Connecting the servers

So we have our Config struct, and our NewRaftSetup generator. We need two more things before we can implement our actual get, set and delete functions. The first is an Add handler, and the second is a redirector middleware.

Our Add handler is pretty simple:

This function returns an HTTP handler, which is a function: func(w http.ResponseWriter, r *http.Request). This creates an anonymous function on return. This might seem a bit weird, but the reason we are doing this is so that we can inject the configuration from our Config struct. You'll notice that this handler is quite simple, all it does is parse some JSON, and if it parses it successfully, it adds the request body as a voter to our Raft cluster.

This is both great, and incredibly dangerous! If we now use this handler on our server, any service which makes a POST request to the configured path (which we haven't done yet) becomes a member of our cluster. On top of that we are not validating that the server that sent the message is identifying itself. We are okay with this significant vulnerability only because this server is not available on the public internet. We are relying on the fact that only our code is running on the network that this is deployed on. Trusting your network is a common thing to do, but not recommended in high-security situations. If you're interested in learning more about Zero Trust networks (which is way beyond the scope of this book), check out: Google's BeyondCorp whitepaper, Palo Alto Networks' article on Zero Trust and CrowdStrike's article on Zero Trust.

Next, let's build that middleware.

 

This page is a preview of Reliable Webservers with Go

Please select a discussion on the left.