diff --git a/internal/server/middleware.go b/internal/server/middleware.go index 893d5d8..8088977 100644 --- a/internal/server/middleware.go +++ b/internal/server/middleware.go @@ -4,7 +4,6 @@ import ( "context" "net/http" "strings" - "time" "git.wntrmute.dev/kyle/metacrypt/internal/auth" "git.wntrmute.dev/kyle/metacrypt/internal/seal" @@ -20,22 +19,6 @@ func TokenInfoFromContext(ctx context.Context) *auth.TokenInfo { return info } -// loggingMiddleware logs HTTP requests, stripping sensitive headers. -func (s *Server) loggingMiddleware(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - start := time.Now() - sw := &statusWriter{ResponseWriter: w, status: 200} - next.ServeHTTP(sw, r) - s.logger.Info("http request", - "method", r.Method, - "path", r.URL.Path, - "status", sw.status, - "duration", time.Since(start), - "remote", r.RemoteAddr, - ) - }) -} - // requireUnseal rejects requests unless the service is unsealed. func (s *Server) requireUnseal(next http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { @@ -105,12 +88,3 @@ func extractToken(r *http.Request) string { return "" } -type statusWriter struct { - http.ResponseWriter - status int -} - -func (w *statusWriter) WriteHeader(code int) { - w.status = code - w.ResponseWriter.WriteHeader(code) -} diff --git a/internal/server/server.go b/internal/server/server.go index f0aacfe..02815d9 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -3,16 +3,12 @@ package server import ( "context" - "crypto/tls" - "fmt" "log/slog" - "net/http" "sync" - "time" - "github.com/go-chi/chi/v5" "google.golang.org/grpc" + "git.wntrmute.dev/kyle/mcdsl/httpserver" internacme "git.wntrmute.dev/kyle/metacrypt/internal/acme" "git.wntrmute.dev/kyle/metacrypt/internal/audit" "git.wntrmute.dev/kyle/metacrypt/internal/auth" @@ -30,7 +26,7 @@ type Server struct { policy *policy.Engine engines *engine.Registry audit *audit.Logger - httpSrv *http.Server + httpSrv *httpserver.Server grpcSrv *grpc.Server logger *slog.Logger acmeHandlers map[string]*internacme.Handler @@ -56,32 +52,16 @@ func New(cfg *config.Config, sealMgr *seal.Manager, authenticator *auth.Authenti // Start starts the HTTPS server. func (s *Server) Start() error { - r := chi.NewRouter() - r.Use(s.loggingMiddleware) - s.registerRoutes(r) - - tlsCfg := &tls.Config{ - MinVersion: tls.VersionTLS13, - } - - s.httpSrv = &http.Server{ - Addr: s.cfg.Server.ListenAddr, - Handler: r, - TLSConfig: tlsCfg, - ReadTimeout: 30 * time.Second, - WriteTimeout: 30 * time.Second, - IdleTimeout: 120 * time.Second, - } - - s.logger.Info("starting server", "addr", s.cfg.Server.ListenAddr) - err := s.httpSrv.ListenAndServeTLS(s.cfg.Server.TLSCert, s.cfg.Server.TLSKey) - if err != nil && err != http.ErrServerClosed { - return fmt.Errorf("server: %w", err) - } - return nil + s.httpSrv = httpserver.New(s.cfg.Server.ServerConfig, s.logger) + s.httpSrv.Router.Use(s.httpSrv.LoggingMiddleware) + s.registerRoutes(s.httpSrv.Router) + return s.httpSrv.ListenAndServeTLS() } // Shutdown gracefully shuts down the server. func (s *Server) Shutdown(ctx context.Context) error { - return s.httpSrv.Shutdown(ctx) + if s.httpSrv != nil { + return s.httpSrv.Shutdown(ctx) + } + return nil }