k2hr3-api 1.0.42 → 2.0.0

package/config/k2hr3-init.sh.templ

@@ -234,13 +234,13 @@ check_create_file()
 		_LOCAL_CC_MODE=0644
 	fi
 
-	if [ -f "${_LOCAL_CC_FILE}" ]; then
+	if [ -n "${_LOCAL_CC_FILE}" ] && [ -f "${_LOCAL_CC_FILE}" ]; then
 		_LOCAL_CC_TMP=$(tr -d '\n' < "${_LOCAL_CC_FILE}" 2>/dev/null)
 
 		# [NOTE]
 		# Since the condition becomes complicated, use "X"(temporary word).
 		#
-		if [ "X${_LOCAL_CC_TMP}" = "X${_LOCAL_CC_VALUE}" ]; then
+		if [ -n "${_LOCAL_CC_VALUE}" ] && [ -n "${_LOCAL_CC_VALUE}" ] && [ "${_LOCAL_CC_TMP}" = "${_LOCAL_CC_VALUE}" ]; then
 			# Same value, thus nothing to do
 			return 0
 		fi

package/dist/src/app.js

@@ -0,0 +1,262 @@
+"use strict";
+/*
+ * K2HR3 REST API
+ *
+ * Copyright 2017 Yahoo Japan Corporation.
+ *
+ * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers
+ * common management information for the cloud.
+ * K2HR3 can dynamically manage information as "who", "what", "operate".
+ * These are stored as roles, resources, policies in K2hdkc, and the
+ * client system can dynamically read and modify these information.
+ *
+ * For the full copyright and license information, please view
+ * the license file that was distributed with this source code.
+ *
+ * AUTHOR:   Takeshi Nakatani
+ * CREATE:   Wed Jun 8 2017
+ * REVISION:
+ *
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+//---------------------------------------------------------
+// Imports
+//---------------------------------------------------------
+const path_1 = __importDefault(require("path"));
+const morgan_1 = __importDefault(require("morgan"));
+const cookie_parser_1 = __importDefault(require("cookie-parser"));
+const body_parser_1 = __importDefault(require("body-parser"));
+const k2hr3apiutil_1 = __importDefault(require("./lib/k2hr3apiutil"));
+const k2hr3resutil_1 = __importDefault(require("./lib/k2hr3resutil"));
+const express_1 = __importDefault(require("express"));
+//
+// Load Configuration
+//
+const k2hr3config_1 = require("./lib/k2hr3config");
+const apiConf = new k2hr3config_1.r3ApiConfig();
+//
+// Load variables
+//
+// - Local Tenants
+// - Load CORS(Cross-Origin Resource Sharing) Setting
+//
+// [NOTE][TODO]
+// It specifies a web development machine for temporary debugging.
+// In future we plan to specify with K2HR3 role.
+//
+let is_localtenants = true;
+const cors_ips = [];
+(() => {
+    is_localtenants = apiConf.isLocalTenants();
+    if (k2hr3apiutil_1.default.isSafeEntity(apiConf) && k2hr3apiutil_1.default.isNotEmptyArray(apiConf.getCORSIPs())) {
+        k2hr3apiutil_1.default.mergeArray(cors_ips, apiConf.getCORSIPs());
+    }
+})();
+//---------------------------------------------------------
+// Environments
+//---------------------------------------------------------
+// NODE_ENV(development or production)
+// NODE_LOGGER(if 'no', not logging by morgan)
+//
+const is_product = k2hr3apiutil_1.default.compareCaseString(k2hr3apiutil_1.default.getSafeString(process.env.NODE_ENV), 'production');
+const is_logging = !k2hr3apiutil_1.default.compareCaseString(k2hr3apiutil_1.default.getSafeString(process.env.NODE_LOGGER), 'no');
+//---------------------------------------------------------
+// Routes
+//---------------------------------------------------------
+const version_1 = __importDefault(require("./routes/version"));
+const userTokens_1 = __importDefault(require("./routes/userTokens"));
+const policy_1 = __importDefault(require("./routes/policy"));
+const resource_1 = __importDefault(require("./routes/resource"));
+const role_1 = __importDefault(require("./routes/role"));
+const service_1 = __importDefault(require("./routes/service"));
+const acr_1 = __importDefault(require("./routes/acr"));
+const list_1 = __importDefault(require("./routes/list"));
+const userdata_1 = __importDefault(require("./routes/userdata"));
+const extdata_1 = __importDefault(require("./routes/extdata"));
