main.go

package main

import (
	"crypto/tls"
	"fmt"
	"github.com/Sirupsen/logrus"
	logger "github.com/TykTechnologies/tykcommon-logger"
	"github.com/docopt/docopt.go"
	"github.com/evalphobia/logrus_sentry"
	"github.com/gorilla/mux"
	"github.com/justinas/alice"
	osin "github.com/lonelycode/osin"
	"github.com/lonelycode/tykcommon"
	"github.com/rcrowley/goagain"
	"github.com/rs/cors"
	"html/template"
	"io/ioutil"
	"net"
	"net/http"
	"net/url"
	"os"
	"path"
	"path/filepath"
	"runtime/pprof"
	"strconv"
	"strings"
	"time"
)

var log = logger.GetLogger()
var config = Config{}
var templates = &template.Template{}
var analytics = RedisAnalyticsHandler{}
var profileFile = &os.File{}
var GlobalEventsJSVM = &JSVM{}
var doMemoryProfile bool
var doCpuProfile bool
var Policies = make(map[string]Policy)
var MainNotifier = RedisNotifier{}
var DefaultOrgStore = DefaultSessionManager{}
var DefaultQuotaStore = DefaultSessionManager{}
var FallbackKeySesionManager SessionHandler = &DefaultSessionManager{}
var MonitoringHandler TykEventHandler
var RPCListener = RPCStorageHandler{}

var ApiSpecRegister *map[string]*APISpec //make(map[string]*APISpec)
var keyGen = DefaultKeyGenerator{}

var mainRouter *mux.Router
var defaultRouter *mux.Router

var NodeID string

// Generic system error
const (
	E_SYSTEM_ERROR          string = "{\"status\": \"system error, please contact administrator\"}"
	OAUTH_AUTH_CODE_TIMEOUT int    = 60 * 60
	OAUTH_PREFIX            string = "oauth-data."
)

// Display configuration options
func displayConfig() {
	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Info("--> Listening on port: ", config.ListenPort)
}

func getHostName() string {
	hName := config.HostName
	if config.HostName == "" {
		hName = ""
	}

	return hName
}

func pingTest(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "Hello Tiki")
}

// Create all globals and init connection handlers
func setupGlobals() {
	mainRouter = mux.NewRouter()
	if getHostName() != "" {
		defaultRouter = mainRouter.Host(getHostName()).Subrouter()
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("Hostname set: ", getHostName())
	} else {
		defaultRouter = mainRouter
	}

	if (config.EnableAnalytics == true) && (config.Storage.Type != "redis") {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Panic("Analytics requires Redis Storage backend, please enable Redis in the tyk.conf file.")
	}

	// Initialise our Host Checker
	HealthCheckStore := &RedisClusterStorageManager{KeyPrefix: "host-checker:"}
	InitHostCheckManager(HealthCheckStore)

	if config.EnableAnalytics {
		config.loadIgnoredIPs()
		AnalyticsStore := RedisClusterStorageManager{KeyPrefix: "analytics-"}
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Setting up analytics DB connection")

		analytics = RedisAnalyticsHandler{
			Store: &AnalyticsStore,
		}

		analytics.Init()

		if config.AnalyticsConfig.Type == "rpc" {
			log.Debug("Using RPC cache purge")
			thisPurger := RPCPurger{Store: &AnalyticsStore, Address: config.SlaveOptions.ConnectionString}
			thisPurger.Connect()
			analytics.Clean = &thisPurger
			go analytics.Clean.StartPurgeLoop(10)
		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Warn("Cache purging is no longer part of Tyk Gateway, please use Tyk-Pump.")
		}

	}

	//genericOsinStorage = MakeNewOsinServer()

	templateFile := fmt.Sprintf("%s/error.json", config.TemplatePath)
	templates = template.Must(template.ParseFiles(templateFile))

	// Set up global JSVM
	if config.EnableJSVM {
		GlobalEventsJSVM.Init(config.TykJSPath)
	}

	// Get the notifier ready
	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Debug("Notifier will not work in hybrid mode")
	MainNotifierStore := RedisClusterStorageManager{}
	MainNotifierStore.Connect()
	MainNotifier = RedisNotifier{&MainNotifierStore, RedisPubSubChannel}

	if config.Monitor.EnableTriggerMonitors {
		var monitorErr error
		MonitoringHandler, monitorErr = WebHookHandler{}.New(config.Monitor.Config)
		if monitorErr != nil {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Failed to initialise monitor! ", monitorErr)
		}
	}
}

// Pull API Specs from configuration
var APILoader APIDefinitionLoader = APIDefinitionLoader{}

func getAPISpecs() *[]*APISpec {
	var APISpecs *[]*APISpec

	if config.UseDBAppConfigs {
		if config.DBAppConfOptions.ConnectionString != "" {
			connStr := config.DBAppConfOptions.ConnectionString
			connStr = connStr + "/system/apis"

			APISpecs = APILoader.LoadDefinitionsFromDashboardService(connStr, config.NodeSecret)

