his: Split up ui and api interface to prevent certificate popup in ui

12 months ago · 91eb3c1850
parent 7a3db7c9b2
commit 91eb3c1850
4 changed files with 87 additions and 36 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -5,7 +5,7 @@ services:
    container_name: okapi_his
    restart: always
    environment:
-      EXT_ADDR: "https://okapi_his:8084"
+      EXT_ADDR: "https://okapi_his"
    volumes:
      - "./his/data:/data"
      - "./his/certs:/certs"
--- a/his/main.go
+++ b/his/main.go
@ -2,41 +2,62 @@ package main

 import (
 	"context"
+	"fmt"
 	"log"
+	"net/http"
 	"os"
 	"os/signal"
 	"sync"
 )

-var localAddr = "0.0.0.0:8084"
-var externalAddr = "https://localhost:8084"
+var apiPort = "8083"
+
+var apiAddr = "0.0.0.0:" + apiPort
+var uiAddr = "0.0.0.0:8084"
+var externalApiAddr = "https://localhost:" + apiPort

 func main() {
 	stop := make(chan os.Signal, 1)
 	signal.Notify(stop, os.Interrupt)
 	wg := &sync.WaitGroup{}

-	if os.Getenv("LOCAL_ADDR") != "" {
-		localAddr = os.Getenv("LOCAL_ADDR")
+	if os.Getenv("UI_ADDR") != "" {
+		uiAddr = os.Getenv("UI_ADDR")
 	}

 	if os.Getenv("EXT_ADDR") != "" {
-		externalAddr = os.Getenv("EXT_ADDR")
+		externalApiAddr = "https://" + os.Getenv("EXT_ADDR") + ":" + apiPort
 	}

-	srv := NewServer(localAddr)
+	srv := NewServer(apiAddr, uiAddr)
 	srv.LoadData("./data/data.db")

+	wg.Add(1)
 	go func() {
-		wg.Add(1)
-		srv.ListenAndServe()
+		if err := srv.ListenAndServeUI(); err != nil && err != http.ErrServerClosed {
+			panic(fmt.Errorf("err listenAndServe ui: %v", err))
+		}
+	}()
+
+	wg.Add(1)
+	go func() {
+		if err := srv.ListenAndServeAPI(); err != nil && err != http.ErrServerClosed {
+			panic(fmt.Errorf("err listenAndServe api: %v", err))
+		}
 	}()

 	<-stop

 	go func() {
-		log.Println("Shutdown server...")
-		srv.Shutdown(context.Background())
+		log.Println("Shutdown api server...")
+		srv.ShutdownAPI(context.Background())
+		wg.Done()
+		log.Println("Server.shutdown...")
+	}()
+
+	go func() {
+		log.Println("Shutdown ui server...")
+		srv.ShutdownUI(context.Background())
 		wg.Done()
 		log.Println("Server.shutdown...")
 	}()
--- a/his/openapiclient.go
+++ b/his/openapiclient.go
@ -240,7 +240,7 @@ func (srv *HISServer) enableService(serviceProvider *model.ServiceProvider, serv
 			Fetch: &okapi.CallbackConfiguration{
 				Protocol: "https://whiteboxsystems.nl/protospecs/whitebox-fetch/http",
 				Configuration: toStruct(map[string]interface{}{
-					"url": externalAddr + "/external/api",
+					"url": externalApiAddr + "/external/api",
 				}),
 				Auth: &okapi.ProtocolAuthConfiguration{
 					Method: sharedmodel.AuthMethodDecozoMTLS,
@ -249,7 +249,7 @@ func (srv *HISServer) enableService(serviceProvider *model.ServiceProvider, serv
 			Push: &okapi.CallbackConfiguration{
 				Protocol: "https://whiteboxsystems.nl/protospecs/whitebox-push/http",
 				Configuration: toStruct(map[string]interface{}{
-					"url": externalAddr + "/external/api",
+					"url": externalApiAddr + "/external/api",
 				}),
 				Auth: &okapi.ProtocolAuthConfiguration{
 					Method: sharedmodel.AuthMethodDecozoMTLS,
@ -262,7 +262,7 @@ func (srv *HISServer) enableService(serviceProvider *model.ServiceProvider, serv
 			Fetch: &okapi.CallbackConfiguration{
 				Protocol: "https://hl7.org/fhir",
 				Configuration: toStruct(map[string]interface{}{
-					"url": externalAddr + "/external/fhir/Patient",
+					"url": externalApiAddr + "/external/fhir/Patient",
 				}),
 				Auth: &okapi.ProtocolAuthConfiguration{
 					Method: sharedmodel.AuthMethodDecozoBearerToken,
@ -271,7 +271,7 @@ func (srv *HISServer) enableService(serviceProvider *model.ServiceProvider, serv
 			Push: &okapi.CallbackConfiguration{
 				Protocol: "https://hl7.org/fhir",
 				Configuration: toStruct(map[string]interface{}{
-					"url": externalAddr + "/external/fhir/Patient",
+					"url": externalApiAddr + "/external/fhir/Patient",
 				}),
 				Auth: &okapi.ProtocolAuthConfiguration{
 					Method: sharedmodel.AuthMethodDecozoBearerToken,
--- a/his/srv.go
+++ b/his/srv.go
@ -66,8 +66,10 @@ func loadKeyPair() credentials.TransportCredentials {
 }

 type HISServer struct {
-	srv        *http.Server
-	inited     bool
+	apiSrv     *http.Server
+	apiInited  bool
+	uiSrv      *http.Server
+	uiInited   bool
 	data       *gorm.DB
 	stopTasks  chan struct{}
 	clientCert tls.Certificate
@ -80,27 +82,51 @@ func (srv *HISServer) LoadData(location string) error {
 }

 func (srv *HISServer) Addr() string {
-	if srv.srv == nil {
+	if srv.apiSrv == nil {
 		return ""
 	}
-	return srv.srv.Addr
+	return srv.apiSrv.Addr
 }

-func (srv *HISServer) ListenAndServe() {
-	if !srv.inited {
-		srv.init()
+func (srv *HISServer) ListenAndServeAPI() error {
+
+	if !srv.apiInited {
+		srv.initAPI()
+	}
+	log.Printf("API Listening on %v\n", srv.apiSrv.Addr)
+	return srv.apiSrv.ListenAndServeTLS("", "")
+}
+
+func (srv *HISServer) ListenAndServeUI() error {
+
+	if !srv.uiInited {
+		srv.initUI()
 	}
-	log.Println("Listening on %v", srv.srv.Addr)
-	srv.srv.ListenAndServeTLS("", "")
+	log.Printf("UI Listening on %v\n", srv.uiSrv.Addr)
+	return srv.uiSrv.ListenAndServeTLS("", "")
+}
+
+func (srv *HISServer) ShutdownAPI(ctx context.Context) (error, error) {
+	return srv.apiSrv.Shutdown(ctx), srv.uiSrv.Shutdown(ctx)
+}
+
+func (srv *HISServer) ShutdownUI(ctx context.Context) (error, error) {
+	return srv.uiSrv.Shutdown(ctx), srv.uiSrv.Shutdown(ctx)
 }

-func (srv *HISServer) Shutdown(ctx context.Context) error {
-	return srv.srv.Shutdown(ctx)
+func (srv *HISServer) initAPI() {
+	srv.apiInited = true
+	r := srv.apiSrv.Handler.(*gin.Engine)
+
+	r.Use(srv.Authenticate)
+	r.GET("/external/api/patients/:id", srv.GetPatient)
+	r.GET("/external/fhir/Patient", srv.GetFHIRPatient)
 }

-func (srv *HISServer) init() {
-	r := srv.srv.Handler.(*gin.Engine)
+func (srv *HISServer) initUI() {
+	srv.uiInited = true

+	r := srv.uiSrv.Handler.(*gin.Engine)
 	r.LoadHTMLGlob("templates/*")
 	r.Static("/assets", "./assets")

@ -121,11 +147,6 @@ func (srv *HISServer) init() {
 	r.GET("/api/services", srv.GetServices)
 	r.POST("/api/services/:id/subscriptions", srv.UpdateSubscription)

-	r.Use(srv.Authenticate)
-	r.GET("/external/api/patients/:id", srv.GetPatient)
-	r.GET("/external/fhir/Patient", srv.GetFHIRPatient)
-	srv.inited = true
-
 	ticker := time.NewTicker(30 * time.Second)
 	srv.stopTasks = make(chan struct{})
 	srv.TaskSyncPatients()
@ -612,11 +633,11 @@ func (srv *HISServer) GetFHIRPatient(c *gin.Context) {
 	c.JSON(404, nil)
 }

-func NewServer(addr string) *HISServer {
+func NewServer(apiAddr, uiAddr string) *HISServer {
 	cert := loadCert()
 	srv := &HISServer{
-		srv: &http.Server{
-			Addr:    addr,
+		apiSrv: &http.Server{
+			Addr:    apiAddr,
 			Handler: gin.Default(),
 			TLSConfig: &tls.Config{
 				ClientAuth: tls.RequestClientCert,
@ -625,6 +646,15 @@ func NewServer(addr string) *HISServer {
 				},
 			},
 		},
+		uiSrv: &http.Server{
+			Addr:    uiAddr,
+			Handler: gin.Default(),
+			TLSConfig: &tls.Config{
+				GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
+					return cert, nil
+				},
+			},
+		},
 		clientCert: *cert,
 	}