+const tenant_1 = __importDefault(require("./routes/tenant"));
+const debugVerify_1 = __importDefault(require("./routes/debugVerify"));
+let tenant = null;
+if (is_localtenants) {
+    tenant = tenant_1.default;
+}
+let verify = null;
+if (!is_product) {
+    verify = debugVerify_1.default;
+}
+//
+// Express objects
+//
+const app = (0, express_1.default)();
+const userExp = (0, express_1.default)();
+const policyExp = (0, express_1.default)();
+const resourceExp = (0, express_1.default)();
+const roleExp = (0, express_1.default)();
+const serviceExp = (0, express_1.default)();
+const acrExp = (0, express_1.default)();
+const listExp = (0, express_1.default)();
+const userdataExp = (0, express_1.default)();
+const extdataExp = (0, express_1.default)();
+let tenantExp = null;
+if (is_localtenants) {
+    tenantExp = (0, express_1.default)();
+}
+let verifyExp = null;
+if (!is_product) {
+    verifyExp = (0, express_1.default)();
+}
+//---------------------------------------------------------
+// Trusted proxy
+//---------------------------------------------------------
+// [NOTE][TODO]
+// We set trusted proxy as only loopback now.
+// Here, we need to add CDN/Proxy for our NW, but pending now.
+//
+app.set('trust proxy', 'loopback');
+userExp.set('trust proxy', 'loopback');
+policyExp.set('trust proxy', 'loopback');
+resourceExp.set('trust proxy', 'loopback');
+roleExp.set('trust proxy', 'loopback');
+serviceExp.set('trust proxy', 'loopback');
+acrExp.set('trust proxy', 'loopback');
+listExp.set('trust proxy', 'loopback');
+userdataExp.set('trust proxy', 'loopback');
+extdataExp.set('trust proxy', 'loopback');
+if (tenantExp) {
+    tenantExp.set('trust proxy', 'loopback');
+}
+if (verifyExp) {
+    verifyExp.set('trust proxy', 'loopback');
+}
+//
+// CORS(Cross-Origin Resource Sharing) Controller
+//
+app.use((req, res, next) => {
+    //
+    // Do not allow CORS for userToken without tenant name(=put/post unscoped token)
+    //
+    const userTokenUrlExp = new RegExp('^/v1/user/tokens(.*)');
+    if (req.socket.localAddress !== req.socket.remoteAddress && k2hr3apiutil_1.default.isNotEmptyArray(k2hr3apiutil_1.default.getSafeString(req.url).match(userTokenUrlExp))) {
+        //
+        // case of POST/PUT userToken
+        //
+        if (!k2hr3apiutil_1.default.findStringInArray(apiConf.getCORSIPs(), req.socket.remoteAddress) && !k2hr3apiutil_1.default.findStringInArray(apiConf.getCORSIPs(), '*')) {
+            // [NOTE]
+            // If allowcredauth is true in configuration and password is specified on PUT method,
+            // it allows authorization by credential(username/password).
+            // This case is used for accessing keystone directly.
+            // (The password is empty is allowed.)
+            //
+            if ((k2hr3apiutil_1.default.compareCaseString(req.method, 'PUT') && k2hr3apiutil_1.default.isSafeEntity(req.query) && k2hr3apiutil_1.default.isSafeString(req.query.username) && !(apiConf.isAllowedCredentialAccess() && k2hr3apiutil_1.default.isSafeEntity(req.query.password))) ||
+                (k2hr3apiutil_1.default.compareCaseString(req.method, 'POST') && k2hr3apiutil_1.default.isSafeEntity(req.body) && k2hr3apiutil_1.default.isSafeEntity(req.body.auth) && k2hr3apiutil_1.default.isSafeEntity(req.body.auth.passwordCredentials))) {
+                //
+                // case of specified user credentials(except specified unscoped token)
+                //
+                const result = {
+                    result: false,
+                    message: 'not allow CORS(cross-origin resource sharing) to /v1/user/tokens'
+                };
+                k2hr3resutil_1.default.errResponse(req, res, 405, result, 'application/json; charset=utf-8');
+                return;
+            }
+        }
+    }
+    //
+    // Origin is specified, allow it.
