Mirrors/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2026-01-23 02:24:24 +00:00
Code Issues Projects Releases Wiki Activity
photoprism/internal/server
History
Michael Mayer d4287ef81a Server: Refactor Gzip exclusions to use a custom func #5384 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-12-12 12:57:58 +01:00
..
limiter Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
process Server: Move process handling and shutdown to separate package #4767 2025-02-04 19:05:26 +01:00
wellknown Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
api.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
api_docs.go Backend: Remove legacy Go build tags #5330 2025-11-22 09:24:28 +01:00
autotls.go HTTP: Refactor Unix socket support #2337 #3595 2023-08-14 10:43:05 +02:00
extensions.go Config: Show error if originals and storage path seem identical #1642 2024-01-21 14:22:16 +01:00
fail.go Server: Move process handling and shutdown to separate package #4767 2025-02-04 19:05:26 +01:00
gzip.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
gzip_test.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
logger.go Security: Add http rate limiter and auto tls mode #98 2022-10-11 22:44:11 +02:00
methods.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
README.md CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
recovery.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
routes.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
routes_sharing.go API: Add missing Swagger annotations and update swagger.json 2025-10-30 11:00:16 +01:00
routes_static.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
routes_test.go PWA: Improve handling of service worker requests #5274 2025-10-19 07:25:50 +02:00
routes_webapp.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
routes_webdav.go Backend: Refactor middleware naming and improve code comments #5235 2025-09-30 23:25:53 +02:00
routes_wellknown.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
security.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
server.go Backend: Update copyright notices 2025-01-09 10:28:17 +01:00
server_test.go TestMain: Handle "defer" before os.Exit #5330 2025-11-21 18:58:36 +01:00
start.go Server: Refactor Gzip exclusions to use a custom func #5384 2025-12-12 12:57:58 +01:00
static.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
sw_fallback.go Config: Add StaticBuildFile() and StaticImgFile() functions #5274 2025-10-18 09:09:56 +02:00
sw_fallback.js PWA: Include minimal no-op service worker for tests #5274 2025-10-17 20:41:22 +02:00
webdav.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
webdav_actions_test.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00
webdav_auth.go Logs: Add package pkg/log/status to provide generic outcome constants 2025-10-21 14:42:05 +02:00
webdav_auth_session.go Logs: Add package pkg/log/status to provide generic outcome constants 2025-10-21 14:42:05 +02:00
webdav_auth_test.go Pkg: Move /service/http/... to /http/... and add package /http/dns 2025-10-19 21:08:48 +02:00
webdav_secure_test.go Backend: Introduce optimized test config helpers to improve performance 2025-09-25 23:09:52 +02:00
webdav_write_test.go CI: Apply Go linter recommendations to "internal/server" package #5330 2025-11-22 13:09:32 +01:00

README.md

PhotoPrism — HTTP Server

Last Updated: November 22, 2025

Overview

internal/server wires Gin, middleware, and configuration into the PhotoPrism HTTP/HTTPS/WebDAV servers. It owns startup/shutdown orchestration, route registration, and helpers for recovery/logging. Subpackages (process, limits, etc.) are kept lightweight so CLI commands and workers can embed the same server behavior without duplicating boilerplate.

Context & Constraints

  • Uses the configured config.Config to decide TLS, AutoTLS, Unix sockets, proxies, compression, and trusted headers.
  • Middleware must stay small and deterministic because it runs on every request; heavy logic belongs in handlers.
  • Panics are recovered by Recovery() which logs stack traces and returns 500.
  • Startup supports mutually exclusive endpoints: Unix socket, HTTPS with certs, AutoTLS (with redirect listener), or plain HTTP.

Goals

  • Provide a single entrypoint (Start) that configures listeners, middleware, and routes consistently.
  • Keep health/readiness endpoints lightweight and cache-safe.
  • Ensure redirect and TLS listeners include sensible timeouts.

Non-Goals

  • Managing Docker/Traefik lifecycle (handled by compose files).
  • Serving static files directly; templates are loaded via Gin and routed by routes_webapp.go.

Package Layout (Code Map)

  • start.go — main startup flow, listener selection (HTTP/HTTPS/AutoTLS/Unix socket), graceful shutdown.
  • routes_webapp.go — Web UI routes and shared method helpers (MethodsGetHead).
  • recovery.go — panic recovery middleware with stack trace logging.
  • logger.go — request logging middleware (enabled in debug mode).
  • security.go — security headers and trusted proxy/platform handling.
  • webdav_*.go & tests — WebDAV handlers and regression tests for overwrite, traversal, and metadata flags.
  • process/ — light wrappers for server process metadata.

Related Packages

  • internal/api — registers REST endpoints consumed by registerRoutes.
  • internal/config — supplies HTTP/TLS/socket settings, compression, proxies, and base URI paths.
  • internal/server/process — exposes process ID for logging.
  • pkg/http/header — shared HTTP header constants used by health endpoints.

Configuration & Safety Notes

  • Compression: only gzip is enabled; brotli requests log a notice.
  • Trusted proxies/platform headers are read from config; misconfiguration may expose client IP spoofing—keep the list tight.
  • AutoTLS: uses autocert and spins up a redirect listener with explicit read/write timeouts; ensure ports 80/443 are reachable.
  • Unix sockets: optional force query removes stale sockets; permissions can be set via mode query.
  • Health endpoints (/livez, /health, /healthz, /readyz) return Cache-Control: no-store and Access-Control-Allow-Origin: *.

Testing

  • Lint & unit tests: golangci-lint run ./internal/server... and go test ./internal/server/...
  • WebDAV behaviors are covered by webdav_*_test.go; they rely on temp directories and in-memory routers.

Operational Tips

  • Prefer Start with context cancellation so graceful shutdown is triggered (server.Close()).
  • When adding routes, register them in registerRoutes and reuse MethodsGetHead for safe verbs.
  • Keep middleware light; log or enforce security at the edge (Traefik) when possible, but maintain server-side defaults for defense in depth.