		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Fatal("No connection string or node ID present. Failing.")
		}

		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Using App Configuration from Dashboard Service")
	} else if config.SlaveOptions.UseRPC {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Using RPC Configuration")
		APISpecs = APILoader.LoadDefinitionsFromRPC(config.SlaveOptions.RPCKey)
	} else {
		APISpecs = APILoader.LoadDefinitions(config.AppPath)
	}

	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Printf("Detected %v APIs", len(*APISpecs))

	if config.AuthOverride.ForceAuthProvider {
		for i, _ := range *APISpecs {
			(*APISpecs)[i].AuthProvider = config.AuthOverride.AuthProvider

		}
	}

	if config.AuthOverride.ForceSessionProvider {
		for i, _ := range *APISpecs {
			(*APISpecs)[i].SessionProvider = config.AuthOverride.SessionProvider
		}
	}

	return APISpecs
}

func getPolicies() {
	thesePolicies := make(map[string]Policy)
	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Debug("Loading policies")

	if config.Policies.PolicyRecordName == "" {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("No policy record name defined, skipping...")
		return
	}

	if config.Policies.PolicySource == "service" {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Using Policies from Dashboard Service")

		if config.Policies.PolicyConnectionString != "" {
			connStr := config.Policies.PolicyConnectionString
			connStr = connStr + "/system/policies"

			thesePolicies = LoadPoliciesFromDashboard(connStr, config.NodeSecret, config.Policies.AllowExplicitPolicyID)

		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Fatal("No connection string or node ID present. Failing.")
		}

	} else if config.Policies.PolicySource == "rpc" {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Using Policies from RPC")
		thesePolicies = LoadPoliciesFromRPC(config.SlaveOptions.RPCKey)
	} else {
		thesePolicies = LoadPoliciesFromFile(config.Policies.PolicyRecordName)
	}

	if len(thesePolicies) > 0 {
		Policies = thesePolicies
		return
	}
}

// Set up default Tyk control API endpoints - these are global, so need to be added first
func loadAPIEndpoints(Muxer *mux.Router) {

	var ApiMuxer *mux.Router
	ApiMuxer = Muxer
	if config.EnableAPISegregation {
		if config.ControlAPIHostname != "" {
			ApiMuxer = Muxer.Host(config.ControlAPIHostname).Subrouter()
		}
	}

	// Add a root message to check all is OK
	ApiMuxer.HandleFunc("/hello", pingTest)

	// set up main API handlers
	ApiMuxer.HandleFunc("/tyk/reload/group", CheckIsAPIOwner(groupResetHandler))
	ApiMuxer.HandleFunc("/tyk/reload/", CheckIsAPIOwner(resetHandler))

	if !IsRPCMode() {
		ApiMuxer.HandleFunc("/tyk/org/keys/"+"{rest:.*}", CheckIsAPIOwner(orgHandler))
		ApiMuxer.HandleFunc("/tyk/keys/policy/"+"{rest:.*}", CheckIsAPIOwner(policyUpdateHandler))
		ApiMuxer.HandleFunc("/tyk/keys/create", CheckIsAPIOwner(createKeyHandler))
		ApiMuxer.HandleFunc("/tyk/apis/"+"{rest:.*}", CheckIsAPIOwner(apiHandler))
		ApiMuxer.HandleFunc("/tyk/health/", CheckIsAPIOwner(healthCheckhandler))
		ApiMuxer.HandleFunc("/tyk/oauth/clients/create", CheckIsAPIOwner(createOauthClient))
		ApiMuxer.HandleFunc("/tyk/oauth/refresh/"+"{rest:.*}", CheckIsAPIOwner(invalidateOauthRefresh))
	} else {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("Node is slaved, REST API minimised")
	}

	ApiMuxer.HandleFunc("/tyk/keys/"+"{rest:.*}", CheckIsAPIOwner(keyHandler))
	ApiMuxer.HandleFunc("/tyk/oauth/clients/"+"{rest:.*}", CheckIsAPIOwner(oAuthClientHandler))
}

func generateOAuthPrefix(apiID string) string {
	return OAUTH_PREFIX + apiID + "."
}

// Create API-specific OAuth handlers and respective auth servers
func addOAuthHandlers(spec *APISpec, Muxer *mux.Router, test bool) *OAuthManager {
	apiAuthorizePath := spec.Proxy.ListenPath + "tyk/oauth/authorize-client/"
	clientAuthPath := spec.Proxy.ListenPath + "oauth/authorize/"
	clientAccessPath := spec.Proxy.ListenPath + "oauth/token/"

	serverConfig := osin.NewServerConfig()
	serverConfig.ErrorStatusCode = 403
	serverConfig.AllowedAccessTypes = spec.Oauth2Meta.AllowedAccessTypes
	serverConfig.AllowedAuthorizeTypes = spec.Oauth2Meta.AllowedAuthorizeTypes