+    //
+    if (k2hr3apiutil_1.default.isSafeString(req.headers.origin)) {
+        res.header('Access-Control-Allow-Origin', req.headers.origin);
+        res.header('Access-Control-Allow-Headers', 'Origin,X-Requested-With,X-HTTP-Method-Override,Content-Type,Accept,X-Auth-Token,x-k2hr3-debug');
+        res.header('Access-Control-Allow-Methods', 'HEAD,POST,GET,PUT,DELETE,OPTIONS');
+        res.header('Access-Control-Expose-Headers', 'X-Auth-Token,x-k2hr3-error');
+        res.header('Access-Control-Allow-Credentials', 'true');
+        res.header('Access-Control-Max-Age', '86400');
+    }
+    next();
+});
+//---------------------------------------------------------
+// Express
+//---------------------------------------------------------
+//
+// Setting for express
+//
+if (is_logging) {
+    //
+    // Setup Log
+    //
+    const format = apiConf.getAccessLogFormat() ?? 'combined';
+    const options = apiConf.getMorganLoggerOption(__dirname) ?? undefined;
+    app.use((0, morgan_1.default)(format, options));
+}
+app.use(body_parser_1.default.json());
+app.use(body_parser_1.default.urlencoded({ extended: false }));
+app.use((0, cookie_parser_1.default)());
+app.use(express_1.default.static(path_1.default.join(__dirname, 'public')));
+app.use('/status.html', express_1.default.static(__dirname + '/public/status.html'));
+//
+// Route mapping
+//
+app.use('/', version_1.default); // '/'
+app.use('/v1', version_1.default); // '/v1'
+userExp.use('/', userTokens_1.default); // '/v1/user/tokens'
+policyExp.use('/', policy_1.default); // '/v1/policy'
+resourceExp.use('/', resource_1.default); // '/v1/resource'
+roleExp.use('/', role_1.default); // '/v1/role'
+serviceExp.use('/', service_1.default); // '/v1/service'
+acrExp.use('/', acr_1.default); // '/v1/acr'
+listExp.use('/', list_1.default); // '/v1/list'
+userdataExp.use('/', userdata_1.default); // '/v1/userdata'
+extdataExp.use('/', extdata_1.default); // '/v1/extdata'
+if (tenantExp && tenant) {
+    tenantExp.use('/', tenant); // '/v1/tenant'
+}
+if (verifyExp && verify) {
+    verifyExp.use('/', verify); // '/v1/debug/verify*'
+}
+app.use(/^\/v1\/user\/tokens(?:\/.*)?$/, userExp); // mountpath:	'/v1/user/tokens*'
+app.use(/^\/v1\/policy(?:\/.*)?$/, policyExp); // mountpath:	'/v1/policy*'
+app.use(/^\/v1\/resource(?:\/.*)?$/, resourceExp); // mountpath:	'/v1/resource*'
+app.use(/^\/v1\/role(?:\/.*)?$/, roleExp); // mountpath:	'/v1/role*'
+app.use(/^\/v1\/service(?:\/.*)?$/, serviceExp); // mountpath:	'/v1/service*'
+app.use(/^\/v1\/acr(?:\/.*)?$/, acrExp); // mountpath:	'/v1/acr*'
+app.use(/^\/v1\/list(?:\/.*)?$/, listExp); // mountpath:	'/v1/list*'
+app.use(/^\/v1\/userdata(?:\/.*)?$/, userdataExp); // mountpath:	'/v1/userdata*'
+app.use(/^\/v1\/extdata(?:\/.*)?$/, extdataExp); // mountpath:	'/v1/extdata*'
+if (tenantExp) {
+    app.use(/^\/v1\/tenant(?:\/.*)?$/, tenantExp); // mountpath:	'/v1/tenant*'
+}
+if (verifyExp) {
+    app.use(/^\/v1\/debug\/verify(?:\/.*)?$/, verifyExp); // mountpath:	'/v1/debug/verify*'
+}
+app.use((req, res, next) => {
+    const err = new Error('Not Found');
+    err.status = 404;
+    next(err);
+});
+//
+// error handler
+//
+app.use((err, req, res, _next) => {
+    // set locals, only providing error in development
+    res.locals.message = err.message;
+    res.locals.error = req.app.get('env') === 'development' ? err : {};
+    const result = {
+        result: false,
+        message: 'Internal server error'
+    };
+    k2hr3resutil_1.default.errResponse(req, res, (err.status || 500), result, 'application/json; charset=utf-8');
+});
+//---------------------------------------------------------
+// Exports
+//---------------------------------------------------------
+exports.default = app;
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noexpandtab sw=4 ts=4 fdm=marker
+ * vim<600: noexpandtab sw=4 ts=4
+ */

