107 lines
2.7 KiB
Go
107 lines
2.7 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"log/slog"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
|
|
mcias "git.wntrmute.dev/kyle/mcias/clients/go"
|
|
"github.com/spf13/cobra"
|
|
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/auth"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/barrier"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/config"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/db"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/engine"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/engine/ca"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/engine/sshca"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/engine/transit"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/grpcserver"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/policy"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/seal"
|
|
"git.wntrmute.dev/kyle/metacrypt/internal/server"
|
|
)
|
|
|
|
var serverCmd = &cobra.Command{
|
|
Use: "server",
|
|
Short: "Start the Metacrypt server",
|
|
Long: "Start the Metacrypt HTTPS server. The service starts in sealed state.",
|
|
RunE: runServer,
|
|
}
|
|
|
|
func init() {
|
|
rootCmd.AddCommand(serverCmd)
|
|
}
|
|
|
|
func runServer(cmd *cobra.Command, args []string) error {
|
|
logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
|
|
|
|
configPath := cfgFile
|
|
if configPath == "" {
|
|
configPath = "/srv/metacrypt/metacrypt.toml"
|
|
}
|
|
|
|
cfg, err := config.Load(configPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
database, err := db.Open(cfg.Database.Path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer func() { _ = database.Close() }()
|
|
|
|
if err := db.Migrate(database); err != nil {
|
|
return err
|
|
}
|
|
|
|
b := barrier.NewAESGCMBarrier(database)
|
|
sealMgr := seal.NewManager(database, b, logger)
|
|
|
|
if err := sealMgr.CheckInitialized(); err != nil {
|
|
return err
|
|
}
|
|
|
|
mcClient, err := mcias.New(cfg.MCIAS.ServerURL, mcias.Options{
|
|
CACertPath: cfg.MCIAS.CACert,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
authenticator := auth.NewAuthenticator(mcClient, logger)
|
|
policyEngine := policy.NewEngine(b)
|
|
engineRegistry := engine.NewRegistry(b, logger)
|
|
engineRegistry.RegisterFactory(engine.EngineTypeCA, ca.NewCAEngine)
|
|
engineRegistry.RegisterFactory(engine.EngineTypeSSHCA, sshca.NewSSHCAEngine)
|
|
engineRegistry.RegisterFactory(engine.EngineTypeTransit, transit.NewTransitEngine)
|
|
|
|
srv := server.New(cfg, sealMgr, authenticator, policyEngine, engineRegistry, logger, version)
|
|
grpcSrv := grpcserver.New(cfg, sealMgr, authenticator, policyEngine, engineRegistry, logger)
|
|
|
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
|
defer stop()
|
|
|
|
go func() {
|
|
if err := grpcSrv.Start(); err != nil {
|
|
logger.Error("gRPC server error", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
}()
|
|
|
|
go func() {
|
|
if err := srv.Start(); err != nil {
|
|
logger.Error("server error", "error", err)
|
|
os.Exit(1)
|
|
}
|
|
}()
|
|
|
|
<-ctx.Done()
|
|
logger.Info("shutting down")
|
|
grpcSrv.Shutdown()
|
|
return srv.Shutdown(context.Background())
|
|
}
|