feat: split server command in subcommands

Author: jsiebens

internal/auth/server.go

@@ -6,16 +6,47 @@ import (
 	"github.com/hashicorp/go-bexpr"
 	"github.com/jsiebens/brink/internal/api"
 	"github.com/jsiebens/brink/internal/auth/providers"
+	"github.com/jsiebens/brink/internal/auth/templates"
 	"github.com/jsiebens/brink/internal/cache"
 	"github.com/jsiebens/brink/internal/config"
 	"github.com/jsiebens/brink/internal/key"
+	"github.com/jsiebens/brink/internal/server"
+	"github.com/jsiebens/brink/internal/version"
 	"github.com/labstack/echo/v4"
 	"github.com/mitchellh/pointerstructure"
+	"github.com/sirupsen/logrus"
 	"net/http"
 	"strings"
 	"time"
 )
 
+const authCachePrefix = "a_"
+
+func StartServer(config *config.Config) error {
+	v, r := version.GetReleaseInfo()
+	logrus.Infof("Starting brink auth server. Version %s - %s", v, r)
+
+	c, err := cache.NewCache(config.Cache)
+	if err != nil {
+		return err
+	}
+
+	e := echo.New()
+	e.HideBanner = true
+	e.HidePort = true
+	e.Renderer = templates.NewTemplates()
+
+	version.RegisterRoutes(e)
+
+	authServer, err := NewServer(config.Auth, cache.Prefixed(c, authCachePrefix))
+	if err != nil {
+		return err
+	}
+	authServer.RegisterRoutes(e, true)
+
+	return server.Start(config, e)
+}
+
 func NewServer(config config.Auth, cache cache.Cache) (*Server, error) {
 	var privateKey *key.PrivateKey
 
@@ -139,7 +170,7 @@ func (s *Server) RegisterSession(req *api.RegisterSessionRequest) (*api.SessionT
 	return &response, nil
 }
 
-func (s *Server) AuthenticateSession(req *api.SessionTokenRequest) (*api.SessionTokenResponse, error) {
+func (s *Server) CheckSessionToken(req *api.SessionTokenRequest) (*api.SessionTokenResponse, error) {
 	se := session{}
 
 	ok, err := s.sessions.Get(req.SessionId, &se)
@@ -189,7 +220,7 @@ func (s *Server) checkSessionToken(c echo.Context) error {
 		return err
 	}
 
-	response, err := s.AuthenticateSession(&req)
+	response, err := s.CheckSessionToken(&req)
 	if err != nil {
 		return err
 	}

internal/proxy/session.go internal/auth/session.gointernal/proxy/session.go renamed to internal/auth/session.go

@@ -1,4 +1,4 @@
-package proxy
+package auth
 
 import (
 	"context"
@@ -12,13 +12,13 @@ import (
 	"time"
 )
 
-type SessionRegistrar interface {
+type SessionRegistry interface {
 	GetPublicKey() key.PublicKey
 	RegisterSession(request *api.RegisterSessionRequest) (*api.SessionTokenResponse, error)
-	AuthenticateSession(request *api.SessionTokenRequest) (*api.SessionTokenResponse, error)
+	CheckSessionToken(request *api.SessionTokenRequest) (*api.SessionTokenResponse, error)
 }
 
-func NewRemoteSessionRegistrar(config config.Auth) (SessionRegistrar, error) {
+func NewRemoteSessionRegistrar(config config.Auth) (SessionRegistry, error) {
 	url, err := util.NormalizeHttpUrl(config.RemoteServer)
 	if err != nil {
 		return nil, err
@@ -82,7 +82,7 @@ func (r *remoteSessionRegistrar) RegisterSession(req *api.RegisterSessionRequest
 	return &result, nil
 }
 
-func (r *remoteSessionRegistrar) AuthenticateSession(req *api.SessionTokenRequest) (*api.SessionTokenResponse, error) {
+func (r *remoteSessionRegistrar) CheckSessionToken(req *api.SessionTokenRequest) (*api.SessionTokenResponse, error) {
 	token, err := r.localPrivateKey.SealBase58(r.remotePublicKey, &api.Token{ExpirationTime: time.Now().UTC().Add(5 * time.Minute)})
 	if err != nil {
 		return nil, err

