initial import

d6b97a28 · Lars Seipel · d6b97a28 · d6b97a28 · d6b97a28 · d6b97a28
Commit d6b97a28 authored 7 months ago by Lars Seipel
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - build
+  - release
+
+include:
+  - component: $CI_SERVER_FQDN/its/templates-and-utilities/gitlab-ci-components/build-container-image/build-container-image@1
+    inputs:
+      containerfile: $CI_PROJECT_DIR/Dockerfile
+      context: $CI_PROJECT_DIR
+      image: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+
+  - component: $CI_SERVER_FQDN/its/templates-and-utilities/gitlab-ci-components/tag-container-image/tag-container-image@1
+    inputs:
+      job-stage: release
+      image: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+      tag: latest
+
+build-container-image:
+  rules:
+    - if: $CI_COMMIT_BRANCH
+
+tag-container-image:
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
--- a/Dockerfile
+++ b/Dockerfile
+ARG goversion=1.23
+FROM docker.io/golang:$goversion as build
+
+WORKDIR /build
+COPY go.mod go.mod
+COPY go.sum go.sum
+RUN go mod download
+
+COPY . ./
+RUN CGO_ENABLED=0 go build -o a.out
+
+FROM gcr.io/distroless/static:nonroot
+COPY --from=build /build/a.out /a.out
+ENTRYPOINT ["/a.out"]
+
--- a/go.mod
+++ b/go.mod
+module code.fbi.h-da.de/hdacloud/caddy-authorize-domain
+
+go 1.23.0
+
+require (
+	github.com/miekg/dns v1.1.62
+	go.uber.org/zap v1.27.0
+)
+
+require (
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/tools v0.22.0 // indirect
+)
--- a/go.sum
+++ b/go.sum
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
--- a/main.go
+++ b/main.go
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/miekg/dns"
+	"go.uber.org/zap"
+)
+
+var listenAddr = flag.String("listen-addr",
+	getEnvDefault("LISTEN_ADDR", ":8080"),
+	"local address for serving HTTP (`host:port`)")
+
+func main() {
+	flag.Parse()
+	logger, err := zap.NewProduction()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+	log := logger.Sugar()
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("GET /twm/ask", func(w http.ResponseWriter, r *http.Request) {
+		log := log.With(
+			zap.String("remote_addr", r.RemoteAddr),
+			zap.String("request_method", r.Method),
+			zap.String("request_path", r.URL.Path),
+			zap.String("request_url", r.URL.String()),
+			zap.String("xff", r.Header.Get("X-Forwarded-For")),
+		)
+		domain := r.FormValue("domain")
+		log.Info("handle request", "domain", domain)
+
+		// We don't want to tie down names to a specific h-da.cloud
+		// project, so accept everything beneath users.h-da.cloud.
+		if dns.IsSubDomain("users.h-da.cloud.", strings.TrimSuffix(domain, ".")+".") {
+			w.WriteHeader(204)
+		}
+
+		// Deny everything else
+		w.WriteHeader(403)
+	})
+
+	// For readiness/liveliness indication
+	readyz := func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(200)
+	}
+	livez := readyz
+	mux.HandleFunc("GET /readyz", readyz)
+	mux.HandleFunc("GET /livez", livez)
+
+	log.Fatal(
+		http.ListenAndServe(*listenAddr, mux),
+	)
+
+}
+
+func getEnvDefault(k, def string) string {
+	if v := os.Getenv(k); v != "" {
+		return v
+	}
+	return def
+}