@@ -17,6 +17,7 @@ pkgs.dockerTools.buildImage {
|
||||
name = "root";
|
||||
paths = with pkgs; [
|
||||
git
|
||||
git-lfs
|
||||
curl
|
||||
jq
|
||||
nix
|
||||
|
||||
@@ -27,11 +27,14 @@ var (
|
||||
maxUploadSize int64 = 1 << 30 // 1GB
|
||||
|
||||
deployLock sync.Mutex
|
||||
|
||||
infoLog = log.New(os.Stdout, "", log.LstdFlags)
|
||||
errorLog = log.New(os.Stderr, "", log.LstdFlags)
|
||||
)
|
||||
|
||||
func main() {
|
||||
if authenticationKey == "" || targetDirectory == "" {
|
||||
log.Fatal("AUTH_KEY and TARGET_DIR must be set")
|
||||
errorLog.Fatal("AUTH_KEY and TARGET_DIR must be set")
|
||||
}
|
||||
|
||||
if port == "" {
|
||||
@@ -43,15 +46,15 @@ func main() {
|
||||
basePath = "/" + subPath
|
||||
}
|
||||
|
||||
log.Printf("starting server on :%s, endpoint %q, target directory %q", port, basePath, targetDirectory)
|
||||
infoLog.Printf("starting server on :%s, endpoint %q, target directory %q", port, basePath, targetDirectory)
|
||||
http.HandleFunc(basePath, withRecovery(handle))
|
||||
log.Fatal(http.ListenAndServe(":"+port, nil))
|
||||
errorLog.Fatal(http.ListenAndServe(":"+port, nil))
|
||||
}
|
||||
|
||||
func handle(w http.ResponseWriter, r *http.Request) {
|
||||
remoteIP := realIP(r)
|
||||
|
||||
log.Printf("incoming %q request on %q from %s", r.Method, r.URL.Path, remoteIP)
|
||||
infoLog.Printf("incoming %q request on %q from %s", r.Method, r.URL.Path, remoteIP)
|
||||
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
|
||||
@@ -60,7 +63,7 @@ func handle(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
auth := r.Header.Get("Authorization")
|
||||
if subtle.ConstantTimeCompare([]byte(auth), []byte(authenticationKey)) != 1 {
|
||||
log.Printf("unauthorized request from %s", remoteIP)
|
||||
errorLog.Printf("unauthorized request from %s", remoteIP)
|
||||
http.Error(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
@@ -112,7 +115,7 @@ func handle(w http.ResponseWriter, r *http.Request) {
|
||||
defer os.RemoveAll(extractDir)
|
||||
|
||||
if err := extractor.Extract(ctx, archiveStream, extract(extractDir)); err != nil {
|
||||
log.Printf("failed to extract archive: %v", err)
|
||||
errorLog.Printf("failed to extract archive: %v", err)
|
||||
http.Error(w, "bad archive", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
@@ -131,7 +134,7 @@ func handle(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
log.Printf("upload successful from %s", remoteIP)
|
||||
infoLog.Printf("upload successful from %s", remoteIP)
|
||||
}
|
||||
|
||||
func realIP(r *http.Request) string {
|
||||
@@ -235,7 +238,7 @@ func withRecovery(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
defer func() {
|
||||
if v := recover(); v != nil {
|
||||
log.Printf("panic: %v", v)
|
||||
errorLog.Printf("panic: %v", v)
|
||||
http.Error(w, "internal error", http.StatusInternalServerError)
|
||||
}
|
||||
}()
|
||||
|
||||
Reference in New Issue
Block a user