From 912aaa81719eef0bc1fb9a8324e5a7198d009abd Mon Sep 17 00:00:00 2001 From: Steve Phillips Date: Sun, 26 Feb 2023 16:29:37 -0800 Subject: [PATCH 1/2] Go: Removed getTLSConfig() helper, which has been useless for years --- server.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/server.go b/server.go index e5e1bb5..0a7545d 100644 --- a/server.go +++ b/server.go @@ -1,7 +1,6 @@ package main import ( - "crypto/tls" "fmt" "net/http" "strings" @@ -69,7 +68,7 @@ func ProductionServer(srv *http.Server, httpsAddr, domain string, manager *autoc srv.Handler = middleware.Then(manager.HTTPHandler(srv.Handler)) srv.Addr = httpsAddr - srv.TLSConfig = getTLSConfig(domain, manager) + srv.TLSConfig = manager.TLSConfig() } func Login(m *miniware.Mapper, pgClient *PGClient) func(w http.ResponseWriter, req *http.Request) { @@ -158,7 +157,3 @@ func getAutocertManager(domain string) *autocert.Manager { Cache: autocert.DirCache("./" + domain), } } - -func getTLSConfig(domain string, manager *autocert.Manager) *tls.Config { - return manager.TLSConfig() -} From 7f03f6263092e9d96f8837295c8d9ff8465a601b Mon Sep 17 00:00:00 2001 From: Steve Phillips Date: Sun, 26 Feb 2023 16:31:06 -0800 Subject: [PATCH 2/2] Go: laid groundwork to stop logging IPs on SSL error --- leapchat.go | 12 ++++++++++-- server.go | 7 +++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/leapchat.go b/leapchat.go index 0d44c9a..9b3e70c 100644 --- a/leapchat.go +++ b/leapchat.go @@ -2,6 +2,7 @@ package main import ( "flag" + stdlog "log" "strings" "github.com/cathalgarvey/go-minilock/taber" @@ -42,6 +43,13 @@ func main() { BUILD_DIR = "public" } + // Doing this: https://github.com/sirupsen/logrus/blob/fdf1618bf7436ec3ee65753a6e2999c335e97221/writer_test.go + // ...to set up this: https://github.com/caddyserver/caddy/pull/3668 + logrusLogger := log.New() + logrusWr := logrusLogger.Writer() + defer logrusWr.Close() + logger := stdlog.New(logrusWr, "", 0) + if *prod { log.SetLevel(log.FatalLevel) } else { @@ -50,7 +58,7 @@ func main() { m := miniware.NewMapper() - srv := NewServer(m, *httpAddr) + srv := NewServer(m, *httpAddr, logger) if *prod { if *domain == "" { @@ -61,7 +69,7 @@ func main() { // Setup http->https redirection httpsPort := strings.SplitN(*httpsAddr, ":", 2)[1] - go redirectToHTTPS(*httpAddr, httpsPort, manager) + go redirectToHTTPS(*httpAddr, httpsPort, manager, logger) // Production modifications to server ProductionServer(srv, *httpsAddr, *domain, manager, *iframeOrigin) diff --git a/server.go b/server.go index 0a7545d..a32e36a 100644 --- a/server.go +++ b/server.go @@ -2,6 +2,7 @@ package main import ( "fmt" + stdlog "log" "net/http" "strings" "time" @@ -46,7 +47,7 @@ func NewRouter(m *miniware.Mapper) *mux.Router { return r } -func NewServer(m *miniware.Mapper, httpAddr string) *http.Server { +func NewServer(m *miniware.Mapper, httpAddr string, errLog *stdlog.Logger) *http.Server { r := NewRouter(m) return &http.Server{ @@ -55,6 +56,7 @@ func NewServer(m *miniware.Mapper, httpAddr string) *http.Server { WriteTimeout: 10 * time.Second, IdleTimeout: 120 * time.Second, Handler: r, + ErrorLog: errLog, } } @@ -133,7 +135,7 @@ func parseMinilockID(req *http.Request) (string, *taber.Keys, error) { return mID, keypair, nil } -func redirectToHTTPS(httpAddr, httpsPort string, manager *autocert.Manager) { +func redirectToHTTPS(httpAddr, httpsPort string, manager *autocert.Manager, errLog *stdlog.Logger) { srv := &http.Server{ Addr: httpAddr, ReadTimeout: 5 * time.Second, @@ -145,6 +147,7 @@ func redirectToHTTPS(httpAddr, httpsPort string, manager *autocert.Manager) { url := "https://" + domain + ":" + httpsPort + req.URL.String() http.Redirect(w, req, url, http.StatusFound) })), + ErrorLog: errLog, } log.Infof("Listening on %v\n", httpAddr) log.Fatal(srv.ListenAndServe())