From 223426095eee55ce91e7fb49dd2cee3c2d6b6a21 Mon Sep 17 00:00:00 2001 From: Balakrishnan Balasubramanian Date: Sun, 8 Dec 2024 11:09:28 -0500 Subject: [PATCH] Custom build with patch to support listening on unix sockets --- .SRCINFO | 5 +- .gitignore | 4 + PKGBUILD | 10 +- support-unix-sockets.patch | 780 +++++++++++++++++++++++++++++++++++++ 4 files changed, 795 insertions(+), 4 deletions(-) create mode 100644 .gitignore create mode 100644 support-unix-sockets.patch diff --git a/.SRCINFO b/.SRCINFO index 6a76a5f..3e3743e 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,7 +1,7 @@ pkgbase = gotosocial pkgdesc = ActivityPub social network server written in Golang pkgver = 0.17.3 - pkgrel = 1 + pkgrel = 11 url = https://gotosocial.org arch = x86_64 license = AGPL-3.0-only @@ -57,13 +57,16 @@ pkgbase = gotosocial source = sysusers.conf source = tmpfiles.conf source = use-fhs-directories.patch + source = support-unix-sockets.patch sha512sums = 029c59888f75f217446a06309db075556a4dfdeafd9b731fa7e0b7a437fca3f030e10029b0f774f04695b16bd7c0504e28e964e8ed280bea1bdce3ec007c67d7 sha512sums = 68890539a1285a819d5a2cd755aeabd59a9872926d9c32e5d54faaf2771414f006e568f2f813f3c6fcd9dbeda7b6e57c924d7490521880cb65632e02fabcbd63 sha512sums = b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a sha512sums = 913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77 + sha512sums = 0dabf00f568ea041284789023eccea97863ce6ddb195c94318cf0a932b7c35da9beab9c78eb1c1b9ffa196685fb44eb98e0ad94da96b351644c856d9ac86e24f b2sums = 579a4e16f97aef42dc1952873f5a443476d34d8724c1c401ae6ae6acb1fb0e109ad5045da3597475e8c0816afdb276dc8820f40f6cb82e2426a61a2efceffa8b b2sums = 0a5be7ac18af882c0c89d8e930eb76c2e60bc2c1d5a375ab04e987c7de9a7a3175319c4e5fbc818261141daf5f70d583aebcc2dc197fe3a88047fbfe488ccb94 b2sums = 4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04 b2sums = 9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c + b2sums = 4f73bfcac274e10e0378aebbd6792bb22eb9be028f9ab2f62605d4ee29cfaa400217afe94d71b5961c54b98dab79966116462c352653d4842a55dcd214ee4625 pkgname = gotosocial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f7ef2be --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.pkg.tar.zst +src/ +pkg/ +gotosocial/ diff --git a/PKGBUILD b/PKGBUILD index 1708d13..a09fee6 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -4,7 +4,7 @@ pkgname=gotosocial pkgver=0.17.3 -pkgrel=1 +pkgrel=11 pkgdesc='ActivityPub social network server written in Golang' arch=('x86_64') url='https://gotosocial.org' @@ -60,15 +60,18 @@ source=( 'sysusers.conf' 'tmpfiles.conf' 'use-fhs-directories.patch' + 'support-unix-sockets.patch' ) sha512sums=('029c59888f75f217446a06309db075556a4dfdeafd9b731fa7e0b7a437fca3f030e10029b0f774f04695b16bd7c0504e28e964e8ed280bea1bdce3ec007c67d7' '68890539a1285a819d5a2cd755aeabd59a9872926d9c32e5d54faaf2771414f006e568f2f813f3c6fcd9dbeda7b6e57c924d7490521880cb65632e02fabcbd63' 'b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a' - '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77') + '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77' + '0dabf00f568ea041284789023eccea97863ce6ddb195c94318cf0a932b7c35da9beab9c78eb1c1b9ffa196685fb44eb98e0ad94da96b351644c856d9ac86e24f') b2sums=('579a4e16f97aef42dc1952873f5a443476d34d8724c1c401ae6ae6acb1fb0e109ad5045da3597475e8c0816afdb276dc8820f40f6cb82e2426a61a2efceffa8b' '0a5be7ac18af882c0c89d8e930eb76c2e60bc2c1d5a375ab04e987c7de9a7a3175319c4e5fbc818261141daf5f70d583aebcc2dc197fe3a88047fbfe488ccb94' '4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04' - '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c') + '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c' + '4f73bfcac274e10e0378aebbd6792bb22eb9be028f9ab2f62605d4ee29cfaa400217afe94d71b5961c54b98dab79966116462c352653d4842a55dcd214ee4625') pkgver() { cd "$pkgname" @@ -82,6 +85,7 @@ prepare() { # create directory for build output mkdir build + patch -p1 -i "$srcdir/support-unix-sockets.patch" # download dependencies export GOPATH="${srcdir}" go mod download diff --git a/support-unix-sockets.patch b/support-unix-sockets.patch new file mode 100644 index 