	OAuthPrefix := generateOAuthPrefix(spec.APIID)
	//storageManager := RedisClusterStorageManager{KeyPrefix: OAuthPrefix}
	storageManager := GetGlobalStorageHandler(OAuthPrefix, false)
	storageManager.Connect()
	osinStorage := RedisOsinStorageInterface{storageManager, spec.SessionManager} //TODO: Needs storage manager from APISpec

	if test {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Warning("Adding test clients")

		testPolicy := Policy{}
		testPolicy.Rate = 100
		testPolicy.Per = 1
		testPolicy.QuotaMax = -1
		testPolicy.QuotaRenewalRate = 1000000000

		Policies["TEST-4321"] = testPolicy

		testClient := OAuthClient{
			ClientID:          "1234",
			ClientSecret:      "aabbccdd",
			ClientRedirectURI: "http://client.oauth.com",
			PolicyID:          "TEST-4321",
		}
		osinStorage.SetClient(testClient.ClientID, &testClient, false)
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Warning("Test client added")
	}

	osinServer := TykOsinNewServer(serverConfig, osinStorage)

	// osinServer.AccessTokenGen = &AccessTokenGenTyk{}

	oauthManager := OAuthManager{spec, osinServer}
	oauthHandlers := OAuthHandlers{oauthManager}

	Muxer.HandleFunc(apiAuthorizePath, CheckIsAPIOwner(oauthHandlers.HandleGenerateAuthCodeData))
	Muxer.HandleFunc(clientAuthPath, oauthHandlers.HandleAuthorizePassthrough)
	Muxer.HandleFunc(clientAccessPath, oauthHandlers.HandleAccessRequest)

	return &oauthManager
}

func addBatchEndpoint(spec *APISpec, Muxer *mux.Router) {
	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Debug("Batch requests enabled for API")
	apiBatchPath := spec.Proxy.ListenPath + "tyk/batch/"
	thisBatchHandler := BatchRequestHandler{API: spec}
	Muxer.HandleFunc(apiBatchPath, thisBatchHandler.HandleBatchRequest)
}

func loadCustomMiddleware(referenceSpec *APISpec) ([]string, []tykcommon.MiddlewareDefinition, []tykcommon.MiddlewareDefinition) {
	mwPaths := []string{}
	mwPreFuncs := []tykcommon.MiddlewareDefinition{}
	mwPostFuncs := []tykcommon.MiddlewareDefinition{}

	// Load form the configuration
	for _, mwObj := range referenceSpec.APIDefinition.CustomMiddleware.Pre {
		mwPaths = append(mwPaths, mwObj.Path)
		mwPreFuncs = append(mwPreFuncs, mwObj)
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Loading custom PRE-PROCESSOR middleware: ", mwObj.Name)
	}
	for _, mwObj := range referenceSpec.APIDefinition.CustomMiddleware.Post {
		mwPaths = append(mwPaths, mwObj.Path)
		mwPostFuncs = append(mwPostFuncs, mwObj)
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Loading custom POST-PROCESSOR middleware: ", mwObj.Name)
	}

	// Load from folder

	// Get PRE folder path
	middlwareFolderPath := path.Join(config.MiddlewarePath, referenceSpec.APIDefinition.APIID, "pre")
	files, _ := ioutil.ReadDir(middlwareFolderPath)
	for _, f := range files {
		if strings.Contains(f.Name(), ".js") {
			filePath := filepath.Join(middlwareFolderPath, f.Name())
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("Loading PRE-PROCESSOR file middleware from ", filePath)
			middlewareObjectName := strings.Split(f.Name(), ".")[0]
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("-- Middleware name ", middlewareObjectName)

			requiresSession := strings.Contains(middlewareObjectName, "_with_session")
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("-- Middleware requires session: ", requiresSession)
			thisMWDef := tykcommon.MiddlewareDefinition{}
			thisMWDef.Name = middlewareObjectName
			thisMWDef.Path = filePath
			thisMWDef.RequireSession = requiresSession

			mwPaths = append(mwPaths, filePath)
			mwPreFuncs = append(mwPreFuncs, thisMWDef)
		}
	}

	// Get POST folder path
	middlewarePostFolderPath := path.Join(config.MiddlewarePath, referenceSpec.APIDefinition.APIID, "post")
	mwPostFiles, _ := ioutil.ReadDir(middlewarePostFolderPath)
	for _, f := range mwPostFiles {
		if strings.Contains(f.Name(), ".js") {
			filePath := filepath.Join(middlewarePostFolderPath, f.Name())
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("Loading POST-PROCESSOR file middleware from ", filePath)
			middlewareObjectName := strings.Split(f.Name(), ".")[0]
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("-- Middleware name ", middlewareObjectName)

			requiresSession := strings.Contains(middlewareObjectName, "_with_session")
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Debug("-- Middleware requires session: ", requiresSession)
			thisMWDef := tykcommon.MiddlewareDefinition{}
			thisMWDef.Name = middlewareObjectName
			thisMWDef.Path = filePath
			thisMWDef.RequireSession = requiresSession

