Fixed admin password being boolean.

Added the hostname of the public server in order to send ICCC messages over TLS and HTTP/2

ConfigurationDB/CheckConfiguration.go

@@ -14,13 +14,21 @@ func checkConfiguration() {
 	CheckSingleConfigurationPresentsAndAddIfMissing(`DefaultLanguageCode`, `en-GB`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerBinding`, `127.0.0.1:60000`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerEnabled`, `True`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerPassword`, ``)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSCertificateName`, `certificateAdmin.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSPrivateKey`, `privateKeyAdmin.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerMaxHeaderLenBytes`, `10485760`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerPort`, `50000`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerHostname`, `www.my-site.domain`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerReadTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerWriteTimeoutSeconds`, `10`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerMaxHeaderLenBytes`, `1048576`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerUseTLS`, `False`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSCertificateName`, `certificatePublic.pem`)
+	CheckSingleConfigurationPresentsAndAddIfMissing(`PublicWebServerTLSPrivateKey`, `privateKeyPublic.pem`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`InternalCommPassword`, `please replace this with e.g. a random GUID, etc.`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBHost`, `localhost:27017`)
 	CheckSingleConfigurationPresentsAndAddIfMissing(`CustomerDBDatabase`, `Ocean`)

Handlers/AddHandler.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 )
@@ -33,5 +34,5 @@ func AddAdminHandler(pattern string, handler func(http.ResponseWriter, *http.Req
 	}()
 
 	// Add the handler:
-	muxAdmin.HandleFunc(pattern, handler)
+	muxAdmin.HandleFunc(pattern, BasicAuth(handler, `admin`, ConfigurationDB.Read(`AdminWebServerPassword`), `Please enter your username and password for this site`))
 }

Handlers/BasicAuth.go

@@ -0,0 +1,30 @@
+package Handlers
+
+import (
+	"crypto/subtle"
+	"net/http"
+)
+
+// BasicAuth wraps a handler requiring HTTP basic auth for it using the given
+// username and password and the specified realm, which shouldn't contain quotes.
+//
+// Most web browser display a dialog with something like:
+//
+//    The website says: "<realm>"
+//
+// Which is really stupid so you may want to set the realm to a message rather than
+// an actual realm.
+//
+// Taken from on http://stackoverflow.com/questions/21936332/idiomatic-way-of-requiring-http-basic-auth-in-go/39591234#39591234
+func BasicAuth(handler http.HandlerFunc, username, password, realm string) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, pass, ok := r.BasicAuth()
+		if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
+			w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
+			w.WriteHeader(401)
+			w.Write([]byte(http.StatusText(401)))
+			return
+		}
+		handler(w, r)
+	}
+}

ICCC/Init.go

@@ -2,9 +2,11 @@ package ICCC
 
 import (
 	"container/list"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"strings"
 )
 
 // Init this package.
@@ -22,6 +24,13 @@ func init() {
 	// Using the local IP address:
 	correctAddressWithPort = Tools.LocalIPAddressAndPort()
 
+	// Determine the correct protocol:
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+		activeProtocol = "https://"
+	} else {
+		activeProtocol = "http://"
+	}
+
 	// Init the database:
 	initDB()
 

ICCC/RegisterListener2Database.go

@@ -1,45 +1,47 @@
-package ICCC
+package ICCC
-
+
-import (
+import (
-	"fmt"
+	"fmt"
-	"github.com/SommerEngineering/Ocean/ICCC/Scheme"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
-	"github.com/SommerEngineering/Ocean/Log"
+	"github.com/SommerEngineering/Ocean/ICCC/Scheme"
-	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+	"github.com/SommerEngineering/Ocean/Log"
-	"gopkg.in/mgo.v2/bson"
+	LM "github.com/SommerEngineering/Ocean/Log/Meta"
-)
+	"gopkg.in/mgo.v2/bson"
-
+)
-// The internal function to register an listener to ICCC.
+
-func registerListener2Database(channel, command, ipAddressPort string, isActive bool, kind byte) {
+// The internal function to register an listener to ICCC.
-	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive))
+func registerListener2Database(channel, command, ipAddressPort string, isActive bool, kind byte) {
-
+	Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Register this ICCC command in to the database.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, fmt.Sprintf("isActive=%v", isActive), `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	entry := Scheme.Listener{}
+
-	entry.Channel = channel
+	entry := Scheme.Listener{}
-	entry.Command = command
+	entry.Channel = channel
-	entry.IsActive = isActive
+	entry.Command = command
-	entry.IPAddressPort = ipAddressPort
+	entry.IsActive = isActive
-	entry.Kind = kind
+	entry.IPAddressPort = ipAddressPort
-
+	entry.Kind = kind
-	//
+	entry.Hostname = ConfigurationDB.Read(`PublicWebServerHostname`)
-	// Case: Exists?
+
-	//
+	//
-	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}}
+	// Case: Exists?
-	count1, _ := collectionListener.Find(selection).Count()
+	//
-	if count1 == 1 {
+	selection := bson.D{{`Channel`, channel}, {`Command`, command}, {`IPAddressPort`, ipAddressPort}, {`Hostname`, entry.Hostname}}
-		//
+	count1, _ := collectionListener.Find(selection).Count()
-		// Case: Exist but maybe not active
+	if count1 == 1 {
-		//
+		//
-		collectionListener.Update(selection, entry)
+		// Case: Exist but maybe not active
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		//
-		return
+		collectionListener.Update(selection, entry)
-	}
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `Updating the existing ICCC command.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-
+		return
-	//
+	}
-	// Case: Not exist
+
-	//
+	//
-	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+	// Case: Not exist
-	if err := collectionListener.Insert(entry); err != nil {
+	//
-		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+	Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelWARN, LM.SeverityCritical, LM.ImpactNone, LM.MessageNameCONFIGURATION, `This ICCC command is not known.`, `Create now a new entry!`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	} else {
+	if err := collectionListener.Insert(entry); err != nil {
-		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort)
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactCritical, LM.MessageNameDATABASE, `It was not possible to add this ICCC command!`, err.Error(), `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
-	}
+	} else {
-}
+		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, `This ICCC command is now known and active.`, `channel=`+channel, `command=`+command, `IPAddressPort=`+ipAddressPort, `Hostname=`+ConfigurationDB.Read(`PublicWebServerHostname`))
+	}
+}