0000000..aeb1a49 --- /dev/null +++ b/support-unix-sockets.patch @@ -0,0 +1,780 @@ +From 6d28643f94db3af7eaa934780c478452e2c707c6 Mon Sep 17 00:00:00 2001 +From: Balakrishnan Balasubramanian +Date: Thu, 9 May 2024 00:04:42 -0400 +Subject: [PATCH] Support listening on unix sockets + +1. bind-address now accepts unix socket paths +2. Add config option trusted-platform +--- + example/config.yaml | 13 +- + go.mod | 1 + + go.sum | 2 + + internal/config/config.go | 1 + + internal/config/helpers.gen.go | 25 +++ + internal/router/router.go | 20 ++ + vendor/go.balki.me/anyhttp/LICENSE | 201 +++++++++++++++++++ + vendor/go.balki.me/anyhttp/README.md | 77 ++++++++ + vendor/go.balki.me/anyhttp/anyhttp.go | 269 ++++++++++++++++++++++++++ + vendor/modules.txt | 3 + + 10 files changed, 609 insertions(+), 3 deletions(-) + create mode 100644 vendor/go.balki.me/anyhttp/LICENSE + create mode 100644 vendor/go.balki.me/anyhttp/README.md + create mode 100644 vendor/go.balki.me/anyhttp/anyhttp.go + +diff --git a/example/config.yaml b/example/config.yaml +index 644b51575..6ea35672a 100644 +--- a/example/config.yaml ++++ b/example/config.yaml +@@ -105,13 +105,13 @@ account-domain: "" + protocol: "https" + + # String. Address to bind the GoToSocial server to. +-# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. ++# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname or unix socket + # The default value will bind to all interfaces, which makes the server + # accessible by other machines. For most setups there is no need to change this. + # If you are using GoToSocial in a reverse proxy setup with the proxy running on + # the same machine, you will want to set this to "localhost" or an equivalent, + # so that the proxy can't be bypassed. +-# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] ++# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]", "unix//run/gts/sock] + # Default: "0.0.0.0" + bind-address: "0.0.0.0" + +@@ -124,6 +124,13 @@ bind-address: "0.0.0.0" + # Default: 8080 + port: 8080 + ++# String, HTTP header name that contains the client ip ++# Reverse proxy may need to be configured to set this header ++# This setting is required when using unix socket as bind address as there is no other way to get client ip for rate limiting ++# Examples: ["X-Client-IP","X-CDN-Client-IP"] ++# Default: "" ++trusted-platform: "" ++ + # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy. + # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network, + # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network). +@@ -155,7 +162,7 @@ db-type: "postgres" + # If address is set to :memory: then an in-memory database will be used (no file). + # WARNING: :memory: should NOT BE USED except for testing purposes. + # +-# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"] ++# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db", "/run/postgresql/"] + # Default: "" + db-address: "" + +diff --git a/go.mod b/go.mod +index 2b7ab98fd..5b09f7696 100644 +--- a/go.mod ++++ b/go.mod +@@ -63,6 +63,7 @@ require ( + github.com/uptrace/bun/extra/bunotel v1.2.1 + github.com/wagslane/go-password-validator v0.3.0 + github.com/yuin/goldmark v1.7.8 ++ go.balki.me/anyhttp v0.3.0 + go.opentelemetry.io/otel v1.29.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.29.0 +diff --git a/go.sum b/go.sum +index 72e252234..ff8cf88c0 100644 +--- a/go.sum ++++ b/go.sum +@@ -623,6 +623,8 @@ github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= + github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= + gitlab.com/NyaaaWhatsUpDoc/sqlite v1.33.1-concurrency-workaround h1:pFMJnlc1PuH+jcVz4vz53vcpnoZG+NqFBr3qikDmEB4= + gitlab.com/NyaaaWhatsUpDoc/sqlite v1.33.1-concurrency-workaround/go.mod h1:pXV2xHxhzXZsgT/RtTFAPY6JJDEvOTcTdwADQCCWD4k= ++go.balki.me/anyhttp v0.3.0 h1:WtBQ0rnkg567sX/O4ij/+qBbdCIUt5VURSe718sITBY= ++go.balki.me/anyhttp v0.3.