			mwPaths = append(mwPaths, filePath)
			mwPostFuncs = append(mwPostFuncs, thisMWDef)
		}
	}

	return mwPaths, mwPreFuncs, mwPostFuncs

}

func creeateResponseMiddlewareChain(referenceSpec *APISpec) {
	// Create the response processors

	responseChain := make([]TykResponseHandler, len(referenceSpec.APIDefinition.ResponseProcessors))
	for i, processorDetail := range referenceSpec.APIDefinition.ResponseProcessors {
		processorType, err := GetResponseProcessorByName(processorDetail.Name)
		if err != nil {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Failed to load processor! ", err)
			return
		}
		thisProcessor, _ := processorType.New(processorDetail.Options, referenceSpec)
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Loading Response processor: ", processorDetail.Name)
		responseChain[i] = thisProcessor
	}
	referenceSpec.ResponseChain = &responseChain
}

func handleCORS(chain *[]alice.Constructor, spec *APISpec) {

	if spec.CORS.Enable {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("CORS ENABLED")
		c := cors.New(cors.Options{
			AllowedOrigins:     spec.CORS.AllowedOrigins,
			AllowedMethods:     spec.CORS.AllowedMethods,
			AllowedHeaders:     spec.CORS.AllowedHeaders,
			ExposedHeaders:     spec.CORS.ExposedHeaders,
			AllowCredentials:   spec.CORS.AllowCredentials,
			MaxAge:             spec.CORS.MaxAge,
			OptionsPassthrough: spec.CORS.OptionsPassthrough,
			Debug:              spec.CORS.Debug,
		})

		*chain = append(*chain, c.Handler)
	}
}

func IsRPCMode() bool {
	if config.AuthOverride.ForceAuthProvider {
		if config.AuthOverride.AuthProvider.StorageEngine == RPCStorageEngine {
			return true
		}
	}
	return false
}

func doCopy(from *APISpec, to *APISpec) {
	*to = *from
}

// Create the individual API (app) specs based on live configurations and assign middleware
func loadApps(APISpecs *[]*APISpec, Muxer *mux.Router) {
	// load the APi defs
	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Debug("Loading API configurations.")

	var tempSpecRegister = make(map[string]*APISpec)

	// Only create this once, add other types here as needed, seems wasteful but we can let the GC handle it
	redisStore := RedisClusterStorageManager{KeyPrefix: "apikey-", HashKeys: config.HashKeys}
	redisOrgStore := RedisClusterStorageManager{KeyPrefix: "orgkey."}
	healthStore := &RedisClusterStorageManager{KeyPrefix: "apihealth."}
	rpcAuthStore := RPCStorageHandler{KeyPrefix: "apikey-", HashKeys: config.HashKeys, UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
	rpcOrgStore := RPCStorageHandler{KeyPrefix: "orgkey.", UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}

	if config.SlaveOptions.UseRPC {
		StartRPCKeepaliveWatcher(&rpcAuthStore)
		StartRPCKeepaliveWatcher(&rpcOrgStore)
	}

	listenPaths := make(map[string][]string)

	FallbackKeySesionManager.Init(&redisStore)

	// Create a new handler for each API spec
	for _, referenceSpec := range *APISpecs {
		var skip bool
		// We need a reference to this as we change it on the go and re-use it in a global index
		//referenceSpec := (*APISpecs)[apiIndex]

		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("--> Loading API: ", referenceSpec.APIDefinition.Name)

		// Handle custom domains
		var subrouter *mux.Router
		if config.EnableCustomDomains {
			if referenceSpec.Domain != "" {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Info("----> Custom Domain: ", referenceSpec.Domain)
				subrouter = mainRouter.Host(referenceSpec.Domain).Subrouter()
			} else {
				subrouter = Muxer
			}
		} else {
			subrouter = Muxer
		}

		onDomains, listenPathExists := listenPaths[referenceSpec.Proxy.ListenPath]
		if listenPathExists {
			if config.EnableCustomDomains == false {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Error("Duplicate listen path found, skipping. API ID: ", referenceSpec.APIID)
				skip = true
			} else {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Info("Domain check...")
				for _, onDomain := range onDomains {
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("Checking Domain: ", onDomain)
					if onDomain == referenceSpec.Domain {
						log.WithFields(logrus.Fields{
							"prefix": "main",
						}).Error("Duplicate listen path found on domain, skipping. API ID: ", referenceSpec.APIID)
						skip = true
						break
					}
				}
			}
		}

		if referenceSpec.Proxy.ListenPath == "" {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Listen path is empty, skipping API ID: ", referenceSpec.APIID)
			skip = true
		}

		if strings.Contains(referenceSpec.Proxy.ListenPath, " ") {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Listen path contains spaces, is invalid, skipping API ID: ", referenceSpec.APIID)
			skip = true
		}

		remote, err := url.Parse(referenceSpec.APIDefinition.Proxy.TargetURL)
		if err != nil {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Culdn't parse target URL: ", err)
		}

		if !skip {

			listenPaths[referenceSpec.Proxy.ListenPath] = append(listenPaths[referenceSpec.Proxy.ListenPath], referenceSpec.Domain)
			dN := referenceSpec.Domain
			if dN == "" {
				dN = "(no host)"
			}
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("----> Tracking: ", dN)