package/{bin → dist/src/bin}/run.sh

@@ -32,7 +32,7 @@ SRCTOP=$(cd "${SCRIPTDIR}/.." || exit 1; pwd)
 CMDLINE_COMMAND="$0"
 CMDLINE_PARAMETERS="$*"
 
-LOCAL_HOSTNAME="$(hostname | tr -d '\n')"
+LOCAL_HOSTNAME="$(hostname -f | tr -d '\n')"
 PID_FILE_BASEDIR="/var/run/antpickax"
 PID_FILE_TMPDIR="/tmp"
 

package/dist/src/bin/watcher.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+"use strict";
+/*
+ * K2HR3 REST API
+ *
+ * Copyright 2017 Yahoo Japan Corporation.
+ *
+ * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers
+ * common management information for the cloud.
+ * K2HR3 can dynamically manage information as "who", "what", "operate".
+ * These are stored as roles, resources, policies in K2hdkc, and the
+ * client system can dynamically read and modify these information.
+ *
+ * For the full copyright and license information, please view
+ * the license file that was distributed with this source code.
+ *
+ * AUTHOR:   Takeshi Nakatani
+ * CREATE:   Wed Oct 24 2018
+ * REVISION:
+ *
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+//
+// Module dependencies.
+//
+const k2hr3apiutil_1 = __importDefault(require("../lib/k2hr3apiutil"));
+const ipwatch_1 = __importDefault(require("../lib/ipwatch"));
+const dbglogging_1 = __importDefault(require("../lib/dbglogging"));
+const k2hr3config_1 = require("../lib/k2hr3config");
+const apiConf = new k2hr3config_1.r3ApiConfig();
+//
+// Setup console logging
+//
+apiConf.setConsoleLogging(__dirname + '/..', true); // replace output from stdout/stderr to file if set in config
+// Globals
+let intervalobj = null;
+//
+// Process/Signal handlering
+//
+const procSignal = (reason, code) => {
+    if (k2hr3apiutil_1.default.compareCaseString(reason, 'exit')) {
+        dbglogging_1.default.elog('K2HR3 watcher exit with status code : ' + (k2hr3apiutil_1.default.isSafeNumber(code) ? code.toString() : 'unknown'));
+    }
+    else {
+        dbglogging_1.default.elog('K2HR3 watcher caught signal : ' + k2hr3apiutil_1.default.getSafeString(reason));
+    }
+    if (intervalobj) {
+        clearInterval(intervalobj);
+        intervalobj = null;
+    }
+};
+process.on('exit', (code) => { procSignal('exit', code); });
+process.on('SIGHUP', () => { procSignal('SIGHUP'); });
+process.on('SIGINT', () => { procSignal('SIGINT'); });
+process.on('SIGBREAK', () => { procSignal('SIGBREAK'); });
+process.on('SIGTERM', () => { procSignal('SIGTERM'); });
+//
+// OneShot callback
+//
+const oneshotCallback = (result) => {
+    if (k2hr3apiutil_1.default.isBoolean(result) && result) {
+        dbglogging_1.default.dlog('K2HR3 watcher oneshot result : Succeed');
+        process.exit(0);
+    }
+    else {
+        dbglogging_1.default.elog('K2HR3 watcher oneshot result : Failed');
+        process.exit(1);
+    }
+};
+//
+// Process parameter
+//
+let oneshotCB = null;
+if (k2hr3apiutil_1.default.isNotEmptyArray(process.argv)) {
+    for (let cnt = 2; cnt < process.argv.length; ++cnt) { // argv[0] = 'node', argv[1] = 'this program'
+        if (k2hr3apiutil_1.default.isSafeString(process.argv[cnt]) ||
+            k2hr3apiutil_1.default.compareCaseString(process.argv[cnt], '--oneshot') ||
+            k2hr3apiutil_1.default.compareCaseString(process.argv[cnt], '-os')) {
+            oneshotCB = oneshotCallback;
+        }
+    }
+}
+//
+// Check wathcer type
+//
+if (ipwatch_1.default.isNocheckType() || ipwatch_1.default.isListenerType()) {
+    dbglogging_1.default.elog('K2HR3 watcher type defined ' + ipwatch_1.default.getType() + ' in configuration, thus could not run watcher.');
+    process.exit(1);
+}
+//
+// Run watcher interval loop
+//
+intervalobj = ipwatch_1.default.watchAddressesAlive(oneshotCB);
+if (!intervalobj) {
+    if (null != oneshotCB) {
+        // nothig to do here
+    }
+    else {
+        dbglogging_1.default.elog('K2HR3 watcher could not run.');
+        process.exit(1);
+    }
+}
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noexpandtab sw=4 ts=4 fdm=marker
+ * vim<600: noexpandtab sw=4 ts=4
+ */