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s= + go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= + go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= + go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +diff --git a/internal/config/config.go b/internal/config/config.go +index 9001b61d0..a59bffc7d 100644 +--- a/internal/config/config.go ++++ b/internal/config/config.go +@@ -58,6 +58,7 @@ type Configuration struct { + BindAddress string `name:"bind-address" usage:"Bind address to use for the GoToSocial server (eg., 0.0.0.0, 172.138.0.9, [::], localhost). For ipv6, enclose the address in square brackets, eg [2001:db8::fed1]. Default binds to all interfaces."` + Port int `name:"port" usage:"Port to use for GoToSocial. Change this to 443 if you're running the binary directly on the host machine."` + TrustedProxies []string `name:"trusted-proxies" usage:"Proxies to trust when parsing x-forwarded headers into real IPs."` ++ TrustedPlatform string `name:"trusted-platform" usage:"HTTP header that contains the real client ip"` + SoftwareVersion string `name:"software-version" usage:""` + + DbType string `name:"db-type" usage:"Database type: eg., postgres"` +diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go +index 2a7e5b6ad..c95c5f312 100644 +--- a/internal/config/helpers.gen.go ++++ b/internal/config/helpers.gen.go +@@ -350,6 +350,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() } + // SetTrustedProxies safely sets the value for global configuration 'TrustedProxies' field + func SetTrustedProxies(v []string) { global.SetTrustedProxies(v) } + ++// GetTrustedPlatform safely fetches the Configuration value for state's 'TrustedPlatform' field ++func (st *ConfigState) GetTrustedPlatform() (v string) { ++ st.mutex.RLock() ++ v = st.config.TrustedPlatform ++ st.mutex.RUnlock() ++ return ++} ++ ++// SetTrustedPlatform safely sets the Configuration value for state's 'TrustedPlatform' field ++func (st *ConfigState) SetTrustedPlatform(v string) { ++ st.mutex.Lock() ++ defer st.mutex.Unlock() ++ st.config.TrustedPlatform = v ++ st.reloadToViper() ++} ++ ++// TrustedPlatformFlag returns the flag name for the 'TrustedPlatform' field ++func TrustedPlatformFlag() string { return "trusted-platform" } ++ ++// GetTrustedPlatform safely fetches the value for global configuration 'TrustedPlatform' field ++func GetTrustedPlatform() string { return global.GetTrustedPlatform() } ++ ++// SetTrustedPlatform safely sets the value for global configuration 'TrustedPlatform' field ++func SetTrustedPlatform(v string) { global.SetTrustedPlatform(v) } ++ + // GetSoftwareVersion safely fetches the Configuration value for state's 'SoftwareVersion' field + func (st *ConfigState) GetSoftwareVersion() (v string) { + st.mutex.RLock() +diff --git a/internal/router/router.go b/internal/router/router.go +index cf9033059..e952d383c 100644 +--- a/internal/router/router.go ++++ b/internal/router/router.go +@@ -23,6 +23,7 @@ + "fmt" + "net" + "net/http" ++ "strings" + "time" + + "codeberg.org/gruf/go-bytesize" +@@ -31,6 +32,7 @@ + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/log" ++ "go.balki.me/anyhttp" + "golang.org/x/crypto/acme/autocert" + ) + +@@ -74,6 +76,11 @@ func New(ctx context.Context) (*Router, error) { + engine.MaxMultipartMemory = maxMultipartMemory + engine.HandleMethodNotAllowed = true + ++ // Custom header set by trusted upstream ++ if tp := config.GetTrustedPlatform(); tp != "" { ++ engine.TrustedPlatform = tp ++ } ++ + // Set up client IP forwarding via + // trusted x-forwarded-* headers. + trustedProxies := config.GetTrustedProxies() +@@ -134,6 +141,7 @@ func (r *Router) Start() error { + certFile = config.GetTLSCertificateChain() + keyFile = config.GetTLSCertificateKey() + leEnabled = config.GetLetsEncryptEnabled() ++ bindAddr = config.GetBindAddress() + ) + + switch { +@@ -154,6 +162,18 @@ func (r *Router) Start() error { + return err + } + ++ // TLS handled by reverse proxy connecting using unix socket ++ case strings.HasPrefix(bindAddr, "unix/"): ++ listen, err = func() (func() error, error) { ++ _, listener, err := anyhttp.GetListener(bindAddr) ++ if err != nil { ++ return nil, err ++ } ++ return func() error { ++ return r.srv.Serve(listener) ++ }, nil ++ }() ++ + // Default listen. TLS must + // be handled by reverse proxy. + default: +diff --git a/vendor/go.balki.me/anyhttp/LICENSE