snowflake-dashboard/dashboard-server.go

//go:build !dev

package main

import (
	"context"
	"fmt"
	"io"
	"log"
	"net"
	"net/http"
	"regexp"
	"strings"
	"time"
)

var (
	dockerClient = &http.Client{
		Transport: &http.Transport{
			DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
				return net.Dial("unix", "/var/run/docker.sock")
			},
		},
	}
	natRegex = regexp.MustCompile(`\bNAT type:\s*([^\r\n]+)\s*$`)
)

func main() {
	mux := http.NewServeMux()

	fs := http.FileServer(http.Dir("/app/static"))
	mux.Handle("/", fs)
	mux.HandleFunc("/health", func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) })
	mux.HandleFunc("/api/nat", handleNAT)
	mux.HandleFunc("/api/logs", handleLogs)
	mux.HandleFunc("/api/metrics", handleMetrics)

	log.Println("Server running on port 8888")
	server := &http.Server{
		Addr:         ":8888",
		Handler:      addSecurityHeaders(mux),
		ReadTimeout:  15 * time.Second,
		WriteTimeout: 15 * time.Second,
	}
	log.Fatal(server.ListenAndServe())
}

func getDockerLogs() (string, error) {
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()

	req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost/containers/snowflake-proxy/logs?stdout=true&stderr=true&tail=500", nil)
	if err != nil {
		return "", err
	}

	resp, err := dockerClient.Do(req)
	if err != nil {
		return "", err
	}
	defer resp.Body.Close()

	if resp.StatusCode != 200 {
		return "", fmt.Errorf("docker API returned status %d", resp.StatusCode)
	}

	body, err := io.ReadAll(resp.Body)
	return string(body), err
}

func handleNAT(w http.ResponseWriter, _ *http.Request) {
	output, err := getDockerLogs()
	if err != nil {
		log.Printf("Failed to fetch logs: %v", err)
		http.Error(w, "Logs unavailable", 500)
		return
	}

	lines := strings.Split(output, "\n")
	natType := "Unknown"
	for i := len(lines) - 1; i >= 0; i-- {
		if match := natRegex.FindStringSubmatch(lines[i]); match != nil {
			natType = strings.TrimSpace(match[1])
			break
		}
	}

	w.Header().Set("Content-Type", "text/plain")
	fmt.Fprint(w, natType)
}

func handleLogs(w http.ResponseWriter, _ *http.Request) {
	output, err := getDockerLogs()
	if err != nil {
		log.Printf("Failed to fetch logs: %v", err)
		http.Error(w, "Logs unavailable", 500)
		return
	}

	var filtered []string
	for _, line := range strings.Split(output, "\n") {
		if strings.Contains(line, "In the last") {
			filtered = append(filtered, line)
		}
	}

	w.Header().Set("Content-Type", "text/plain")
	fmt.Fprint(w, strings.Join(filtered, "\n"))
}

func handleMetrics(w http.ResponseWriter, _ *http.Request) {
	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
	defer cancel()

	req, err := http.NewRequestWithContext(ctx, "GET", "http://localhost:9999/internal/metrics", nil)
	if err != nil {
		log.Printf("Failed to create request: %v", err)
		http.Error(w, "Metrics unavailable", 500)
		return
	}

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		log.Printf("Failed to fetch metrics: %v", err)
		http.Error(w, "Metrics unavailable", 500)
		return
	}
	defer resp.Body.Close()

	if resp.StatusCode != 200 {
		http.Error(w, "Metrics unavailable", resp.StatusCode)
		return
	}

	w.Header().Set("Content-Type", "text/plain")
	io.Copy(w, resp.Body)
}

func addSecurityHeaders(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("X-Content-Type-Options", "nosniff")
		w.Header().Set("Referrer-Policy", "no-referrer")
		w.Header().Set("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
		w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self'; frame-ancestors *")
		next.ServeHTTP(w, r)
	})
}