Behaviours: gen_server.
The watts_init module takes care of the initialization of WaTTS. It uses the application environment set by the cuttlefish.
Cuttlefish is a config parsing and validation tool creating a set of parameter for the actual application to run, it is configured by schemas, those are stored at /config/schema.
Once the configuration file is parsed and is valid the result is passed to the application environment of WaTTS.
Once WaTTS and all it's dependencies are loaded this part starts running and configures the application.
The steps taken to configure the server include:init/1
and handle_cast/2
.
state() = #state{issues = [string()] | [], services = [map()] | []}
add_openid_provider/1* | add the configured openid provider. |
add_openid_provider/3* | take one provider from the list and add it. |
add_options/5* | dynamically generate the list of options for the webserver. |
add_rsps/1* | Add the configured RSPs as they are enabled in the config. |
add_service/1* | add a single service and if no services are left trigger jwt key updates. |
add_services/1* | add the services to the server and log the results. |
background_file/1* | create the needed tuple to reference to the background image. |
background_file/3* | decide which background image to use, the default of the given one. |
check_mail/1* | check the email setting by sending one. |
code_change/3 | just a dummy to be compliant with the behaviour, no functionality. |
create_dispatch_list/1* | This is the list of endpoints and the corresponding action to happen, this could be either calling a function or serving static files. |
create_dispatch_list/3* | handle each configuration and transform it into a dispatch entry. |
do_stop/1* | gracefully stop the configuration process when done. |
enforce_security/1* | enforces WaTTS to run in a secure setting. |
error/1 | support logging of level error for other modules. |
error/2 | support logging of level error for other modules. |
error_if_running_as_root/0* | ensure WaTTS is not running as root. |
force_config_permissions/0* | ensure config permissions are set correct. |
get_secret_and_disable/1* | check if the secret needs to be fetched from passwordd and if so try it, if it fails disable provider. |
handle_call/3 | just a dummy to be compliant with the behaviour, no functionality. |
handle_cast/2 | this is where the magic happens. |
handle_info/2 | just a dummy to be compliant with the behaviour, no functionality. |
handle_system_file/1* | handle the content of the /etc/os-release file or reading errors. |
info/1 | support logging of level info for other modules. |
info/2 | support logging of level info for other modules. |
init/1 | staring the initializing process. |
init_watts/1* | start initalization of WaTTS. |
issues_to_body/1* | convert the issues form the state to a email body. |
local_endpoint/0* | return the local endpoint. |
log_error/2* | log an error message and store it in the state for email. |
log_error/3* | log an error message and store it in the state for email. |
log_warning/2* | log a warning message and store it in the state for email. |
log_warning/3* | log a warning message and store it in the state for email. |
maybe_add_rsps/2* | Add RSPs if enabled in the configuration. |
maybe_change_hostname/4* | change the hostname to localhost if not configured well. |
maybe_recheck_provider/4* | recheck the provider for their status if still in time. |
maybe_root_halt/2* | halt the VM if uid is 0 or user is 'root'. |
maybe_start_rsp_queue/3* | decide if the rate limit for rsp endpoint needs to be started. |
maybe_start_web_queue/2* | decide if the rate limit for api endpoint needs to be started. |
maybe_start_web_queues/1* | maybe start the queues for rate limits at the api and rsp endpoint. |
message_to_state/2* | insert the message into the issues list of the state. |
read_cachain/2* | read the ca chain for SSL. |
read_certificate/2* | read the certificate for SSL. |
read_dhparam/2* | read the dh params for SSL. |
read_key/2* | read the private key for SSL. |
read_ssl_files/2* | try to read the SSL files and return if successful. |
remove_newline/1* | helperfunction to remove newlines from data. |
start_database/1* | start the databases needed to run WaTTS. |
start_if_not_started_before/1* | start the configuration of WaTTS if it has not been started before. |
start_if_undefined/1* | only start if the special configuration watts_init_started is not set. |
start_link/0 | starting the gen_server process. |
start_queue/3* | start a queue with the given name, rate limit and wait time. |
start_web_interface/1* | start the web interface of WaTTS. |
startup_duration/0* | calculate the startup duration. |
stop/1 | function to stop the process. |
system_halt/3* | halt the system with a message and a number. |
system_halt/3* | the system halt for testing purposes. |
system_name/0* | get the name of the system, like debian. |
system_uptime/0* | get the output of uptime. |
terminate/2 | just a dummy to be compliant with the behaviour, no functionality. |
update_jwt_keys/1* | generate new signing keys for jwt. |
wait_and_log_provider_results/1* | waits for the configured provides to either fail or be ready. |
wait_and_log_provider_results/4* | iterate through the list of oidc provider and check their status. |
warning/1 | support logging of level warning for other modules. |
warning/2 | support logging of level warning for other modules. |
warning_on_insecure_plugins/1* | write a warning if insecure plugins are allowed. |
add the configured openid provider. this function iterates throught the configured providers and adds each of them. Then waits for the results so the provider can read the needed configs from the Internet in parallel.
