ClusterCockpit
diff --git a/‎cmd/cc-backend/server.go‎
Lines changed: 129 additions & 110 deletions b/‎cmd/cc-backend/server.go‎
Lines changed: 129 additions & 110 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 5 deletions b/‎go.mod‎
Lines changed: 3 additions & 5 deletions
@@ -14,7 +14,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net"
 	"net/http"
 	"os"
@@ -36,8 +35,9 @@ import (
 	cclog "github.com/ClusterCockpit/cc-lib/v2/ccLogger"
 	"github.com/ClusterCockpit/cc-lib/v2/nats"
 	"github.com/ClusterCockpit/cc-lib/v2/runtime"
-	"github.com/gorilla/handlers"
-	"github.com/gorilla/mux"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+	"github.com/go-chi/cors"
 	httpSwagger "github.com/swaggo/http-swagger"
 )
 
@@ -50,7 +50,7 @@ const (
 
 // Server encapsulates the HTTP server state and dependencies
 type Server struct {
-	router        *mux.Router
+	router        chi.Router
 	server        *http.Server
 	restAPIHandle *api.RestAPI
 	natsAPIHandle *api.NatsAPI
@@ -70,7 +70,7 @@ func NewServer(version, commit, buildDate string) (*Server, error) {
 	buildInfo = web.Build{Version: version, Hash: commit, Buildtime: buildDate}
 
 	s := &Server{
-		router: mux.NewRouter(),
+		router: chi.NewRouter(),
 	}
 
 	if err := s.init(); err != nil {
@@ -117,11 +117,11 @@ func (s *Server) init() error {
 		info["hasOpenIDConnect"] = true
 	}
 
-	s.router.HandleFunc("/login", func(rw http.ResponseWriter, r *http.Request) {
+	s.router.Get("/login", func(rw http.ResponseWriter, r *http.Request) {
 		rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 		cclog.Debugf("##%v##", info)
 		web.RenderTemplate(rw, "login.tmpl", &web.Page{Title: "Login", Build: buildInfo, Infos: info})
-	}).Methods(http.MethodGet)
+	})
 	s.router.HandleFunc("/imprint", func(rw http.ResponseWriter, r *http.Request) {
 		rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 		web.RenderTemplate(rw, "imprint.tmpl", &web.Page{Title: "Imprint", Build: buildInfo})
@@ -131,13 +131,6 @@ func (s *Server) init() error {
 		web.RenderTemplate(rw, "privacy.tmpl", &web.Page{Title: "Privacy", Build: buildInfo})
 	})
 
-	secured := s.router.PathPrefix("/").Subrouter()
-	securedapi := s.router.PathPrefix("/api").Subrouter()
-	userapi := s.router.PathPrefix("/userapi").Subrouter()
-	configapi := s.router.PathPrefix("/config").Subrouter()
-	frontendapi := s.router.PathPrefix("/frontend").Subrouter()
-	metricstoreapi := s.router.PathPrefix("/api").Subrouter()
-
 	if !config.Keys.DisableAuthentication {
 		// Create login failure handler (used by both /login and /jwt-login)
 		loginFailureHandler := func(rw http.ResponseWriter, r *http.Request, err error) {
@@ -152,10 +145,10 @@ func (s *Server) init() error {
 			})
 		}
 
-		s.router.Handle("/login", authHandle.Login(loginFailureHandler)).Methods(http.MethodPost)
-		s.router.Handle("/jwt-login", authHandle.Login(loginFailureHandler))
+		s.router.Post("/login", authHandle.Login(loginFailureHandler).ServeHTTP)
+		s.router.HandleFunc("/jwt-login", authHandle.Login(loginFailureHandler).ServeHTTP)
 
-		s.router.Handle("/logout", authHandle.Logout(
+		s.router.Post("/logout", authHandle.Logout(
 			http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 				rw.Header().Add("Content-Type", "text/html; charset=utf-8")
 				rw.WriteHeader(http.StatusOK)
@@ -166,86 +159,83 @@ func (s *Server) init() error {
 					Build:   buildInfo,
 					Infos:   info,
 				})
-			}))).Methods(http.MethodPost)
-
-		secured.Use(func(next http.Handler) http.Handler {
-			return authHandle.Auth(
-				// On success;
-				next,
-
-				// On failure:
-				func(rw http.ResponseWriter, r *http.Request, err error) {
-					rw.WriteHeader(http.StatusUnauthorized)
-					web.RenderTemplate(rw, "login.tmpl", &web.Page{
-						Title:    "Authentication failed - ClusterCockpit",
-						MsgType:  "alert-danger",
-						Message:  err.Error(),
-						Build:    buildInfo,
-						Infos:    info,
-						Redirect: r.RequestURI,
-					})
-				})
-		})
+			})).ServeHTTP)
+	}
 