			// Initialise the auth and session managers (use Redis for now)
			var authStore StorageHandler
			var sessionStore StorageHandler
			var orgStore StorageHandler

			authStorageEngineToUse := referenceSpec.AuthProvider.StorageEngine
			// if config.SlaveOptions.OverrideDefinitionStorageSettings {
			// 	authStorageEngineToUse = RPCStorageEngine
			// }

			switch authStorageEngineToUse {
			case DefaultStorageEngine:
				authStore = &redisStore
				orgStore = &redisOrgStore
			case LDAPStorageEngine:
				thisStorageEngine := LDAPStorageHandler{}
				thisStorageEngine.LoadConfFromMeta(referenceSpec.AuthProvider.Meta)
				authStore = &thisStorageEngine
				orgStore = &redisOrgStore
			case RPCStorageEngine:
				thisStorageEngine := &rpcAuthStore // &RPCStorageHandler{KeyPrefix: "apikey-", HashKeys: config.HashKeys, UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
				authStore = thisStorageEngine
				orgStore = &rpcOrgStore // &RPCStorageHandler{KeyPrefix: "orgkey.", UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
				config.EnforceOrgDataAge = true
				config.EnforceOrgQuotas = true

			default:
				authStore = &redisStore
				orgStore = &redisOrgStore
			}

			SessionStorageEngineToUse := referenceSpec.SessionProvider.StorageEngine
			// if config.SlaveOptions.OverrideDefinitionStorageSettings {
			// 	SessionStorageEngineToUse = RPCStorageEngine
			// }

			switch SessionStorageEngineToUse {
			case DefaultStorageEngine:
				sessionStore = &redisStore

			case RPCStorageEngine:
				sessionStore = &RPCStorageHandler{KeyPrefix: "apikey-", HashKeys: config.HashKeys, UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
			default:
				sessionStore = &redisStore
			}

			// Health checkers are initialised per spec so that each API handler has it's own connection and redis sotorage pool
			referenceSpec.Init(authStore, sessionStore, healthStore, orgStore)

			//Set up all the JSVM middleware
			mwPaths := []string{}
			mwPreFuncs := []tykcommon.MiddlewareDefinition{}
			mwPostFuncs := []tykcommon.MiddlewareDefinition{}

			if config.EnableJSVM {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Debug("----> Loading Middleware")
				mwPaths, mwPreFuncs, mwPostFuncs = loadCustomMiddleware(referenceSpec)

				referenceSpec.JSVM.LoadJSPaths(mwPaths)
			}

			if referenceSpec.EnableBatchRequestSupport {
				addBatchEndpoint(referenceSpec, subrouter)
			}

			if referenceSpec.UseOauth2 {
				thisOauthManager := addOAuthHandlers(referenceSpec, subrouter, false)
				referenceSpec.OAuthManager = thisOauthManager
			}

			enableVersionOverrides := false
			for _, versionData := range referenceSpec.VersionData.Versions {
				if versionData.OverrideTarget != "" {
					enableVersionOverrides = true
					break
				}
			}

			referenceSpec.target = remote
			var proxy ReturningHttpHandler
			if enableVersionOverrides {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Info("----> Multi target enabled")
				proxy = &MultiTargetProxy{}
			} else {
				proxy = TykNewSingleHostReverseProxy(remote, referenceSpec)
			}

			// initialise the proxy
			proxy.New(nil, referenceSpec)

			// Create the response processors
			creeateResponseMiddlewareChain(referenceSpec)

			//proxyHandler := http.HandlerFunc(ProxyHandler(proxy, referenceSpec))
			tykMiddleware := &TykMiddleware{referenceSpec, proxy}

			keyPrefix := "cache-" + referenceSpec.APIDefinition.APIID
			CacheStore := &RedisClusterStorageManager{KeyPrefix: keyPrefix}
			CacheStore.Connect()

			if referenceSpec.APIDefinition.UseKeylessAccess {
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Info("----> Checking security policy: Open")

				// Add pre-process MW
				var chainArray = []alice.Constructor{}
				handleCORS(&chainArray, referenceSpec)

				var baseChainArray = []alice.Constructor{
					CreateMiddleware(&IPWhiteListMiddleware{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&OrganizationMonitor{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&VersionCheck{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&RequestSizeLimitMiddleware{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&TransformMiddleware{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&TransformHeaders{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&RedisCacheMiddleware{TykMiddleware: tykMiddleware, CacheStore: CacheStore}, tykMiddleware),
					CreateMiddleware(&VirtualEndpoint{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&URLRewriteMiddleware{TykMiddleware: tykMiddleware}, tykMiddleware),
				}

				for _, obj := range mwPreFuncs {
					chainArray = append(chainArray, CreateDynamicMiddleware(obj.Name, true, obj.RequireSession, tykMiddleware))
				}

				for _, baseMw := range baseChainArray {
					chainArray = append(chainArray, baseMw)
				}

				for _, obj := range mwPostFuncs {
					chainArray = append(chainArray, CreateDynamicMiddleware(obj.Name, false, obj.RequireSession, tykMiddleware))
				}