See also: add_openid_provider/2, wait_and_log_provider_results/0.
add_openid_provider(Configs::[map()], LocalEndpoint::binary(), ProvList::list()) -> {ok, list()}
take one provider from the list and add it. This uses the oidcc library to handle the OpenID Connect provider.
add_options(Options::[tuple()], CaChainSetting::tuple() | ok, DhParamSetting::tuple() | ok, IsOnion::boolean() | ok, IPv6Setting::tuple() | ok) -> [tuple()]
dynamically generate the list of options for the webserver.
Add the configured RSPs as they are enabled in the config. The function iterates through the configuration and updates them. No keys are fetched yet, only the configuration is updated.
See also: watts_rsp, watts_rsp:new/1.
add a single service and if no services are left trigger jwt key updates
add the services to the server and log the results.
See also: watts_service:add/1, watts_service:update_params/1.
create the needed tuple to reference to the background image
decide which background image to use, the default of the given one
check the email setting by sending one
code_change(OldVsn::any(), State::tuple(), Extra::any()) -> {ok, tuple()}
just a dummy to be compliant with the behaviour, no functionality.
This is the list of endpoints and the corresponding action to happen, this could be either calling a function or serving static files.
The function creates a basic dispatch list for the javascript to be served, the OpenID connect handling (login) and the api. Then calls the create_dispatch_list/2 function to configure the dynamic part.See also: create_dispatch_list/2.
create_dispatch_list(Config::[tuple()], DispatchList::[tuple()], State::state()) -> {[tuple()], state()}
handle each configuration and transform it into a dispatch entry. The handled settings include
gracefully stop the configuration process when done.
enforces WaTTS to run in a secure setting. This includes running as non root user and having SSL configured. If SSL is not configured it will be forced to localhost.
See also: error_if_running_as_root/0, maybe_change_hostname/3.
error(Message::list()) -> ok
support logging of level error for other modules
error(Msg::list(), Params::list()) -> ok
support logging of level error for other modules
error_if_running_as_root() -> ok
ensure WaTTS is not running as root. if it is running as root the VM gets stopped.
See also: maybe_root_halt/2.
force_config_permissions() -> ok
ensure config permissions are set correct
get_secret_and_disable(X1::map()) -> {binary(), boolean()}
check if the secret needs to be fetched from passwordd and if so try it, if it fails disable provider.
handle_call(Request::any(), From::any(), State::tuple()) -> {reply, ignored, tuple()}
just a dummy to be compliant with the behaviour, no functionality.
handle_cast(Msg::any(), State::state()) -> {noreply, tuple()} | {stop, normal, tuple()}
this is where the magic happens. The process handles one step at a time and after each step it will send a cast to itself to trigger the next step.
The folowing steps are processed (in order of excution):See also: add_openid_provider/0, add_services/0, init_watts/0, maybe_add_rsps/1, start_database/0, start_if_not_starte_before/0, start_web_interface/0.
handle_info(Info::any(), State::tuple()) -> {noreply, tuple()}
just a dummy to be compliant with the behaviour, no functionality.
handle_system_file(X1::{ok, binary()} | any()) -> binary()
handle the content of the /etc/os-release file or reading errors
info(Message::list()) -> ok
support logging of level info for other modules
info(Msg::list(), Params::list()) -> ok
support logging of level info for other modules
init(X1::no_parameter) -> {ok, tuple()}
staring the initializing process. The function just sends a cast to itself which in turn will be handled by handle_cast.