-		securedapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
+	if flagDev {
+		s.router.Handle("/playground", playground.Handler("GraphQL playground", "/query"))
+		s.router.Get("/swagger/*", httpSwagger.Handler(
+			httpSwagger.URL("http://"+config.Keys.Addr+"/swagger/doc.json")))
+	}
 
-		userapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthUserAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
+	// Secured routes (require authentication)
+	s.router.Group(func(secured chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			secured.Use(func(next http.Handler) http.Handler {
+				return authHandle.Auth(
+					next,
+					func(rw http.ResponseWriter, r *http.Request, err error) {
+						rw.WriteHeader(http.StatusUnauthorized)
+						web.RenderTemplate(rw, "login.tmpl", &web.Page{
+							Title:    "Authentication failed - ClusterCockpit",
+							MsgType:  "alert-danger",
+							Message:  err.Error(),
+							Build:    buildInfo,
+							Infos:    info,
+							Redirect: r.RequestURI,
+						})
+					})
+			})
+		}
 
-		metricstoreapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthMetricStoreAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
+		secured.Handle("/query", graphQLServer)
 
-		configapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthConfigAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
+		secured.HandleFunc("/search", func(rw http.ResponseWriter, r *http.Request) {
+			routerConfig.HandleSearchBar(rw, r, buildInfo)
 		})
 
-		frontendapi.Use(func(next http.Handler) http.Handler {
-			return authHandle.AuthFrontendAPI(
-				// On success;
-				next,
-				// On failure: JSON Response
-				onFailureResponse)
-		})
-	}
+		routerConfig.SetupRoutes(secured, buildInfo)
+	})
 
-	if flagDev {
-		s.router.Handle("/playground", playground.Handler("GraphQL playground", "/query"))
-		s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
-			httpSwagger.URL("http://" + config.Keys.Addr + "/swagger/doc.json"))).Methods(http.MethodGet)
-	}
-	secured.Handle("/query", graphQLServer)
+	// API routes (JWT token auth)
+	s.router.Route("/api", func(securedapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			securedapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountAPIRoutes(securedapi)
+	})
 
-	// Send a searchId and then reply with a redirect to a user, or directly send query to job table for jobid and project.
-	secured.HandleFunc("/search", func(rw http.ResponseWriter, r *http.Request) {
-		routerConfig.HandleSearchBar(rw, r, buildInfo)
+	// User API routes
+	s.router.Route("/userapi", func(userapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			userapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthUserAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountUserAPIRoutes(userapi)
 	})
 
-	// Mount all /monitoring/... and /api/... routes.
-	routerConfig.SetupRoutes(secured, buildInfo)
-	s.restAPIHandle.MountAPIRoutes(securedapi)
-	s.restAPIHandle.MountUserAPIRoutes(userapi)
-	s.restAPIHandle.MountConfigAPIRoutes(configapi)
-	s.restAPIHandle.MountFrontendAPIRoutes(frontendapi)
+	// Config API routes
+	s.router.Route("/config", func(configapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			configapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthConfigAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountConfigAPIRoutes(configapi)
+	})
+
+	// Frontend API routes
+	s.router.Route("/frontend", func(frontendapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			frontendapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthFrontendAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountFrontendAPIRoutes(frontendapi)
+	})
 
 	if config.Keys.APISubjects != nil {
 		s.natsAPIHandle = api.NewNatsAPI()
@@ -254,27 +244,57 @@ func (s *Server) init() error {
 		}
 	}
 
-	s.restAPIHandle.MountMetricStoreAPIRoutes(metricstoreapi)
+	// Metric store API routes (mounted under /api but with different auth)
+	s.router.Route("/api", func(metricstoreapi chi.Router) {
+		if !config.Keys.DisableAuthentication {
+			metricstoreapi.Use(func(next http.Handler) http.Handler {
+				return authHandle.AuthMetricStoreAPI(next, onFailureResponse)
+			})
+		}
+		s.restAPIHandle.MountMetricStoreAPIRoutes(metricstoreapi)
+	})
+
+	// Custom 404 handler for unmatched routes
+	s.router.NotFound(func(rw http.ResponseWriter, r *http.Request) {
+		if strings.HasPrefix(r.URL.Path, "/api/") || strings.HasPrefix(r.URL.Path, "/userapi/") ||
+			strings.HasPrefix(r.URL.Path, "/frontend/") || strings.HasPrefix(r.URL.Path, "/config/") {
+			rw.Header().Set("Content-Type", "application/json")
+			rw.WriteHeader(http.StatusNotFound)
+			json.NewEncoder(rw).Encode(map[string]string{
+				"status": "Resource not found",
+				"error":  "the requested endpoint does not exist",
+			})
+			return
+		}
+		rw.WriteHeader(http.StatusNotFound)
+		web.RenderTemplate(rw, "message.tmpl", &web.Page{
+			Title:   "Not Found",
+			MsgType: "alert-warning",
+			Message: "The requested page was not found.",
+			Build:   buildInfo,
+		})
+	})
 