b/vendor/go.balki.me/anyhttp/LICENSE +new file mode 100644 +index 000000000..ad2653ac1 +--- /dev/null ++++ b/vendor/go.balki.me/anyhttp/LICENSE +@@ -0,0 +1,201 @@ ++ Apache License ++ Version 2.0, January 2004 ++ http://www.apache.org/licenses/ ++ ++ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION ++ ++ 1. Definitions. ++ ++ "License" shall mean the terms and conditions for use, reproduction, ++ and distribution as defined by Sections 1 through 9 of this document. ++ ++ "Licensor" shall mean the copyright owner or entity authorized by ++ the copyright owner that is granting the License. ++ ++ "Legal Entity" shall mean the union of the acting entity and all ++ other entities that control, are controlled by, or are under common ++ control with that entity. For the purposes of this definition, ++ "control" means (i) the power, direct or indirect, to cause the ++ direction or management of such entity, whether by contract or ++ otherwise, or (ii) ownership of fifty percent (50%) or more of the ++ outstanding shares, or (iii) beneficial ownership of such entity. ++ ++ "You" (or "Your") shall mean an individual or Legal Entity ++ exercising permissions granted by this License. ++ ++ "Source" form shall mean the preferred form for making modifications, ++ including but not limited to software source code, documentation ++ source, and configuration files. ++ ++ "Object" form shall mean any form resulting from mechanical ++ transformation or translation of a Source form, including but ++ not limited to compiled object code, generated documentation, ++ and conversions to other media types. ++ ++ "Work" shall mean the work of authorship, whether in Source or ++ Object form, made available under the License, as indicated by a ++ copyright notice that is included in or attached to the work ++ (an example is provided in the Appendix below). ++ ++ "Derivative Works" shall mean any work, whether in Source or Object ++ form, that is based on (or derived from) the Work and for which the ++ editorial revisions, annotations, elaborations, or other modifications ++ represent, as a whole, an original work of authorship. For the purposes ++ of this License, Derivative Works shall not include works that remain ++ separable from, or merely link (or bind by name) to the interfaces of, ++ the Work and Derivative Works thereof. ++ ++ "Contribution" shall mean any work of authorship, including ++ the original version of the Work and any modifications or additions ++ to that Work or Derivative Works thereof, that is intentionally ++ submitted to Licensor for inclusion in the Work by the copyright owner ++ or by an individual or Legal Entity authorized to submit on behalf of ++ the copyright owner. For the purposes of this definition, "submitted" ++ means any form of electronic, verbal, or written communication sent ++ to the Licensor or its representatives, including but not limited to ++ communication on electronic mailing lists, source code control systems, ++ and issue tracking systems that are managed by, or on behalf of, the ++ Licensor for the purpose of discussing and improving the Work, but ++ excluding communication that is conspicuously marked or otherwise ++ designated in writing by the copyright owner as "Not a Contribution." ++ ++ "Contributor" shall mean Licensor and any individual or Legal Entity ++ on behalf of whom a Contribution has been received by Licensor and ++ subsequently incorporated within the Work. ++ ++ 2. Grant of Copyright License. Subject to the terms and conditions of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ copyright license to reproduce, prepare Derivative Works of, ++ publicly display, publicly perform, sublicense, and distribute the ++ Work and such Derivative Works in Source or Object form. ++ ++ 3. Grant of Patent License. Subject to the terms and conditions of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ (except as stated in this section) patent license to make, have made, ++ use, offer to sell, sell, import, and otherwise transfer the Work, ++ where such license applies only to those patent claims