package/dist/src/bin/www.js

@@ -0,0 +1,217 @@
+#!/usr/bin/env node
+"use strict";
+/*
+ * K2HR3 REST API
+ *
+ * Copyright 2017 Yahoo Japan Corporation.
+ *
+ * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers
+ * common management information for the cloud.
+ * K2HR3 can dynamically manage information as "who", "what", "operate".
+ * These are stored as roles, resources, policies in K2hdkc, and the
+ * client system can dynamically read and modify these information.
+ *
+ * For the full copyright and license information, please view
+ * the license file that was distributed with this source code.
+ *
+ * AUTHOR:   Takeshi Nakatani
+ * CREATE:   Wed Jun 8 2017
+ * REVISION:
+ *
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+//
+// Module dependencies.
+//
+const app_1 = __importDefault(require("../app"));
+const debug_1 = __importDefault(require("debug"));
+const fs_1 = __importDefault(require("fs"));
+const os_1 = __importDefault(require("os"));
+const cluster_1 = __importDefault(require("cluster"));
+const https = __importStar(require("https"));
+const http = __importStar(require("http"));
+const k2hr3apiutil_1 = __importDefault(require("../lib/k2hr3apiutil"));
+const k2hr3config_1 = require("../lib/k2hr3config");
+const dbg = (0, debug_1.default)('k2hr3-api:server');
+const numCPUs = os_1.default.cpus().length;
+const apiConf = new k2hr3config_1.r3ApiConfig();
+const key = apiConf.getPrivateKey(); // allow empty
+const cert = apiConf.getCert(); // allow empty
+const ca = apiConf.getCA(); // allow empty
+const user = apiConf.getRunUser(); // allow empty
+const port = apiConf.getPort();
+let server;
+//
+// Event listener for HTTP server "error" event.
+//
+const onError = (error) => {
+    if ('listen' !== error.syscall) {
+        throw error;
+    }
+    const bind = k2hr3apiutil_1.default.isString(port) ? ('Pipe ' + port) : ('Port ' + String(port));
+    // handle specific listen errors with friendly messages
+    switch (error.code) {
+        case 'EACCES':
+            console.error(bind + ' requires elevated privileges');
+            process.exit(1);
+            break;
+        case 'EADDRINUSE':
+            console.error(bind + ' is already in use');
+            process.exit(1);
+            break;
+        default:
+            throw error;
+    }
+};
+//
+// Event listener for HTTP server "listening" event.
+//
+const onListening = () => {
+    const addr = server.address();
+    if (!k2hr3apiutil_1.default.isSafeEntity(addr)) {
+        dbg('Server address is null');
+    }
+    else {
+        if (k2hr3apiutil_1.default.isString(addr)) {
+            const bind = 'pipe ' + addr;
+            dbg('Listening on ' + bind);
+        }
+        else if (k2hr3apiutil_1.default.isSafeNumeric(addr.port)) {
+            const bind = 'port ' + String(addr.port);
+            dbg('Listening on ' + bind);
+        }
+        else {
+            dbg('Server address is unknown');