internal/cmd/server.go

@@ -1,15 +1,36 @@
 package cmd
 
 import (
+	"github.com/jsiebens/brink/internal/auth"
 	"github.com/jsiebens/brink/internal/config"
-	"github.com/jsiebens/brink/internal/server"
+	"github.com/jsiebens/brink/internal/proxy"
 	"github.com/spf13/cobra"
 )
 
 func serverCommand() *cobra.Command {
 	command := &cobra.Command{
 		Use:          "server",
-		Short:        "Start a server (and optionally a proxy) with a configuration file.",
+		SilenceUsage: true,
+	}
+
+	command.AddCommand(serverAuthCommand())
+	command.AddCommand(serverProxyCommand())
+
+	return command
+}
+
+func serverAuthCommand() *cobra.Command {
+	return createServerCommand("auth", "Start an auth server with a configuration file.", auth.StartServer)
+}
+
+func serverProxyCommand() *cobra.Command {
+	return createServerCommand("proxy", "Start a proxy server with a configuration file.", proxy.StartServer)
+}
+
+func createServerCommand(use, short string, start func(*config.Config) error) *cobra.Command {
+	command := &cobra.Command{
+		Use:          use,
+		Short:        short,
 		SilenceUsage: true,
 	}
 
@@ -22,7 +43,7 @@ func serverCommand() *cobra.Command {
 		if err != nil {
 			return err
 		}
-		return server.StartServer(c)
+		return start(c)
 	}
 
 	return command

internal/config/config.go

@@ -70,7 +70,6 @@ type Tls struct {
 type Auth struct {
 	RemoteServer    string   `mapstructure:"remote_server"`
 	RemotePublicKey string   `mapstructure:"remote_public_key"`
-	EnableApi       bool     `mapstructure:"enable_api"`
 	PrivateKey      string   `mapstructure:"private_key"`
 	UrlPrefix       string   `mapstructure:"url_prefix"`
 	Provider        Provider `mapstructure:"provider"`
@@ -85,7 +84,6 @@ type Provider struct {
 }
 
 type Proxy struct {
-	Disable  bool              `mapstructure:"disable"`
 	Policies map[string]Policy `mapstructure:"policies"`
 }
 

internal/proxy/server.go

@@ -3,10 +3,14 @@ package proxy
 import (
 	"fmt"
 	"github.com/jsiebens/brink/internal/api"
+	"github.com/jsiebens/brink/internal/auth"
+	"github.com/jsiebens/brink/internal/auth/templates"
 	"github.com/jsiebens/brink/internal/cache"
 	"github.com/jsiebens/brink/internal/config"
 	"github.com/jsiebens/brink/internal/key"
+	"github.com/jsiebens/brink/internal/server"
 	"github.com/jsiebens/brink/internal/util"
+	"github.com/jsiebens/brink/internal/version"
 	"github.com/labstack/echo/v4"
 	"github.com/rancher/remotedialer"
 	"github.com/sirupsen/logrus"
@@ -16,7 +20,58 @@ import (
 	"time"
 )
 
-func NewServer(config config.Proxy, cache cache.Cache, registrar SessionRegistrar) (*Server, error) {
+const authCachePrefix = "pa_"
+const proxyCachePrefix = "pp_"
+
+func StartServer(config *config.Config) error {
+	v, r := version.GetReleaseInfo()
+	logrus.Infof("Starting brink proxy server. Version %s - %s", v, r)
+
+	c, err := cache.NewCache(config.Cache)
+	if err != nil {
+		return err
+	}
+
+	e := echo.New()
+	e.HideBanner = true
+	e.HidePort = true
+	e.Renderer = templates.NewTemplates()
+
+	version.RegisterRoutes(e)
+
+	var sessionRegistry auth.SessionRegistry
+
+	if config.Auth.RemoteServer == "" {
+		logrus.Info("registering oidc routes")
+
+		authServer, err := auth.NewServer(config.Auth, cache.Prefixed(c, authCachePrefix))
+		if err != nil {
+			return err
+		}
+		authServer.RegisterRoutes(e, false)
+
+		sessionRegistry = authServer
+	} else {
+		logrus.Info("configuring remote auth server, skipping oidc routes")
+		remoteSessionRegistrar, err := auth.NewRemoteSessionRegistrar(config.Auth)
+		if err != nil {
+			return err
+		}
+		sessionRegistry = remoteSessionRegistrar
+	}
+
+	logrus.Info("registering proxy routes")
+
+	proxyServer, err := NewServer(config.Proxy, cache.Prefixed(c, proxyCachePrefix), sessionRegistry)
+	if err != nil {
+		return err
+	}
+	proxyServer.RegisterRoutes(e)
+
+	return server.Start(config, e)
+}
+
+func NewServer(config config.Proxy, cache cache.Cache, registrar auth.SessionRegistry) (*Server, error) {
 	targetFilters, err := parseTargetFilters(config.Policies)
 	if err != nil {
 		return nil, err
@@ -39,7 +94,7 @@ func NewServer(config config.Proxy, cache cache.Cache, registrar SessionRegistra
 }
 
 type Server struct {
-	sessionRegistrar SessionRegistrar
+	sessionRegistrar auth.SessionRegistry
 	sessions         cache.Cache
 	policy           map[string]config.Policy
 	targetFilters    map[string][]TargetFilter
@@ -99,7 +154,7 @@ func (s *Server) checkSessionToken(c echo.Context) error {
 		return err
 	}
 
-	response, err := s.sessionRegistrar.AuthenticateSession(&req)
+	response, err := s.sessionRegistrar.CheckSessionToken(&req)
 	if err != nil {
 		return err
 	}

internal/server/server.go

@@ -1,81 +1,44 @@
 package server
 
 import (
-	"github.com/jsiebens/brink/internal/auth"
-	"github.com/jsiebens/brink/internal/auth/templates"
-	"github.com/jsiebens/brink/internal/cache"
+	"context"
+	"errors"
 	"github.com/jsiebens/brink/internal/config"
-	"github.com/jsiebens/brink/internal/proxy"
-	"github.com/jsiebens/brink/internal/version"
 	"github.com/labstack/echo/v4"
 	"github.com/sirupsen/logrus"
 	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
 )
 
-const authCachePrefix = "a_"
-const proxyCachePrefix = "p_"
-
-func StartServer(config *config.Config) error {
-	v, r := version.GetReleaseInfo()
-	logrus.Infof("Starting brink. Version %s - %s", v, r)
-
-	c, err := cache.NewCache(config.Cache)
-	if err != nil {
-		return err
-	}
-
-	e := echo.New()
-	e.HideBanner = true
-	e.HidePort = true
-	e.Renderer = templates.NewTemplates()
-
-	version.RegisterRoutes(e)
+func Start(config *config.Config, e *echo.Echo) error {
+	registerDefaultRoutes(e)
 
-	var registrar proxy.SessionRegistrar
+	done := make(chan os.Signal, 1)
+	signal.Notify(done, os.Interrupt, syscall.SIGTERM)
 
-	if config.Auth.RemoteServer == "" {
-		logrus.Info("registering oidc routes")
+	go func() {
+		<-done
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+		_ = e.Shutdown(ctx)
+	}()
 
-		if config.Auth.EnableApi {
-			logrus.Info("registering auth routes")
-		}
+	logrus.Infof("server listening on %s", config.ListenAddr)
 
-		authServer, err := auth.NewServer(config.Auth, cache.Prefixed(c, authCachePrefix))
-		if err != nil {
+	if config.Tls.Disable {
+		if err := e.Start(config.ListenAddr); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			return err
 		}
-		authServer.RegisterRoutes(e, config.Auth.EnableApi)
-		registrar = authServer
 	} else {
-		logrus.Info("configuring remote auth server, skipping oidc and auth routes")
-		remoteSessionRegistrar, err := proxy.NewRemoteSessionRegistrar(config.Auth)
-		if err != nil {
-			return err
-		}
-		registrar = remoteSessionRegistrar
-	}
-
-	if !config.Proxy.Disable {
-		logrus.Info("registering proxy routes")
-
-		proxyServer, err := proxy.NewServer(config.Proxy, cache.Prefixed(c, proxyCachePrefix), registrar)
-		if err != nil {
+		if err := e.StartTLS(config.ListenAddr, config.Tls.CertFile, config.Tls.KeyFile); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			return err
 		}
-		proxyServer.RegisterRoutes(e)
-	} else {
-		logrus.Info("proxy is explicitly disabled, skipping proxy routes")
 	}
 
-	registerDefaultRoutes(e)
-
-	logrus.Infof("server listening on %s", config.ListenAddr)
-
-	if config.Tls.Disable {
-		return e.Start(config.ListenAddr)
-	} else {
-		return e.StartTLS(config.ListenAddr, config.Tls.CertFile, config.Tls.KeyFile)
-	}
+	return nil
 }
 
 func registerDefaultRoutes(e *echo.Echo) {