1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
package main
import (
"context"
"crypto/tls"
"errors"
"flag"
"fmt"
"net/http"
"os"
"os/signal"
"time"
"github.com/go-redis/redis/v8"
"github.com/gorilla/mux"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
)
var (
flagPort = flag.String("port", "8009", "determines the port the server will listen on")
flagInterval = flag.Float64("interval", 10, "In seconds, the delay between checking prices")
redisDB = flag.Int64("redisdb", 1, "determines the db number")
rdb *redis.Client
redisAddress = flag.String("redisaddress", "redis:6379", "determines the address of the redis instance")
redisPassword = flag.String("redispassword", "", "determines the password of the redis db")
)
const (
SERVER_DEPLOYMENT_TYPE = "SERVER_DEPLOYMENT_TYPE"
)
// OWASP: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
func addSecureHeaders(w *http.ResponseWriter) {
(*w).Header().Set("Cache-Control", "no-store")
(*w).Header().Set("Content-Security-Policy", "default-src https;")
(*w).Header().Set("Strict-Transport-Security", "max-age=63072000;")
(*w).Header().Set("X-Content-Type-Options", "nosniff")
(*w).Header().Set("X-Frame-Options", "DENY")
(*w).Header().Set("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS")
}
func arbHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Content-Type", "application/json")
if r.Method != "GET" {
http.Error(w, "Method is not supported.", http.StatusNotFound)
}
addSecureHeaders(&w)
//binance
//kucoin
}
func startServer(gracefulWait time.Duration) {
r := mux.NewRouter()
cfg := &tls.Config{
MinVersion: tls.VersionTLS13,
// CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
// PreferServerCipherSuites: true,
// CipherSuites: []uint16{
// tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
// tls.TLS_RSA_WITH_AES_256_CBC_SHA,
// },
}
srv := &http.Server{
Addr: "0.0.0.0:" + *flagPort,
WriteTimeout: time.Second * 15,
ReadTimeout: time.Second * 15,
Handler: r,
TLSConfig: cfg,
}
r.HandleFunc("/crypto/arb", arbHandler)
go func() {
var certPath, keyPath string
if os.Getenv(SERVER_DEPLOYMENT_TYPE) == "deployment" {
certPath = "/certs/fullchain1.pem"
keyPath = "/certs/privkey1.pem"
} else if os.Getenv(SERVER_DEPLOYMENT_TYPE) == "test" {
certPath = "/certs/server.cert"
keyPath = "/certs/server.key"
} else {
log.Fatal().Err(errors.New(fmt.Sprintf("unknown deployment kind: %s", SERVER_DEPLOYMENT_TYPE)))
}
if err := srv.ListenAndServeTLS(certPath, keyPath); err != nil {
log.Fatal().Err(err)
}
}()
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt)
<-c
ctx, cancel := context.WithTimeout(context.Background(), gracefulWait)
defer cancel()
srv.Shutdown(ctx)
log.Info().Msg("gracefully shut down the server")
}
func setupLogging() {
zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
}
func main() {
var gracefulWait time.Duration
flag.DurationVar(&gracefulWait, "gracefulwait", time.Second*15, "the duration to wait during the graceful shutdown")
flag.Parse()
rdb = redis.NewClient(&redis.Options{
Addr: *redisAddress,
Password: *redisPassword,
DB: int(*redisDB),
})
defer rdb.Close()
setupLogging()
startServer(gracefulWait)
}
|
