example(issue-34): add tls and http2 examples

z5labs · Dec 18, 2023 · a0da5d4 · a0da5d4
1 parent d8f356f
commit a0da5d4
Show file tree

Hide file tree

Showing 5 changed files with 267 additions and 0 deletions.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -6,6 +6,19 @@ before:
     - go mod tidy -v
 
 builds:
+  - id: http2
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    goamd64:
+      - v3
+    main: example/http2/main.go
+    binary: http2
+
   - id: otlp
     env:
       - CGO_ENABLED=0
@@ -58,7 +71,39 @@ builds:
     main: example/simple_queue/main.go
     binary: simple_queue
 
+  - id: tls_http
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    goamd64:
+      - v3
+    main: example/tls_http/main.go
+    binary: tls_http
+
 dockers:
+  - id: http2
+    goos: linux
+    goarch: amd64
+    goamd64: v3
+    ids:
+      - http2
+    image_templates:
+      - "ghcr.io/z5labs/bedrock/example/http2:latest"
+      - "ghcr.io/z5labs/bedrock/example/http2:{{ .Tag }}"
+    dockerfile: example/http2/Containerfile
+    use: docker
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/amd64"
+
   - id: otlp
     goos: linux
     goarch: amd64
@@ -134,3 +179,22 @@ dockers:
       - "--label=org.opencontainers.image.revision={{.FullCommit}}"
       - "--label=org.opencontainers.image.version={{.Version}}"
       - "--platform=linux/amd64"
+
+  - id: tls_http
+    goos: linux
+    goarch: amd64
+    goamd64: v3
+    ids:
+      - tls_http
+    image_templates:
+      - "ghcr.io/z5labs/bedrock/example/tls_http:latest"
+      - "ghcr.io/z5labs/bedrock/example/tls_http:{{ .Tag }}"
+    dockerfile: example/tls_http/Containerfile
+    use: docker
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--platform=linux/amd64"
diff --git a/example/http2/Containerfile b/example/http2/Containerfile
@@ -0,0 +1,9 @@
+# Copyright (c) 2023 Z5Labs and Contributors
+# 
+# This software is released under the MIT License.
+# https://opensource.org/licenses/MIT
+
+FROM scratch
+EXPOSE 8080
+COPY http2 /
+ENTRYPOINT ["/http2"]
diff --git a/example/http2/main.go b/example/http2/main.go
@@ -0,0 +1,93 @@
+// Copyright (c) 2023 Z5Labs and Contributors
+//
+// This software is released under the MIT License.
+// https://opensource.org/licenses/MIT
+
+package main
+
+import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"fmt"
+	"log/slog"
+	"math/big"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/z5labs/bedrock"
+	brhttp "github.com/z5labs/bedrock/http"
+	"github.com/z5labs/bedrock/pkg/otelconfig"
+)
+
+func createCert() (tls.Certificate, error) {
+	_, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	// ECDSA, ED25519 and RSA subject keys should have the DigitalSignature
+	// KeyUsage bits set in the x509.Certificate template
+	notBefore := time.Now()
+	notAfter := notBefore.Add(365 * 24 * time.Hour)
+
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(time.Now().Unix()),
+		Subject: pkix.Name{
+			Organization: []string{"Acme Co"},
+		},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		SubjectKeyId:          []byte{113, 117, 105, 99, 107, 115, 101, 114, 118, 101},
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+		KeyUsage: x509.KeyUsageKeyEncipherment |
+			x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, priv.Public().(ed25519.PublicKey), priv)
+	if err != nil {
+		return tls.Certificate{}, nil
+	}
+
+	var cert tls.Certificate
+	cert.Certificate = append(cert.Certificate, derBytes)
+	cert.PrivateKey = priv
+	return cert, nil
+}
+
+func initRuntime(bc bedrock.BuildContext) (bedrock.Runtime, error) {
+	logHandler := slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{AddSource: true})
+
+	cert, err := createCert()
+	if err != nil {
+		return nil, err
+	}
+
+	rt := brhttp.NewRuntime(
+		brhttp.ListenOnPort(8080),
+		brhttp.LogHandler(logHandler),
+		brhttp.TLSConfig(&tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}),
+		brhttp.Http2Only(),
+		brhttp.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprint(w, "hello, world")
+		}),
+	)
+	return rt, nil
+}
+
+func main() {
+	bedrock.New(
+		bedrock.InitTracerProvider(func(bc bedrock.BuildContext) (otelconfig.Initializer, error) {
+			return otelconfig.Local(
+				otelconfig.ServiceName("http2"),
+			), nil
+		}),
+		bedrock.WithRuntimeBuilderFunc(initRuntime),
+	).Run()
+}
diff --git a/example/tls_http/Containerfile b/example/tls_http/Containerfile
@@ -0,0 +1,9 @@
+# Copyright (c) 2023 Z5Labs and Contributors
+# 
+# This software is released under the MIT License.
+# https://opensource.org/licenses/MIT
+
+FROM scratch
+EXPOSE 8080
+COPY tls_http /
+ENTRYPOINT ["/tls_http"]
diff --git a/example/tls_http/main.go b/example/tls_http/main.go
@@ -0,0 +1,92 @@
+// Copyright (c) 2023 Z5Labs and Contributors
+//
+// This software is released under the MIT License.
+// https://opensource.org/licenses/MIT
+
+package main
+
+import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"fmt"
+	"log/slog"
+	"math/big"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/z5labs/bedrock"
+	brhttp "github.com/z5labs/bedrock/http"
+	"github.com/z5labs/bedrock/pkg/otelconfig"
+)
+
+func createCert() (tls.Certificate, error) {
+	_, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	// ECDSA, ED25519 and RSA subject keys should have the DigitalSignature
+	// KeyUsage bits set in the x509.Certificate template
+	notBefore := time.Now()
+	notAfter := notBefore.Add(365 * 24 * time.Hour)
+
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(time.Now().Unix()),
+		Subject: pkix.Name{
+			Organization: []string{"Acme Co"},
+		},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		SubjectKeyId:          []byte{113, 117, 105, 99, 107, 115, 101, 114, 118, 101},
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+		KeyUsage: x509.KeyUsageKeyEncipherment |
+			x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, priv.Public().(ed25519.PublicKey), priv)
+	if err != nil {
+		return tls.Certificate{}, nil
+	}
+
+	var cert tls.Certificate
+	cert.Certificate = append(cert.Certificate, derBytes)
+	cert.PrivateKey = priv
+	return cert, nil
+}
+
+func initRuntime(bc bedrock.BuildContext) (bedrock.Runtime, error) {
+	logHandler := slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{AddSource: true})
+
+	cert, err := createCert()
+	if err != nil {
+		return nil, err
+	}
+
+	rt := brhttp.NewRuntime(
+		brhttp.ListenOnPort(8080),
+		brhttp.LogHandler(logHandler),
+		brhttp.TLSConfig(&tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}),
+		brhttp.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprint(w, "hello, world")
+		}),
+	)
+	return rt, nil
+}
+
+func main() {
+	bedrock.New(
+		bedrock.InitTracerProvider(func(bc bedrock.BuildContext) (otelconfig.Initializer, error) {
+			return otelconfig.Local(
+				otelconfig.ServiceName("tls_http"),
+			), nil
+		}),
+		bedrock.WithRuntimeBuilderFunc(initRuntime),
+	).Run()
+}