licensable ++ by such Contributor that are necessarily infringed by their ++ Contribution(s) alone or by combination of their Contribution(s) ++ with the Work to which such Contribution(s) was submitted. If You ++ institute patent litigation against any entity (including a ++ cross-claim or counterclaim in a lawsuit) alleging that the Work ++ or a Contribution incorporated within the Work constitutes direct ++ or contributory patent infringement, then any patent licenses ++ granted to You under this License for that Work shall terminate ++ as of the date such litigation is filed. ++ ++ 4. Redistribution. You may reproduce and distribute copies of the ++ Work or Derivative Works thereof in any medium, with or without ++ modifications, and in Source or Object form, provided that You ++ meet the following conditions: ++ ++ (a) You must give any other recipients of the Work or ++ Derivative Works a copy of this License; and ++ ++ (b) You must cause any modified files to carry prominent notices ++ stating that You changed the files; and ++ ++ (c) You must retain, in the Source form of any Derivative Works ++ that You distribute, all copyright, patent, trademark, and ++ attribution notices from the Source form of the Work, ++ excluding those notices that do not pertain to any part of ++ the Derivative Works; and ++ ++ (d) If the Work includes a "NOTICE" text file as part of its ++ distribution, then any Derivative Works that You distribute must ++ include a readable copy of the attribution notices contained ++ within such NOTICE file, excluding those notices that do not ++ pertain to any part of the Derivative Works, in at least one ++ of the following places: within a NOTICE text file distributed ++ as part of the Derivative Works; within the Source form or ++ documentation, if provided along with the Derivative Works; or, ++ within a display generated by the Derivative Works, if and ++ wherever such third-party notices normally appear. The contents ++ of the NOTICE file are for informational purposes only and ++ do not modify the License. You may add Your own attribution ++ notices within Derivative Works that You distribute, alongside ++ or as an addendum to the NOTICE text from the Work, provided ++ that such additional attribution notices cannot be construed ++ as modifying the License. ++ ++ You may add Your own copyright statement to Your modifications and ++ may provide additional or different license terms and conditions ++ for use, reproduction, or distribution of Your modifications, or ++ for any such Derivative Works as a whole, provided Your use, ++ reproduction, and distribution of the Work otherwise complies with ++ the conditions stated in this License. ++ ++ 5. Submission of Contributions. Unless You explicitly state otherwise, ++ any Contribution intentionally submitted for inclusion in the Work ++ by You to the Licensor shall be under the terms and conditions of ++ this License, without any additional terms or conditions. ++ Notwithstanding the above, nothing herein shall supersede or modify ++ the terms of any separate license agreement you may have executed ++ with Licensor regarding such Contributions. ++ ++ 6. Trademarks. This License does not grant permission to use the trade ++ names, trademarks, service marks, or product names of the Licensor, ++ except as required for reasonable and customary use in describing the ++ origin of the Work and reproducing the content of the NOTICE file. ++ ++ 7. Disclaimer of Warranty. Unless required by applicable law or ++ agreed to in writing, Licensor provides the Work (and each ++ Contributor provides its Contributions) on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ++ implied, including, without limitation, any warranties or conditions ++ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A ++ PARTICULAR PURPOSE. You are solely responsible for determining the ++ appropriateness of using or redistributing the Work and assume any ++ risks associated with Your exercise of permissions under this License. ++ ++ 8. Limitation of Liability. In no event and under no legal theory, ++ whether