Mirrors/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2026-01-23 10:26:03 +00:00
Code Issues Projects Releases Wiki Activity
photoprism/internal/server
History
Exact
Keith Martin 4b2ddf6d18 Merge remote-tracking branch 'origin/develop' into PostgreSQL
2025-12-19 19:57:58 +10:00
..
limiter Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
process Server: Move process handling and shutdown to separate package #4767 2025-02-04 19:05:26 +01:00
wellknown Tests: only check for db errors when using a db config 2025-10-22 12:27:40 +10:00
api.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
api_docs.go Backend: Remove legacy Go build tags #5330 2025-11-22 09:24:28 +01:00
autotls.go HTTP: Refactor Unix socket support #2337 #3595 2023-08-14 10:43:05 +02:00
extensions.go Config: Show error if originals and storage path seem identical #1642 2024-01-21 14:22:16 +01:00
fail.go Server: Move process handling and shutdown to separate package #4767 2025-02-04 19:05:26 +01:00
gzip.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
gzip_test.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
logger.go Security: Add http rate limiter and auto tls mode #98 2022-10-11 22:44:11 +02:00
methods.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
README.md CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
recovery.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
routes.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
routes_sharing.go API: Add missing Swagger annotations and update swagger.json 2025-10-30 11:00:16 +01:00
routes_static.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
routes_test.go PWA: Improve handling of service worker requests #5274 2025-10-19 07:25:50 +02:00
routes_webapp.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
routes_webdav.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
routes_wellknown.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
security.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
server.go Backend: Update copyright notices 2025-01-09 10:28:17 +01:00
server_test.go Merge tag '251130-b3068414c' into PostgreSQL 2025-12-01 17:16:33 +10:00
start.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
static.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
sw_fallback.go Config: Add StaticBuildFile() and StaticImgFile() functions #5274 2025-10-18 09:09:56 +02:00
sw_fallback.js PWA: Include minimal no-op service worker for tests #5274 2025-10-17 20:41:22 +02:00
webdav.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
webdav_actions_test.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
webdav_auth.go Logs: Add package pkg/log/status to provide generic outcome constants 2025-10-21 14:42:05 +02:00
webdav_auth_session.go Logs: Add package pkg/log/status to provide generic outcome constants 2025-10-21 14:42:05 +02:00
webdav_auth_test.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
webdav_secure_test.go Tests: improve commands tests database handling, add more tests, disable hiding help in tests, fix remove use of DatabaseDSN for filenames, ensure migrations and versions are handled for tests and add busy_timeout for sqlite 2025-09-30 14:02:00 +10:00
webdav_write_test.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00

README.md

PhotoPrism — HTTP Server

Last Updated: November 22, 2025

Overview

internal/server wires Gin, middleware, and configuration into the PhotoPrism HTTP/HTTPS/WebDAV servers. It owns startup/shutdown orchestration, route registration, and helpers for recovery/logging. Subpackages (process, limits, etc.) are kept lightweight so CLI commands and workers can embed the same server behavior without duplicating boilerplate.

Context & Constraints

  • Uses the configured config.Config to decide TLS, AutoTLS, Unix sockets, proxies, compression, and trusted headers.
  • Middleware must stay small and deterministic because it runs on every request; heavy logic belongs in handlers.
  • Panics are recovered by Recovery() which logs stack traces and returns 500.
  • Startup supports mutually exclusive endpoints: Unix socket, HTTPS with certs, AutoTLS (with redirect listener), or plain HTTP.

Goals

  • Provide a single entrypoint (Start) that configures listeners, middleware, and routes consistently.
  • Keep health/readiness endpoints lightweight and cache-safe.
  • Ensure redirect and TLS listeners include sensible timeouts.

Non-Goals

  • Managing Docker/Traefik lifecycle (handled by compose files).
  • Serving static files directly; templates are loaded via Gin and routed by routes_webapp.go.

Package Layout (Code Map)

  • start.go — main startup flow, listener selection (HTTP/HTTPS/AutoTLS/Unix socket), graceful shutdown.
  • routes_webapp.go — Web UI routes and shared method helpers (MethodsGetHead).
  • recovery.go — panic recovery middleware with stack trace logging.
  • logger.go — request logging middleware (enabled in debug mode).
  • security.go — security headers and trusted proxy/platform handling.
  • webdav_*.go & tests — WebDAV handlers and regression tests for overwrite, traversal, and metadata flags.
  • process/ — light wrappers for server process metadata.

Related Packages

  • internal/api — registers REST endpoints consumed by registerRoutes.
  • internal/config — supplies HTTP/TLS/socket settings, compression, proxies, and base URI paths.
  • internal/server/process — exposes process ID for logging.
  • pkg/http/header — shared HTTP header constants used by health endpoints.

Configuration & Safety Notes

  • Compression: only gzip is enabled; brotli requests log a notice.
  • Trusted proxies/platform headers are read from config; misconfiguration may expose client IP spoofing—keep the list tight.
  • AutoTLS: uses autocert and spins up a redirect listener with explicit read/write timeouts; ensure ports 80/443 are reachable.
  • Unix sockets: optional force query removes stale sockets; permissions can be set via mode query.
  • Health endpoints (/livez, /health, /healthz, /readyz) return Cache-Control: no-store and Access-Control-Allow-Origin: *.

Testing

  • Lint & unit tests: golangci-lint run ./internal/server... and go test ./internal/server/...
  • WebDAV behaviors are covered by webdav_*_test.go; they rely on temp directories and in-memory routers.

Operational Tips

  • Prefer Start with context cancellation so graceful shutdown is triggered (server.Close()).
  • When adding routes, register them in registerRoutes and reuse MethodsGetHead for safe verbs.
  • Keep middleware light; log or enforce security at the edge (Traefik) when possible, but maintain server-side defaults for defense in depth.