				// for KeyLessAccess we can't support rate limiting, versioning or access rules
				chain := alice.New(chainArray...).Then(DummyProxyHandler{SH: SuccessHandler{tykMiddleware}})
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Debug("----> Setting Listen Path: ", referenceSpec.Proxy.ListenPath)
				subrouter.Handle(referenceSpec.Proxy.ListenPath+"{rest:.*}", chain)

			} else {

				// Select the keying method to use for setting session states
				var keyCheck func(http.Handler) http.Handler

				if referenceSpec.APIDefinition.UseOauth2 {
					// Oauth2
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: OAuth")
					keyCheck = CreateMiddleware(&Oauth2KeyExists{tykMiddleware}, tykMiddleware)
				} else if referenceSpec.APIDefinition.UseBasicAuth {
					// Basic Auth
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: Basic")
					keyCheck = CreateMiddleware(&BasicAuthKeyIsValid{tykMiddleware}, tykMiddleware)
				} else if referenceSpec.EnableSignatureChecking {
					// HMAC Auth
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: HMAC")
					keyCheck = CreateMiddleware(&HMACMiddleware{tykMiddleware}, tykMiddleware)
				} else if referenceSpec.EnableJWT {
					// JWT Auth
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: JWT")
					keyCheck = CreateMiddleware(&JWTMiddleware{tykMiddleware}, tykMiddleware)
				} else if referenceSpec.UseOpenID {
					// JWT Auth
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: OpenID")

					// initialise the OID configuration on this reference Spec
					keyCheck = CreateMiddleware(&OpenIDMW{TykMiddleware: tykMiddleware}, tykMiddleware)
				} else {
					// Auth key
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Info("----> Checking security policy: Token")
					keyCheck = CreateMiddleware(&AuthKey{tykMiddleware}, tykMiddleware)
				}

				var chainArray = []alice.Constructor{}

				handleCORS(&chainArray, referenceSpec)
				var baseChainArray = []alice.Constructor{
					CreateMiddleware(&IPWhiteListMiddleware{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&OrganizationMonitor{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&VersionCheck{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&RequestSizeLimitMiddleware{tykMiddleware}, tykMiddleware),
					keyCheck,
					CreateMiddleware(&KeyExpired{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&AccessRightsCheck{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&RateLimitAndQuotaCheck{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&GranularAccessMiddleware{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&TransformMiddleware{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&TransformHeaders{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&URLRewriteMiddleware{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&RedisCacheMiddleware{TykMiddleware: tykMiddleware, CacheStore: CacheStore}, tykMiddleware),
					CreateMiddleware(&VirtualEndpoint{TykMiddleware: tykMiddleware}, tykMiddleware),
				}

				// Add pre-process MW
				for _, obj := range mwPreFuncs {
					chainArray = append(chainArray, CreateDynamicMiddleware(obj.Name, true, obj.RequireSession, tykMiddleware))
				}

				for _, baseMw := range baseChainArray {
					chainArray = append(chainArray, baseMw)
				}

				for _, obj := range mwPostFuncs {
					chainArray = append(chainArray, CreateDynamicMiddleware(obj.Name, false, obj.RequireSession, tykMiddleware))
				}

				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Debug("----> Custom middleware processed")

				// Use CreateMiddleware(&ModifiedMiddleware{tykMiddleware}, tykMiddleware)  to run custom middleware
				chain := alice.New(chainArray...).Then(DummyProxyHandler{SH: SuccessHandler{tykMiddleware}})

				userCheckHandler := http.HandlerFunc(UserRatesCheck())
				simpleChain := alice.New(
					CreateMiddleware(&IPWhiteListMiddleware{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&OrganizationMonitor{TykMiddleware: tykMiddleware}, tykMiddleware),
					CreateMiddleware(&VersionCheck{TykMiddleware: tykMiddleware}, tykMiddleware),
					keyCheck,
					CreateMiddleware(&KeyExpired{tykMiddleware}, tykMiddleware),
					CreateMiddleware(&AccessRightsCheck{tykMiddleware}, tykMiddleware)).Then(userCheckHandler)

				rateLimitPath := fmt.Sprintf("%s%s", referenceSpec.Proxy.ListenPath, "tyk/rate-limits/")
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Debug("----> Rate limits available at: ", rateLimitPath)
				subrouter.Handle(rateLimitPath, simpleChain)
				log.WithFields(logrus.Fields{
					"prefix": "main",
				}).Debug("----> Setting Listen Path: ", referenceSpec.Proxy.ListenPath)
				subrouter.Handle(referenceSpec.Proxy.ListenPath+"{rest:.*}", chain)
			}

			tempSpecRegister[referenceSpec.APIDefinition.APIID] = referenceSpec

		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Warning("----> Skipped!")
		}