+        }
+    }
+};
+//
+// Setup console logging
+//
+apiConf.setConsoleLogging(__dirname + '/..', false); // replace output from stdout/stderr to file if set in config
+if (cluster_1.default.isPrimary && (!k2hr3apiutil_1.default.isSafeEntity(apiConf.isMultiProc()) || false !== apiConf.isMultiProc())) {
+    console.log(`Master ${process.pid} is running`);
+    // Fork workers.
+    for (let cnt = 0; cnt < numCPUs; ++cnt) {
+        cluster_1.default.fork();
+    }
+    cluster_1.default.on('exit', (worker, code, signal) => {
+        if (k2hr3apiutil_1.default.isString(signal)) {
+            console.log(`worker was killed by signal: ${signal}`);
+        }
+        else if (0 !== code) {
+            console.log(`worker exited with error code: ${code}`);
+        }
+        else {
+            console.log(`worker ${worker.process.pid} died`);
+        }
+    });
+}
+else {
+    //
+    // Get port from environment and store in Express.
+    //
+    let options = {};
+    let secure = false;
+    //
+    // scheme
+    //
+    if ('https' == apiConf.getScheme() || 'HTTPS' == apiConf.getScheme()) {
+        secure = true;
+        options = {
+            key: fs_1.default.readFileSync(key),
+            cert: fs_1.default.readFileSync(cert),
+            ca: fs_1.default.readFileSync(ca)
+        };
+    }
+    else if ('http' == apiConf.getScheme() || 'HTTP' == apiConf.getScheme()) {
+        secure = false;
+    }
+    else {
+        console.log('scheme value(' + apiConf.getScheme() + ') in config is wrong');
+        process.exit(1);
+    }
+    //
+    // Others
+    //
+    const hostname = os_1.default.hostname() || '127.0.0.1';
+    //
+    // Store in Express.
+    //
+    app_1.default.set('port', port);
+    //
+    // Create HTTP server.
+    //
+    if (secure) {
+        server = https.createServer(options, app_1.default);
+    }
+    else {
+        server = http.createServer(app_1.default);
+    }
+    //
+    // Listen on provided port, on all network interfaces.
+    //
+    server.listen(port, () => {
+        if (k2hr3apiutil_1.default.isSafeString(user)) {
+            console.log('Attempting setuid to user "' + user + '"...');
+            if (k2hr3apiutil_1.default.isFunction(process.setuid)) {
+                try {
+                    process.setuid(user);
+                    console.log('Succeeded to setuid');
+                }
+                catch (err) {
+                    console.log('Failed to setuid', JSON.stringify(err));
+                    process.exit(1);
+                }
+            }
+        }
+    });
+    server.on('error', onError);
+    server.on('listening', onListening);
+    console.log('Server running at ' + apiConf.getScheme() + '://' + hostname + ':' + port + '/');
+    console.log(`Worker ${process.pid} started`);
+}
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noexpandtab sw=4 ts=4 fdm=marker
+ * vim<600: noexpandtab sw=4 ts=4
+ */