oracular (8) json2file-go.8.gz

Provided by: json2file-go_1.15build1_amd64 bug

NAME

       json2file-go - simple web server that provides entry points to store JSON files

SYNOPSIS

       json2file-go

DESCRIPTION

       The json2file-go(1) is a mini-application that runs as a Web server and is used to store
       the information sent by remote WebHooks in JSON format using the HTTP POST method.

       Initially it has been used to process GitLab and Gitea WebHooks, but it can be used with
       other systems.

       To verify that a caller has permission to store a file the program compares a JSON field
       or an HTTP HEADER to the secret it has configured for the given PATH. If the secret
       matches the program verifies that the data received is a valid JSON file and only stores
       it if it is.

       The application is configured using environment variables and is designed to run inside a
       docker container or supervised with systemd if we are on a regular Linux server.

       The application reads two mandatory environment variables:

       •   J2F_BASEDIR: Working directory of the application, must exist before launching it.

           The default value for this variable when using the systemd helper (see later) is
           /var/spool/json2file-go. If we use the application inside a container the idea is to
           set the value to /data (is a volume in the Dockerfile) and use a volume or mount a
           HOST directory there.

       •   J2F_DIRLIST: List of directories in which we allow one to save files and an optional
           token that must be passed in a header or within the JSON to authorize the save
           operation for the file.

           The variable is a string of the form: DIR1:TOKEN1;...;DIR#:TOKEN#

           There is no default for this variable, it must be set.

       Other optional variables include:

       •   J2F_SIGNATURE_HEADERS: Comma-separated list of names for the HTTP header containing
           the signature hash (by default the list contains the name X-Hub-Signature)

       •   J2F_TOKEN_HEADERS: Comma-separated list of names for the HTTP header containing the
           token (by default the list contains the names X-Auth-Token and X-Gitlab-Token)

       •   J2F_TOKEN_FIELDS: Comma-separated list of names for the received JSON field that
           contains the token (by default we use secret)

       •   J2F_URL_PREFIX: Service base path on URLs, the directory names are computed removing
           this prefix

       •   J2F_HOST: IP address to bind to (default 0.0.0.0)

       •   J2F_PORT: TCP Port (80 if there are no certificates, 443 if there are any)

       •   J2F_BIND: Listen Address and Port (default $J2F_HOST:$J2F_PORT, if used replaces the
           other two variables)

       •   J2F_CERTFILE and J2F_KEYFILE: public certificate and key file for TLS (if both are set
           it is assumed that we are using TLS and the server uses that certificate and private
           key)

       •   J2F_SOCKET: UNIX Socket to listen on (has no default value, if passed the server
           listens for HTTP requests on a UNIX socket ignoring the address, port and TLS
           settings); this is the preferred mode when the service is accessed using NGINX as a
           reverse proxy

       By default the system saves the JSON data received in the sub folder of J2F_BASEDIR that
       matches the requested directory name using files with names of the form TIMESTAMP.json,
       where the format of TIMESTAMP is YYYYmmdd-HHMMSS.MS.json.

       While this program does nothing else, the files are usually processed by scripts launched
       by cron(8) or incrond(8).

       To be able to work with systemd.socket(5) when the application launches it checks if the
       variable LISTEN_PID is set and in that case the J2F_HOST, J2F_PORT, J2F_BIND  and
       J2F_SOCKET are ignored and the program listens on the first file descriptor available
       after stdout (the one with value 3) ignoring other descriptors if any (the daemon only
       listens on a file descriptor). Note that in this case the J2F_CERTFILE and J2F_KEYFILE are
       NOT ignored (systemd can pass us a file descriptor where we should use HTTPS).

       If the program is launched without systemd and the variables J2F_HOST, J2F_PORT, J2F_BIND
       or J2F_SOCKET have no value the program tries to listen on 0.0.0.0:80 (or 0.0.0.0:443 if
       we provide a certificate and a key file).

CONFIGURATION

       The binary does not read any configuration files by itself, but the packaged version
       includes a helper script (/usr/lib/json2file-go/json2file-go) to adjust environment
       variables when launching the program with systemd or other init systems (see the
       /usr/share/doc/json2file-go/examples directory for samples).

       The launcher script reads files from the directory /etc/json2file-go and adjusts the
       variables as follows:

       •   dirlist (file with lines of the form 'dir:token' that are passed on the variable
           J2F_DIRLIST separated by ';'). This file is required when using systemd.

       •   basedir (value of the J2F_BASEDIR variable), has a default value when using systemd

       •   debug (value of the J2F_DEBUG variable)

       •   signature_headers (lines with of HTTP header names that can contain signature hashes,
           the values are stored separated by commas on the environment variable
           J2F_SIGNATURE_HEADERS)

       •   token_headers (lines with of HTTP header names that can contain authorization tokens,
           the values are stored separated by commas on the environment variable
           J2F_TOKEN_HEADERS)

       •   token_fields (lines with names of JSON fields that can contain authorization tokens,
           the values are stored separated by commas on the environment variable
           J2F_TOKEN_FIELDS)

       •   url_prefix (value of the J2F_URL_PREFIX)

       •   bind (value of the J2F_BIND variable)

       •   host (value of the J2F_HOST variable)

       •   port (value of the J2F_PORT variable)

       •   certfile (value of the J2F_CERFILE variable)

       •   keyfile (value of the J2F_KEYFILE variable)

       •   socket (value of the J2F_SOCKET variable)

BUGS

       None so far... ;)

AUTHOR

       json2file was originally written by Sergio Talens-Oliag in Python using the Flask micro
       framework, later it was rewritten using FastAPI (another Python framework) and to make it
       lighter for container usage this third version in Go was born.

SEE ALSO

       docker(1), systemd(1), incrond(8)

COPYING

       Copyright (c) 2019-2020 Sergio Talens-Oliag. Free use of this software is granted under
       the terms of the Apache License Version 2.0.

                                            2023-08-24                            JSON2FILE-GO(8)