ICCC/Scheme/Listener.go

@@ -7,4 +7,5 @@ type Listener struct {
 	IsActive      bool   `bson:"IsActive"`
 	IPAddressPort string `bson:"IPAddressPort"`
 	Kind          byte   `bson:"Kind"`
+	Hostname      string `bson:"Hostname"`
 }

ICCC/Send.go

@@ -16,7 +16,7 @@ func sendMessage(listener Scheme.Listener, data map[string][]string) (result map
 	valuesHTTP := signMessage(data)
 
 	// Try to deliver the message:
-	if response, err := http.PostForm(`http://`+listener.IPAddressPort+`/ICCC`, valuesHTTP); err != nil {
+	if response, err := http.PostForm(activeProtocol+listener.Hostname+`/ICCC`, valuesHTTP); err != nil {
 		// Case: Was not possible to deliver.
 		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.SeverityCritical, LM.ImpactUnknown, LM.MessageNameNETWORK, `Was not able to send the ICCC message.`, err.Error())
 	} else {

ICCC/Variables.go

@@ -37,4 +37,5 @@ var (
 	startCacheTimerLock       sync.Mutex                                                    = sync.Mutex{}                                                                         // Mutex for the start timer
 	cacheTimerRunning         bool                                                          = false                                                                                // Is the timer running?
 	correctAddressWithPort    string                                                        = ``                                                                                   // The IP address and port of the this local server
+	activeProtocol            string                                                        = `http://`
 )

StaticFiles/FindAndReadFile.go

@@ -3,10 +3,12 @@ package StaticFiles
 import (
 	"archive/zip"
 	"bytes"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/Shutdown"
 	"io/ioutil"
+	"strings"
 )
 
 // Try to read a static file.
@@ -17,6 +19,40 @@ func FindAndReadFile(filename string) (result []byte) {
 		return
 	}
 
+	//
+	// Ensure that the TLS keys are secure and save:
+	//
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the admin server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	if strings.ToLower(filename) == strings.ToLower(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`)) {
+		Log.LogFull(senderName, LM.CategorySYSTEM, LM.LevelSECURITY, LM.SeverityNone, LM.ImpactNone, LM.MessageNameREQUEST, `Someone tried to read the TLS certificate's private key of the public server. The attempt was inhibited.`)
+		return
+	}
+
+	result = FindAndReadFileINTERNAL(filename)
+	return
+}
+
+func FindAndReadFileINTERNAL(filename string) (result []byte) {
+
+	// Case: The system goes down.
+	if Shutdown.IsDown() {
+		return
+	}
+
 	// Prepare the path:
 	path := filename
 

System/Version/Variables.go

@@ -1,5 +1,5 @@
 package Version
 
 var (
-	oceansVersion string = `2.0.7` // Ocean's current version
+	oceansVersion string = `2.1.3` // Ocean's current version
 )

Templates/Add.go

@@ -0,0 +1,7 @@
+package Templates
+
+//AddTemplate adds a template to the template cache so it can be used by ProcessHTML
+func AddTemplate(src string) error {
+	_, err := templates.Parse(src)
+	return err
+}

Tools/Random.go

@@ -20,6 +20,5 @@ func RandomFloat64() (rnd float64) {
 // Gets a random UUID (v4).
 func RandomGUID() (guidString string) {
 	guidString = uuid.NewV4().String()
-	guidString = guidString[1 : len(guidString)-1]
 	return
 }