in tort (including negligence), contract, or otherwise, ++ unless required by applicable law (such as deliberate and grossly ++ negligent acts) or agreed to in writing, shall any Contributor be ++ liable to You for damages, including any direct, indirect, special, ++ incidental, or consequential damages of any character arising as a ++ result of this License or out of the use or inability to use the ++ Work (including but not limited to damages for loss of goodwill, ++ work stoppage, computer failure or malfunction, or any and all ++ other commercial damages or losses), even if such Contributor ++ has been advised of the possibility of such damages. ++ ++ 9. Accepting Warranty or Additional Liability. While redistributing ++ the Work or Derivative Works thereof, You may choose to offer, ++ and charge a fee for, acceptance of support, warranty, indemnity, ++ or other liability obligations and/or rights consistent with this ++ License. However, in accepting such obligations, You may act only ++ on Your own behalf and on Your sole responsibility, not on behalf ++ of any other Contributor, and only if You agree to indemnify, ++ defend, and hold each Contributor harmless for any liability ++ incurred by, or claims asserted against, such Contributor by reason ++ of your accepting any such warranty or additional liability. ++ ++ END OF TERMS AND CONDITIONS ++ ++ APPENDIX: How to apply the Apache License to your work. ++ ++ To apply the Apache License to your work, attach the following ++ boilerplate notice, with the fields enclosed by brackets "[]" ++ replaced with your own identifying information. (Don't include ++ the brackets!) The text should be enclosed in the appropriate ++ comment syntax for the file format. We also recommend that a ++ file or class name and description of purpose be included on the ++ same "printed page" as the copyright notice for easier ++ identification within third-party archives. ++ ++ Copyright 2022 balki ++ ++ Licensed under the Apache License, Version 2.0 (the "License"); ++ you may not use this file except in compliance with the License. ++ You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++ Unless required by applicable law or agreed to in writing, software ++ distributed under the License is distributed on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ See the License for the specific language governing permissions and ++ limitations under the License. +diff --git a/vendor/go.balki.me/anyhttp/README.md b/vendor/go.balki.me/anyhttp/README.md +new file mode 100644 +index 000000000..7e9b11922 +--- /dev/null ++++ b/vendor/go.balki.me/anyhttp/README.md +@@ -0,0 +1,77 @@ ++Create http server listening on unix sockets and systemd socket activated fds ++ ++## Quick Usage ++ ++ go get go.balki.me/anyhttp ++ ++Just replace `http.ListenAndServe` with `anyhttp.ListenAndServe`. ++ ++```diff ++- http.ListenAndServe(addr, h) +++ anyhttp.ListenAndServe(addr, h) ++``` ++ ++## Address Syntax ++ ++### Unix socket ++ ++Syntax ++ ++ unix/ ++ ++Examples ++ ++ unix/relative/path.sock ++ unix//var/run/app/absolutepath.sock ++ ++### Systemd Socket activated fd: ++ ++Syntax ++ ++ sysd/fdidx/ ++ sysd/fdname/ ++ ++Examples: ++ ++ # First (or only) socket fd passed to app ++ sysd/fdidx/0 ++ ++ # Socket with FileDescriptorName ++ sysd/fdname/myapp ++ ++ # Using default name ++ sysd/fdname/myapp.socket ++ ++### TCP port ++ ++If the address is a number less than 65536, it is assumed as a port and passed ++as `http.ListenAndServe(":",...)` Anything else is directly passed to ++`http.ListenAndServe` as well. Below examples should work ++ ++ :http ++ :8888 ++ 127.0.0.1:8080 ++ ++## Idle server auto shutdown ++ ++When using systemd socket activation, idle servers can be shut down to save on ++resources. They will be restarted with socket activation when new request ++arrives. Quick example for the case. (Error checking skipped for brevity) ++ ++```go ++addrType, httpServer, done, _ := anyhttp.Serve(addr, idle.WrapHandler(nil)) ++if addrType == anyhttp.SystemdFD { ++ idle.Wait(30 * time.Minute) ++ httpServer.Shutdown(context.TODO()) ++} ++<-done ++``` ++ ++## Documentation ++ ++https://pkg.go.dev/go.balki.me/anyhttp ++ ++### Related links ++ ++ * https://gist.github.com/teknoraver/5ffacb8757330715bcbcc90e6d46ac74#file-unixhttpd-go ++ * https://github.com/coreos/go-systemd/tree/main/activation +diff --git a/vendor/go.balki.me/anyhttp/anyhttp.go b/vendor/go.balki.me/anyhttp/anyhttp.go +new file mode 100644 +index 000000000..5c0615442 +--- /dev/null ++++ b/vendor/go.balki.me/anyhttp/anyhttp.go +@@ -0,0 +1,269 @@ ++// Package anyhttp has helpers to serve http from unix sockets and systemd socket activated fds ++package anyhttp ++ ++import ( ++ "errors" ++ "fmt" ++ "io/fs" ++ "net" ++ "net/http" ++ "os" ++ "strconv" ++ "strings" ++ "sync" ++ "syscall" ++) ++ ++// AddressType of the address passed ++type AddressType string ++ ++var ( ++ // UnixSocket - address is a unix socket, e.g. unix//run/foo.sock ++ UnixSocket AddressType = "UnixSocket" ++ // SystemdFD - address is a systemd fd, e.g. sysd/fdname/myapp.socket ++ SystemdFD AddressType = "SystemdFD" ++ // TCP - address is a TCP address, e.g. :1234 ++ TCP AddressType = "TCP" ++ // Unknown - address is not recognized ++ Unknown AddressType = "Unknown" ++) ++ ++// UnixSocketConfig has the configuration for Unix socket ++type UnixSocketConfig struct { ++ ++ // Absolute or relative path of socket, e.g. /run/app.sock ++ SocketPath string ++ ++ // Socket file permission ++ SocketMode fs.FileMode ++ ++ // Whether to delete existing socket before creating new one ++ RemoveExisting bool ++} ++ ++// DefaultUnixSocketConfig has defaults for UnixSocketConfig ++var DefaultUnixSocketConfig = UnixSocketConfig{ ++ SocketMode: 0666, ++ RemoveExisting: true, ++} ++ ++// NewUnixSocketConfig creates a UnixSocketConfig with the default values and the socketPath passed ++func NewUnixSocketConfig(socketPath string) UnixSocketConfig { ++ usc := DefaultUnixSocketConfig ++ usc.SocketPath = socketPath ++ return usc ++} ++ ++type sysdEnvData struct { ++ pid int ++ fdNames []string ++ fdNamesStr string ++ numFds int ++} ++ ++var sysdEnvParser = struct { ++ sysdOnce sync.Once ++ data sysdEnvData ++ err error ++}{} ++ ++func parse() (sysdEnvData, error) { ++ p := &sysdEnvParser ++ p.sysdOnce.Do(func() { ++ p.data.pid, p.err = strconv.Atoi(os.Getenv("LISTEN_PID")) ++ if p.err != nil { ++ p.err = fmt.Errorf("invalid LISTEN_PID, err: %w", p.err) ++ return ++ } ++ p.data.numFds, p.err = strconv.Atoi(os.Getenv("LISTEN_FDS")) ++ if p.err != nil { ++ p.err = fmt.Errorf("invalid LISTEN_FDS, err: %w", p.err) ++ return ++ } ++ p.data.fdNamesStr = os.Getenv("LISTEN_FDNAMES") ++ p.data.fdNames = strings.Split(p.data.fdNamesStr, ":") ++ ++ }) ++ return p.data, p.err ++} ++ ++// SysdConfig has the configuration for the socket activated fd ++type SysdConfig struct { ++ // Integer value starting at 0. Either index or name is required ++ FDIndex *int ++ // Name configured via FileDescriptorName or the default socket file name. Either index or name is required ++ FDName *string ++ // Check process PID matches LISTEN_PID ++ CheckPID bool ++ // Unsets the LISTEN* environment variables, so they don't get passed to any child processes ++ UnsetEnv bool ++} ++ ++// DefaultSysdConfig has the default values for SysdConfig ++var DefaultSysdConfig = SysdConfig{ ++ CheckPID: true, ++ UnsetEnv: true, ++} ++ ++// NewSysDConfigWithFDIdx creates SysdConfig with defaults and fdIdx ++func NewSysDConfigWithFDIdx(fdIdx int) SysdConfig { ++ sysc := DefaultSysdConfig ++ sysc.FDIndex = &fdIdx ++ return sysc ++} ++ ++// NewSysDConfigWithFDName creates SysdConfig with defaults and fdName ++func NewSysDConfigWithFDName(fdName string) SysdConfig { ++ sysc := DefaultSysdConfig ++ sysc.FDName = &fdName ++ return sysc ++} ++ ++// GetListener returns the unix socket listener ++func (u *UnixSocketConfig) GetListener() (net.Listener, error) { ++ ++ if u.RemoveExisting { ++ if err := os.Remove(u.SocketPath); err != nil && !errors.Is(err, fs.ErrNotExist) { ++ return nil, err ++ } ++ } ++ ++ l, err := net.Listen("unix", u.SocketPath) ++ if err != nil { ++ return nil, err ++ } ++ ++ if err = os.Chmod(u.SocketPath, u.SocketMode); err != nil { ++ return nil, err ++ } ++ ++ return l, nil ++} ++ ++// StartFD is the starting file descriptor number ++const StartFD = 3 ++ ++func makeFdListener(fd int, name string) (net.Listener, error) { ++ fdFile := os.NewFile(uintptr(fd), name) ++ l, err := net.FileListener(fdFile) ++ if err != nil { ++ return nil, err ++ } ++ syscall.CloseOnExec(fd) ++ return l, nil ++} ++ ++// GetListener returns the FileListener created with socketed activated fd ++func (s *SysdConfig) GetListener() (net.Listener, error) { ++ ++ if s.UnsetEnv { ++ defer UnsetSystemdListenVars() ++ } ++ ++ envData, err := parse() ++ if err != nil { ++ return nil, err ++ } ++ ++ if s.CheckPID { ++ if envData.pid != os.Getpid() { ++ return nil, fmt.Errorf("unexpected PID, current:%v, LISTEN_PID: %v", os.Getpid(), envData.pid) ++ } ++ } ++ ++ if s.FDIndex != nil { ++ idx := *s.FDIndex ++ if idx < 0 || idx >= envData.numFds { ++ return nil, fmt.Errorf("invalid fd index, expected between 0 and %v, got: %v", envData.numFds, idx) ++ } ++ fd := StartFD + idx ++ if idx < len(envData.fdNames) { ++ return makeFdListener(fd, envData.fdNames[idx]) ++ } ++ return makeFdListener(fd, fmt.Sprintf("sysdfd_%d", fd)) ++ } ++ ++ if s.FDName != nil { ++ for idx, name := range envData.fdNames { ++ if name == *s.FDName { ++ fd := StartFD + idx ++ return makeFdListener(fd, name) ++ } ++ } ++ return nil, fmt.Errorf("fdName not found: %q, LISTEN_FDNAMES:%q", *s.FDName, envData.fdNamesStr) ++ } ++ ++ return nil, errors.New("neither FDIndex nor FDName set") ++} ++ ++// GetListener gets a unix or systemd socket listener ++func GetListener(addr string) (AddressType, net.Listener, error) { ++ if strings.HasPrefix(addr, "unix/") { ++ usc := NewUnixSocketConfig(strings.TrimPrefix(addr, "unix/")) ++ l, err := usc.GetListener() ++ return UnixSocket, l, err ++ } ++ ++ if strings.HasPrefix(addr, "sysd/fdidx/") { ++ idx, err := strconv.Atoi(strings.TrimPrefix(addr, "sysd/fdidx/")) ++ if err != nil { ++ return Unknown, nil, fmt.Errorf("invalid fdidx, addr:%q err: %w", addr, err) ++ } ++ sysdc := NewSysDConfigWithFDIdx(idx) ++ l, err := sysdc.GetListener() ++ return SystemdFD, l, err ++ } ++ ++ if strings.HasPrefix(addr, "sysd/fdname/") { ++ sysdc := NewSysDConfigWithFDName(strings.TrimPrefix(addr, "sysd/fdname/")) ++ l, err := sysdc.GetListener() ++ return SystemdFD, l, err ++ } ++ ++ if port, err := strconv.Atoi(addr); err == nil { ++ if port > 0 && port < 65536 { ++ addr = fmt.Sprintf(":%v", port) ++ } else { ++ return Unknown, nil, fmt.Errorf("invalid port: %v", port) ++ } ++ } ++ ++ if addr == "" { ++ addr = ":http" ++ } ++ ++ l, err := net.Listen("tcp", addr) ++ return TCP, l, err ++} ++ ++// Serve creates and serve a http server. ++func Serve(addr string, h http.Handler) (AddressType, *http.Server, <-chan error, error) { ++ addrType, listener, err := GetListener(addr) ++ if err != nil { ++ return addrType, nil, nil, err ++ } ++ srv := &http.Server{Handler: h} ++ done := make(chan error) ++ go func() { ++ done <- srv.Serve(listener) ++ close(done) ++ }() ++ return addrType, srv, done, nil ++} ++ ++// ListenAndServe is the drop-in replacement for `http.ListenAndServe`. ++// Supports unix and systemd sockets in addition ++func ListenAndServe(addr string, h http.Handler) error { ++ _, _, done, err := Serve(addr, h) ++ if err != nil { ++ return err ++ } ++ return <-done ++} ++ ++// UnsetSystemdListenVars unsets the LISTEN* environment variables so they are not passed to any child processes ++func UnsetSystemdListenVars() { ++ _ = os.Unsetenv("LISTEN_PID") ++ _ = os.Unsetenv("LISTEN_FDS") ++ _ = os.Unsetenv("LISTEN_FDNAMES") ++} +diff --git a/vendor/modules.txt b/vendor/modules.txt +index 10c1e595c..78fb14705 100644 +--- a/vendor/modules.txt ++++ b/vendor/modules.txt +@@ -963,6 +963,9 @@ github.com/yuin/goldmark/renderer + github.com/yuin/goldmark/renderer/html + github.com/yuin/goldmark/text + github.com/yuin/goldmark/util ++# go.balki.me/anyhttp v0.3.0 ++## explicit; go 1.20 ++go.balki.me/anyhttp + # go.mongodb.org/mongo-driver v1.14.0 + ## explicit; go 1.18 + go.mongodb.org/mongo-driver/bson +-- +2.47.1 +