startAdminServer starts the actual admin server
(ctx context.Context, options AdminOptions, enableUI bool, icebergPort int, urlPrefix string)
| 321 | |
| 322 | // startAdminServer starts the actual admin server |
| 323 | func startAdminServer(ctx context.Context, options AdminOptions, enableUI bool, icebergPort int, urlPrefix string) error { |
| 324 | // Create router |
| 325 | r := mux.NewRouter() |
| 326 | r.Use(loggingMiddleware) |
| 327 | r.Use(recoveryMiddleware) |
| 328 | |
| 329 | // Inject URL prefix into request context for use by handlers and templates |
| 330 | if urlPrefix != "" { |
| 331 | r.Use(func(next http.Handler) http.Handler { |
| 332 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 333 | ctx := dash.WithURLPrefix(r.Context(), urlPrefix) |
| 334 | next.ServeHTTP(w, r.WithContext(ctx)) |
| 335 | }) |
| 336 | }) |
| 337 | } |
| 338 | |
| 339 | // Create data directory first if specified (needed for session key storage) |
| 340 | var dataDir string |
| 341 | if *options.dataDir != "" { |
| 342 | dataDir = util.ResolvePath(*options.dataDir) |
| 343 | if dataDir != *options.dataDir { |
| 344 | fmt.Printf("Expanded dataDir: %s -> %s\n", *options.dataDir, dataDir) |
| 345 | } |
| 346 | if err := os.MkdirAll(dataDir, 0755); err != nil { |
| 347 | return fmt.Errorf("failed to create data directory %s: %v", dataDir, err) |
| 348 | } |
| 349 | glog.Infof("Data directory created/verified: %s", dataDir) |
| 350 | } |
| 351 | |
| 352 | // Write maintenance task settings from admin.toml into the persisted |
| 353 | // task configs before the server loads them |
| 354 | if err := dash.NewConfigPersistence(dataDir).ApplyMaintenanceConfigFromToml(util.GetViper()); err != nil { |
| 355 | return fmt.Errorf("apply admin.toml: %w", err) |
| 356 | } |
| 357 | |
| 358 | // Detect TLS configuration to set Secure cookie flag |
| 359 | cookieSecure := viper.GetString("https.admin.key") != "" |
| 360 | |
| 361 | // Session store - load or generate session keys |
| 362 | authKey, encKey, err := loadOrGenerateSessionKeys(dataDir) |
| 363 | if err != nil { |
| 364 | return fmt.Errorf("failed to get session key: %w", err) |
| 365 | } |
| 366 | store := sessions.NewCookieStore(authKey, encKey) |
| 367 | |
| 368 | // Configure session options to ensure cookies are properly saved |
| 369 | cookiePath := "/" |
| 370 | if urlPrefix != "" { |
| 371 | cookiePath = urlPrefix + "/" |
| 372 | } |
| 373 | store.Options = &sessions.Options{ |
| 374 | Path: cookiePath, |
| 375 | MaxAge: 3600 * 24, // 24 hours |
| 376 | HttpOnly: true, // Prevent JavaScript access |
| 377 | Secure: cookieSecure, // Set based on actual TLS configuration |
| 378 | SameSite: http.SameSiteLaxMode, |
| 379 | } |
| 380 |
no test coverage detected