WebServer/Init.go

@@ -6,8 +6,12 @@ import (
 	"github.com/SommerEngineering/Ocean/Handlers"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
+	"github.com/SommerEngineering/Ocean/StaticFiles"
 	"github.com/SommerEngineering/Ocean/Tools"
+	"io/ioutil"
 	"net/http"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
@@ -64,6 +68,32 @@ func init() {
 		serverPublic.MaxHeaderBytes = maxHeaderBytes
 	}
 
+	// Is TLS configured?
+	if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+
+		// TLS is enabled. Copy the certificate and private key to the source directory.
+		publicTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+		publicTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+		// Access to the working directory?
+		currentDir, dirError := os.Getwd()
+		if dirError != nil {
+			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+		} else {
+			// Build the filenames:
+			pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSCertificateName`))
+			pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+
+			// Write the files:
+			if writeError := ioutil.WriteFile(pathCertificate, publicTLSCertificate, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+			}
+			if writeError := ioutil.WriteFile(pathPrivateKey, publicTLSPrivateKey, 0660); writeError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+			}
+		}
+	}
+
 	// Is the private web server (i.e. administration server) enabled?
 	if strings.ToLower(ConfigurationDB.Read(`AdminWebServerEnabled`)) == `true` {
 
@@ -105,6 +135,32 @@ func init() {
 			Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameCONFIGURATION, fmt.Sprintf("The admin web server's max. header size was set to %d bytes.", maxHeaderBytes))
 			serverAdmin.MaxHeaderBytes = maxHeaderBytes
 		}
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+
+			// TLS is enabled. Copy the certificate and private key to the source directory.
+			adminTLSCertificate := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+			adminTLSPrivateKey := StaticFiles.FindAndReadFileINTERNAL(ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+			// Access to the working directory?
+			currentDir, dirError := os.Getwd()
+			if dirError != nil {
+				Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to read the working directory. Thus, cannot store the TLS certificates!`, dirError.Error())
+			} else {
+				// Build the filenames:
+				pathCertificate := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSCertificateName`))
+				pathPrivateKey := filepath.Join(currentDir, ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+
+				// Write the files:
+				if writeError := ioutil.WriteFile(pathCertificate, adminTLSCertificate, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS certificate to the working directory.`, writeError.Error())
+				}
+				if writeError := ioutil.WriteFile(pathPrivateKey, adminTLSPrivateKey, 0660); writeError != nil {
+					Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelERROR, LM.MessageNameCONFIGURATION, `Was not able to write the TLS private key to the working directory.`, writeError.Error())
+				}
+			}
+		}
 	} else {
 		// Private web server is disabled:
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `The admin web server is disabled.`)

WebServer/Start.go

@@ -2,11 +2,13 @@ package WebServer
 
 import (
 	"fmt"
+	"github.com/SommerEngineering/Ocean/ConfigurationDB"
 	"github.com/SommerEngineering/Ocean/ICCC"
 	"github.com/SommerEngineering/Ocean/ICCC/SystemMessages"
 	"github.com/SommerEngineering/Ocean/Log"
 	LM "github.com/SommerEngineering/Ocean/Log/Meta"
 	"github.com/SommerEngineering/Ocean/System/Version"
+	"strings"
 )
 
 func Start() {
@@ -19,14 +21,27 @@ func Start() {
 	if serverPublic != nil {
 		data.PublicIPAddressPort = serverPublicAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Public web server is now listening.`, `Configuration for hostname and port.`, serverPublicAddressPort)
-		go serverPublic.ListenAndServe()
+
+		// Is TLS configured?
+		if publicTLSEnabled := ConfigurationDB.Read(`PublicWebServerUseTLS`); strings.ToLower(publicTLSEnabled) == `true` {
+			go serverPublic.ListenAndServeTLS(ConfigurationDB.Read(`PublicWebServerTLSCertificateName`), ConfigurationDB.Read(`PublicWebServerTLSPrivateKey`))
+		} else {
+			go serverPublic.ListenAndServe()
+		}
+
 	}
 
 	// Start the private web server:
 	if serverAdmin != nil {
 		data.AdminIPAddressPort = serverAdminAddressPort
 		Log.LogShort(senderName, LM.CategorySYSTEM, LM.LevelINFO, LM.MessageNameSTARTUP, `Admin web server is now listening.`, `Configuration for hostname and port.`, serverAdminAddressPort)
-		go serverAdmin.ListenAndServe()
+
+		// Is TLS configured?
+		if adminTLSEnabled := ConfigurationDB.Read(`AdminWebServerUseTLS`); strings.ToLower(adminTLSEnabled) == `true` {
+			go serverAdmin.ListenAndServeTLS(ConfigurationDB.Read(`AdminWebServerTLSCertificateName`), ConfigurationDB.Read(`AdminWebServerTLSPrivateKey`))
+		} else {
+			go serverAdmin.ListenAndServe()
+		}
 	}
 
 	// Notify the whole cluster, that this server is now up and ready: