mattermost/api/server.go

// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.

package api

import (
	l4g "github.com/alecthomas/log4go"
	"github.com/braintree/manners"
	"github.com/gorilla/handlers"
	"github.com/gorilla/mux"
	"github.com/mattermost/platform/store"
	"github.com/mattermost/platform/utils"
	"gopkg.in/throttled/throttled.v2"
	"gopkg.in/throttled/throttled.v2/store/memstore"
	"net/http"
	"strings"
	"time"
)

type Server struct {
	Store  store.Store
	Router *mux.Router
}

type CorsWrapper struct {
	router *mux.Router
}

var Srv *Server

func NewServer() {

	l4g.Info(utils.T("api.server.new_server.init.info"))

	Srv = &Server{}
	Srv.Store = store.NewSqlStore()

	Srv.Router = mux.NewRouter()
	Srv.Router.NotFoundHandler = http.HandlerFunc(Handle404)
}

type VaryBy struct{}

func (m *VaryBy) Key(r *http.Request) string {
	return GetIpAddress(r)
}

func initalizeThrottledVaryBy() *throttled.VaryBy {
	vary := throttled.VaryBy{}

	if utils.Cfg.RateLimitSettings.VaryByRemoteAddr {
		vary.RemoteAddr = true
	}

	if len(utils.Cfg.RateLimitSettings.VaryByHeader) > 0 {
		vary.Headers = strings.Fields(utils.Cfg.RateLimitSettings.VaryByHeader)

		if utils.Cfg.RateLimitSettings.VaryByRemoteAddr {
			l4g.Warn(utils.T("api.server.start_server.rate.warn"))
			vary.RemoteAddr = false
		}
	}

	return &vary
}

func StartServer() {
	l4g.Info(utils.T("api.server.start_server.starting.info"))
	l4g.Info(utils.T("api.server.start_server.listening.info"), utils.Cfg.ServiceSettings.ListenAddress)

	var handler http.Handler = &CorsWrapper{Srv.Router}

	if utils.Cfg.RateLimitSettings.EnableRateLimiter {
		l4g.Info(utils.T("api.server.start_server.rate.info"))

		store, err := memstore.New(utils.Cfg.RateLimitSettings.MemoryStoreSize)
		if err != nil {
			l4g.Critical(utils.T("api.server.start_server.rate_limiting_memory_store"))
			return
		}

		quota := throttled.RateQuota{
			MaxRate:  throttled.PerSec(utils.Cfg.RateLimitSettings.PerSec),
			MaxBurst: 100,
		}

		rateLimiter, err := throttled.NewGCRARateLimiter(store, quota)
		if err != nil {
			l4g.Critical(utils.T("api.server.start_server.rate_limiting_rate_limiter"))
			return
		}

		httpRateLimiter := throttled.HTTPRateLimiter{
			RateLimiter: rateLimiter,
			VaryBy:      &VaryBy{},
			DeniedHandler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
				l4g.Error("%v: Denied due to throttling settings code=429 ip=%v", r.URL.Path, GetIpAddress(r))
				throttled.DefaultDeniedHandler.ServeHTTP(w, r)
			}),
		}

		handler = httpRateLimiter.RateLimit(handler)
	}

	go func() {
		err := manners.ListenAndServe(utils.Cfg.ServiceSettings.ListenAddress, handlers.RecoveryHandler(handlers.PrintRecoveryStack(true))(handler))
		if err != nil {
			l4g.Critical(utils.T("api.server.start_server.starting.critical"), err)
			time.Sleep(time.Second)
		}
	}()
}

func StopServer() {

	l4g.Info(utils.T("api.server.stop_server.stopping.info"))

	manners.Close()
	Srv.Store.Close()
	hub.Stop()

	l4g.Info(utils.T("api.server.stop_server.stopped.info"))
}
Changing SpinPunch to Mattermost in copyright 2015-10-08 12:27:09 -04:00			`// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.`
first commit 2015-06-14 23:53:32 -08:00			`// See License.txt for license information.`

			`package api`

			`import (`
Upgrade logging package 2016-01-11 09:12:51 -06:00			`l4g "github.com/alecthomas/log4go"`
first commit 2015-06-14 23:53:32 -08:00			`"github.com/braintree/manners"`
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams 2016-04-21 22:37:01 -07:00			`"github.com/gorilla/handlers"`
first commit 2015-06-14 23:53:32 -08:00			`"github.com/gorilla/mux"`
			`"github.com/mattermost/platform/store"`
			`"github.com/mattermost/platform/utils"`
Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`"gopkg.in/throttled/throttled.v2"`
			`"gopkg.in/throttled/throttled.v2/store/memstore"`
first commit 2015-06-14 23:53:32 -08:00			`"net/http"`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00			`"strings"`
first commit 2015-06-14 23:53:32 -08:00			`"time"`
			`)`

			`type Server struct {`
			`Store store.Store`
			`Router *mux.Router`
			`}`

Add Cors Handler 2016-03-01 22:12:05 -03:00			`type CorsWrapper struct {`
			`router *mux.Router`
			`}`

first commit 2015-06-14 23:53:32 -08:00			`var Srv *Server`

			`func NewServer() {`

Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Info(utils.T("api.server.new_server.init.info"))`
first commit 2015-06-14 23:53:32 -08:00
			`Srv = &Server{}`
			`Srv.Store = store.NewSqlStore()`

			`Srv.Router = mux.NewRouter()`
			`Srv.Router.NotFoundHandler = http.HandlerFunc(Handle404)`
			`}`

Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`type VaryBy struct{}`

			`func (m VaryBy) Key(r http.Request) string {`
			`return GetIpAddress(r)`
			`}`

			`func initalizeThrottledVaryBy() *throttled.VaryBy {`
			`vary := throttled.VaryBy{}`

			`if utils.Cfg.RateLimitSettings.VaryByRemoteAddr {`
			`vary.RemoteAddr = true`
			`}`

			`if len(utils.Cfg.RateLimitSettings.VaryByHeader) > 0 {`
			`vary.Headers = strings.Fields(utils.Cfg.RateLimitSettings.VaryByHeader)`

			`if utils.Cfg.RateLimitSettings.VaryByRemoteAddr {`
			`l4g.Warn(utils.T("api.server.start_server.rate.warn"))`
			`vary.RemoteAddr = false`
			`}`
			`}`

			`return &vary`
			`}`

first commit 2015-06-14 23:53:32 -08:00			`func StartServer() {`
Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Info(utils.T("api.server.start_server.starting.info"))`
			`l4g.Info(utils.T("api.server.start_server.listening.info"), utils.Cfg.ServiceSettings.ListenAddress)`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00
Set CORS Headers when needed if CORS is enabled - Enable CORS with and without RateLimiter 2016-03-02 21:24:40 -03:00			`var handler http.Handler = &CorsWrapper{Srv.Router}`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00
Adding rate limiter settings to the admin console 2015-09-21 19:01:52 -07:00			`if utils.Cfg.RateLimitSettings.EnableRateLimiter {`
Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Info(utils.T("api.server.start_server.rate.info"))`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00
Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`store, err := memstore.New(utils.Cfg.RateLimitSettings.MemoryStoreSize)`
			`if err != nil {`
			`l4g.Critical(utils.T("api.server.start_server.rate_limiting_memory_store"))`
			`return`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00			`}`

Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`quota := throttled.RateQuota{`
			`MaxRate: throttled.PerSec(utils.Cfg.RateLimitSettings.PerSec),`
			`MaxBurst: 100,`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00			`}`

Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`rateLimiter, err := throttled.NewGCRARateLimiter(store, quota)`
			`if err != nil {`
			`l4g.Critical(utils.T("api.server.start_server.rate_limiting_rate_limiter"))`
			`return`
			`}`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00
Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`httpRateLimiter := throttled.HTTPRateLimiter{`
			`RateLimiter: rateLimiter,`
			`VaryBy: &VaryBy{},`
			`DeniedHandler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`l4g.Error("%v: Denied due to throttling settings code=429 ip=%v", r.URL.Path, GetIpAddress(r))`
			`throttled.DefaultDeniedHandler.ServeHTTP(w, r)`
			`}),`
			`}`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00
Updating golang dependancies (#4075) 2016-09-23 10:17:51 -04:00			`handler = httpRateLimiter.RateLimit(handler)`
Fixes mm-1355 adds rate limiting apis 2015-07-29 01:26:10 -08:00			`}`

first commit 2015-06-14 23:53:32 -08:00			`go func() {`
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams 2016-04-21 22:37:01 -07:00			`err := manners.ListenAndServe(utils.Cfg.ServiceSettings.ListenAddress, handlers.RecoveryHandler(handlers.PrintRecoveryStack(true))(handler))`
first commit 2015-06-14 23:53:32 -08:00			`if err != nil {`
Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Critical(utils.T("api.server.start_server.starting.critical"), err)`
first commit 2015-06-14 23:53:32 -08:00			`time.Sleep(time.Second)`
			`}`
			`}()`
			`}`

			`func StopServer() {`

Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Info(utils.T("api.server.stop_server.stopping.info"))`
first commit 2015-06-14 23:53:32 -08:00
upgrading libs 2015-11-23 15:51:43 -08:00			`manners.Close()`
first commit 2015-06-14 23:53:32 -08:00			`Srv.Store.Close()`
fixes mm-1348 removing dependency on redis 2015-07-14 15:12:04 -08:00			`hub.Stop()`
first commit 2015-06-14 23:53:32 -08:00
Refactoring api to use translations (chunk 2) - Add spanish translations - Does not include tests - Add func to get the translations for a user locale 2016-01-22 01:37:11 -03:00			`l4g.Info(utils.T("api.server.stop_server.stopped.info"))`
first commit 2015-06-14 23:53:32 -08:00			`}`