 	if config.Keys.EmbedStaticFiles {
 		if i, err := os.Stat("./var/img"); err == nil {
 			if i.IsDir() {
 				cclog.Info("Use local directory for static images")
-				s.router.PathPrefix("/img/").Handler(http.StripPrefix("/img/", http.FileServer(http.Dir("./var/img"))))
+				s.router.Handle("/img/*", http.StripPrefix("/img/", http.FileServer(http.Dir("./var/img"))))
 			}
 		}
-		s.router.PathPrefix("/").Handler(http.StripPrefix("/", web.ServeFiles()))
+		s.router.Handle("/*", http.StripPrefix("/", web.ServeFiles()))
 	} else {
-		s.router.PathPrefix("/").Handler(http.FileServer(http.Dir(config.Keys.StaticFiles)))
+		s.router.Handle("/*", http.FileServer(http.Dir(config.Keys.StaticFiles)))
 	}
 
-	s.router.Use(handlers.CompressHandler)
-	s.router.Use(handlers.RecoveryHandler(handlers.PrintRecoveryStack(true)))
-	s.router.Use(handlers.CORS(
-		handlers.AllowCredentials(),
-		handlers.AllowedHeaders([]string{"X-Requested-With", "Content-Type", "Authorization", "Origin"}),
-		handlers.AllowedMethods([]string{"GET", "POST", "HEAD", "OPTIONS"}),
-		handlers.AllowedOrigins([]string{"*"})))
+	s.router.Use(middleware.Compress(5))
+	s.router.Use(middleware.Recoverer)
+	s.router.Use(cors.Handler(cors.Options{
+		AllowCredentials: true,
+		AllowedHeaders:   []string{"X-Requested-With", "Content-Type", "Authorization", "Origin"},
+		AllowedMethods:   []string{"GET", "POST", "HEAD", "OPTIONS"},
+		AllowedOrigins:   []string{"*"},
+	}))
 
 	return nil
 }
@@ -286,18 +306,17 @@ const (
 )
 
 func (s *Server) Start(ctx context.Context) error {
-	handler := handlers.CustomLoggingHandler(io.Discard, s.router, func(_ io.Writer, params handlers.LogFormatterParams) {
-		if strings.HasPrefix(params.Request.RequestURI, "/api/") {
-			cclog.Debugf("%s %s (%d, %.02fkb, %dms)",
-				params.Request.Method, params.URL.RequestURI(),
-				params.StatusCode, float32(params.Size)/1024,
-				time.Since(params.TimeStamp).Milliseconds())
-		} else {
+	// Add request logging middleware
+	s.router.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+			start := time.Now()
+			ww := middleware.NewWrapResponseWriter(rw, r.ProtoMajor)
+			next.ServeHTTP(ww, r)
 			cclog.Debugf("%s %s (%d, %.02fkb, %dms)",
-				params.Request.Method, params.URL.RequestURI(),
-				params.StatusCode, float32(params.Size)/1024,
-				time.Since(params.TimeStamp).Milliseconds())
-		}
+				r.Method, r.URL.RequestURI(),
+				ww.Status(), float32(ww.BytesWritten())/1024,
+				time.Since(start).Milliseconds())
+		})
 	})
 
 	// Use configurable timeouts with defaults
@@ -307,7 +326,7 @@ func (s *Server) Start(ctx context.Context) error {
 	s.server = &http.Server{
 		ReadTimeout:  readTimeout,
 		WriteTimeout: writeTimeout,
-		Handler:      handler,
+		Handler:      s.router,
 		Addr:         config.Keys.Addr,
 	}
 
 
@@ -17,19 +17,20 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0
 	github.com/coreos/go-oidc/v3 v3.17.0
 	github.com/expr-lang/expr v1.17.7
+	github.com/go-chi/chi/v5 v5.2.5
+	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron/v2 v2.19.0
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang-migrate/migrate/v4 v4.19.1
 	github.com/google/gops v0.3.28
-	github.com/gorilla/handlers v1.5.2
-	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/sessions v1.4.0
 	github.com/influxdata/line-protocol/v2 v2.2.1
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
 	github.com/linkedin/goavro/v2 v2.14.1
 	github.com/mattn/go-sqlite3 v1.14.33
+	github.com/parquet-go/parquet-go v0.27.0
 	github.com/qustavo/sqlhooks/v2 v2.1.0
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/stretchr/testify v1.11.1
@@ -64,7 +65,6 @@ require (
 	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
@@ -81,7 +81,6 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/goccy/go-yaml v1.19.0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
@@ -99,7 +98,6 @@ require (
 	github.com/oapi-codegen/runtime v1.1.1 // indirect
 	github.com/parquet-go/bitpack v1.0.0 // indirect
 	github.com/parquet-go/jsonlite v1.0.0 // indirect
-	github.com/parquet-go/parquet-go v0.27.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/common v0.67.4 // indirect