http.Dir(config.Keys.StaticFiles)
+		fileServer := http.FileServer(staticDir)
+		s.router.Handle("/*", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+			f, err := staticDir.Open(r.URL.Path)
+			if err == nil {
+				f.Close()
+				fileServer.ServeHTTP(rw, r)
+				return
+			}
+			notFoundHandler(rw, r)
+		}))
 	}
 
-	s.router.Use(handlers.CompressHandler)
-	s.router.Use(handlers.RecoveryHandler(handlers.PrintRecoveryStack(true)))
-	s.router.Use(handlers.CORS(
-		handlers.AllowCredentials(),
-		handlers.AllowedHeaders([]string{"X-Requested-With", "Content-Type", "Authorization", "Origin"}),
-		handlers.AllowedMethods([]string{"GET", "POST", "HEAD", "OPTIONS"}),
-		handlers.AllowedOrigins([]string{"*"})))
-
 	return nil
 }
 
@@ -286,28 +338,14 @@ const (
 )
 
 func (s *Server) Start(ctx context.Context) error {
-	handler := handlers.CustomLoggingHandler(io.Discard, s.router, func(_ io.Writer, params handlers.LogFormatterParams) {
-		if strings.HasPrefix(params.Request.RequestURI, "/api/") {
-			cclog.Debugf("%s %s (%d, %.02fkb, %dms)",
-				params.Request.Method, params.URL.RequestURI(),
-				params.StatusCode, float32(params.Size)/1024,
-				time.Since(params.TimeStamp).Milliseconds())
-		} else {
-			cclog.Debugf("%s %s (%d, %.02fkb, %dms)",
-				params.Request.Method, params.URL.RequestURI(),
-				params.StatusCode, float32(params.Size)/1024,
-				time.Since(params.TimeStamp).Milliseconds())
-		}
-	})
-
 	// Use configurable timeouts with defaults
 	readTimeout := time.Duration(defaultReadTimeout) * time.Second
 	writeTimeout := time.Duration(defaultWriteTimeout) * time.Second
 
 	s.server = &http.Server{
 		ReadTimeout:  readTimeout,
 		WriteTimeout: writeTimeout,
-		Handler:      handler,
+		Handler:      s.router,
 		Addr:         config.Keys.Addr,
 	}