See also: handle_cast/2.
start initalization of WaTTS. This copies the version from keys to environment and enforces security
See also: enforce_security/0.
issues_to_body(State::state()) -> string()
convert the issues form the state to a email body
local_endpoint() -> binary()
return the local endpoint
log an error message and store it in the state for email
log an error message and store it in the state for email
log a warning message and store it in the state for email
log a warning message and store it in the state for email
Add RSPs if enabled in the configuration. Relaying Service Provider are only added if configured, else the configured RSPs are not added to the running WaTTS instance.
See also: add_rsps/0.
maybe_change_hostname(HasSSL::boolean(), IsOnion::boolean(), Hostname::list(), State::state()) -> {NewHostname::list(), state()}
change the hostname to localhost if not configured well. It will change to localhost if neither configured to run as a tor hidden service, nor having SSL configured.
maybe_recheck_provider(InTime::boolean(), ProviderPending::[{Id::binary(), Pid::pid()}], MaxTime::integer(), State::state()) -> state()
recheck the provider for their status if still in time.
maybe_root_halt(User::list(), Uid::number()) -> ok
halt the VM if uid is 0 or user is 'root'.
decide if the rate limit for rsp endpoint needs to be started
decide if the rate limit for api endpoint needs to be started
maybe start the queues for rate limits at the api and rsp endpoint
insert the message into the issues list of the state
read the ca chain for SSL
read the certificate for SSL
read the dh params for SSL
read the private key for SSL
try to read the SSL files and return if successful. This function is reading
remove_newline(List::string()) -> string()
helperfunction to remove newlines from data
start the databases needed to run WaTTS. The in ram database is started using watts_ets and the configured persistent database is started with watts_persistent.
See also: watts_ets:init/0, watts_persistent:init/0.
start the configuration of WaTTS if it has not been started before. If it has been started before, the configuration crashed, which means that something unexpected happened. As this is a critical issue WaTTS will be stoppped then.
start_if_undefined(Started::undefined | any()) -> ok
only start if the special configuration watts_init_started
is not set.
start_link() -> {ok, pid()}
starting the gen_server process.
start_queue(Name::atom(), Limit::integer(), MaxTime::integer()) -> ok
start a queue with the given name, rate limit and wait time.
start the web interface of WaTTS. This starts the main web server with the API, the static file serving of the java script SPA and, if configured, the documentations. The redirection from http to https endpoint is also started if configured.
To configure SSL first the files are read and if that fails SSL is disabled.See also: add_options/5, create_dispatch_list/0.
startup_duration() -> integer()
calculate the startup duration
stop(Pid::pid()) -> ok
function to stop the process.
system_halt(Message::string(), Params::[any()], Number::integer()) -> ok
halt the system with a message and a number. The halt is delayed for a second to ensure the logs get written.
system_halt(Message::string(), Params::[any()], Number::integer()) -> ok
the system halt for testing purposes. So the tests (the vm) are not halted by this function
system_name() -> list()
get the name of the system, like debian
system_uptime() -> string()
get the output of uptime
terminate(Reason::any(), State::tuple()) -> ok
just a dummy to be compliant with the behaviour, no functionality.
generate new signing keys for jwt
waits for the configured provides to either fail or be ready. The configuration max_provider_wait sets the max time to wait, the default is 5 seconds. Reducing this time will speedup the startup.
See also: wait_and_log_provider_results/3.
wait_and_log_provider_results(Provider::[{Id::binary(), Pid::pid()}], Pending::[{Id::binary(), Pid::pid()}], Timeout::integer(), State::state()) -> state()
iterate through the list of oidc provider and check their status. A new list is set up with pending provider and maybe checked again if the timeout has not yet been reached.
See also: maybe_recheck_provider/3.
warning(Message::list()) -> ok
support logging of level warning for other modules
warning(Msg::list(), Params::list()) -> ok
support logging of level warning for other modules
write a warning if insecure plugins are allowed
Generated by EDoc