	}

	// Swap in the new register
	ApiSpecRegister = &tempSpecRegister

	// Kick off our host checkers
	if config.UptimeTests.Disable == false {
		SetCheckerHostList()
	}

}

func RPCReloadLoop(RPCKey string) {
	for {
		RPCListener.CheckForReload(config.SlaveOptions.RPCKey)
	}
}

func doReload() {
	time.Sleep(10 * time.Second)

	// Load the API Policies
	getPolicies()

	// load the specs
	specs := getAPISpecs()

	if len(*specs) == 0 {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Warning("No API Definitions found, not reloading")
		reloadScheduled = false
		return
	}

	// We have updated specs, lets load those...

	// Kill RPC if available
	if config.SlaveOptions.UseRPC {
		ClearRPCClients()
	}

	// Reset the JSVM
	GlobalEventsJSVM.Init(config.TykJSPath)

	newRouter := mux.NewRouter()
	mainRouter = newRouter

	var newMuxes *mux.Router
	if getHostName() != "" {
		newMuxes = newRouter.Host(getHostName()).Subrouter()
	} else {
		newMuxes = newRouter
	}

	loadAPIEndpoints(newMuxes)
	loadApps(specs, newMuxes)

	newServeMux := http.NewServeMux()
	newServeMux.Handle("/", mainRouter)

	http.DefaultServeMux = newServeMux

	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Info("API reload complete")

	reloadScheduled = false
}

var reloadScheduled bool

func checkReloadTimeout() {
	if reloadScheduled {
		time.Sleep(30 * time.Second)
		if reloadScheduled {
			log.Warning("Reloader timed out! Removing sentinel")
			reloadScheduled = false
		}
	}
}

// ReloadURLStructure will create a new muxer, reload all the app configs for an
// instance and then replace the DefaultServeMux with the new one, this enables a
// reconfiguration to take place without stopping any requests from being handled.
func ReloadURLStructure() {
	if !reloadScheduled {
		reloadScheduled = true
		log.Info("Initiating reload")
		go doReload()
		go checkReloadTimeout()
	}
}

func init() {

	usage := `Tyk API Gateway.

	Usage:
		tyk [options]

	Options:
		-h --help                    Show this screen
		--conf=FILE                  Load a named configuration file
		--port=PORT                  Listen on PORT (overrides confg file)
		--memprofile                 Generate a memory profile
		--cpuprofile                 Generate a cpu profile
		--debug                      Enable Debug output
		--import-blueprint=<file>    Import an API Blueprint file
		--import-swagger=<file>      Import a Swagger file
		--create-api                 Creates a new API Definition from the blueprint
		--org-id=><id>               Assign the API Defintition to this org_id (required with create)
		--upstream-target=<url>      Set the upstream target for the definition
		--as-mock                    Creates the API as a mock based on example fields
		--for-api=<path>             Adds blueprint to existing API Defintition as version
		--as-version=<version>       The version number to use when inserting
	`

	arguments, err := docopt.Parse(usage, nil, true, VERSION, false, false)
	if err != nil {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Warning("Error while parsing arguments: ", err)
	}

	// Enable command mode
	for k, _ := range CommandModeOptions {

		v := arguments[k]

		if v == true {
			HandleCommandModeArgs(arguments)
			os.Exit(0)
		}

		if v != nil && v != false {
			HandleCommandModeArgs(arguments)
			os.Exit(0)
		}

	}

	filename := "/etc/tyk/tyk.conf"
	value, _ := arguments["--conf"]
	if value != nil {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug(fmt.Sprintf("Using %s for configuration", value.(string)))
		filename = arguments["--conf"].(string)
	} else {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("No configuration file defined, will try to use default (./tyk.conf)")
	}

	loadConfig(filename, &config)

	if config.Storage.Type != "redis" {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Fatal("Redis connection details not set, please ensure that the storage type is set to Redis and that the connection parameters are correct.")
	}

	setupGlobals()

	port, _ := arguments["--port"]
	if port != nil {
		portNum, err := strconv.Atoi(port.(string))
		if err != nil {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error("Port specified in flags must be a number!")
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Error(err)
		} else {
			config.ListenPort = portNum
		}
	}

	doMemoryProfile, _ = arguments["--memprofile"].(bool)
	doCpuProfile, _ = arguments["--cpuprofile"].(bool)

	doDebug, _ := arguments["--debug"]
	log.Level = logrus.InfoLevel
	if doDebug == true {
		log.Level = logrus.DebugLevel
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Enabling debug-level output")
	}

	if config.UseSentry {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Enabling Sentry support")
		hook, err := logrus_sentry.NewSentryHook(config.SentryCode, []logrus.Level{
			logrus.PanicLevel,
			logrus.FatalLevel,
			logrus.ErrorLevel,
		})

		hook.Timeout = 0

		if err == nil {
			log.Hooks.Add(hook)
		}
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Sentry hook active")
	}

}

func StartRPCKeepaliveWatcher(engine *RPCStorageHandler) {
	go func() {
		log.WithFields(logrus.Fields{
			"prefix": "RPC Conn Mgr",
		}).Info("[RPC Conn Mgr] Starting keepalive watcher...")
		for {
			RPCKeepAliveCheck(engine)
			if engine == nil {
				log.WithFields(logrus.Fields{
					"prefix": "RPC Conn Mgr",
				}).Info("No engine, break")
				break
			}
			if engine.Killed == true {
				log.WithFields(logrus.Fields{
					"prefix": "RPC Conn Mgr",
				}).Debug("[RPC Conn Mgr] this connection killed")
				break
			}
		}
	}()
}

func GetGlobalStorageHandler(KeyPrefix string, hashKeys bool) StorageHandler {
	var Name tykcommon.StorageEngineCode
	// Select configuration options
	if config.SlaveOptions.UseRPC {
		Name = RPCStorageEngine
	} else {
		Name = DefaultStorageEngine
	}

	switch Name {
	case DefaultStorageEngine:
		return &RedisClusterStorageManager{KeyPrefix: KeyPrefix, HashKeys: hashKeys}
	case RPCStorageEngine:
		engine := &RPCStorageHandler{KeyPrefix: KeyPrefix, HashKeys: hashKeys, UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
		return engine
	}

	log.WithFields(logrus.Fields{
		"prefix": "main",
	}).Error("No storage handler found!")
	return nil
}

func main() {
	ReadTimeout := 120
	WriteTimeout := 120
	if config.HttpServerOptions.ReadTimeout > 0 {
		ReadTimeout = config.HttpServerOptions.ReadTimeout
	}

	if config.HttpServerOptions.WriteTimeout > 0 {
		WriteTimeout = config.HttpServerOptions.WriteTimeout
	}

	if doMemoryProfile {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Memory profiling active")
		profileFile, _ = os.Create("tyk.mprof")
		defer profileFile.Close()
	}
	if doCpuProfile {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("Cpu profiling active")
		profileFile, _ = os.Create("tyk.prof")
		pprof.StartCPUProfile(profileFile)
		defer pprof.StopCPUProfile()
	}

	targetPort := fmt.Sprintf(":%d", config.ListenPort)

	// Set up a default org manager so we can traverse non-live paths
	if !config.SupressDefaultOrgStore {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Initialising default org store")
		//DefaultOrgStore.Init(&RedisClusterStorageManager{KeyPrefix: "orgkey."})
		DefaultOrgStore.Init(GetGlobalStorageHandler("orgkey.", false))
		//DefaultQuotaStore.Init(GetGlobalStorageHandler(CloudHandler, "orgkey.", false))
		DefaultQuotaStore.Init(GetGlobalStorageHandler("orgkey.", false))
	}

	loadAPIEndpoints(defaultRouter)

	// Start listening for reload messages
	if !config.SuppressRedisSignalReload {
		go StartPubSubLoop()
	}

	if config.SlaveOptions.UseRPC {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Debug("Starting RPC reload listener")
		RPCListener = RPCStorageHandler{
			KeyPrefix:        "rpc.listener.",
			UserKey:          config.SlaveOptions.APIKey,
			Address:          config.SlaveOptions.ConnectionString,
			SuppressRegister: true,
		}
		RPCListener.Connect()
		go RPCReloadLoop(config.SlaveOptions.RPCKey)
		go RPCListener.StartRPCLoopCheck(config.SlaveOptions.RPCKey)
	}

	// Handle reload when SIGUSR2 is received
	l, err := goagain.Listener()
	if nil != err {

		// Listen on a TCP or a UNIX domain socket (TCP here).
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("Setting up Server")
		if config.HttpServerOptions.UseSSL {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("--> Using SSL (https)")
			certs := make([]tls.Certificate, len(config.HttpServerOptions.Certificates))
			certNameMap := make(map[string]*tls.Certificate)
			for i, certData := range config.HttpServerOptions.Certificates {
				cert, err := tls.LoadX509KeyPair(certData.CertFile, certData.KeyFile)
				if err != nil {
					log.WithFields(logrus.Fields{
						"prefix": "main",
					}).Fatalf("Server error: loadkeys: %s", err)
				}
				certs[i] = cert
				certNameMap[certData.Name] = &certs[i]
			}

			config := tls.Config{
				Certificates:      certs,
				NameToCertificate: certNameMap,
				ServerName:        config.HttpServerOptions.ServerName,
				MinVersion:        config.HttpServerOptions.MinVersion,
			}
			l, err = tls.Listen("tcp", targetPort, &config)
		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("--> Standard listener (http)")
			l, err = net.Listen("tcp", targetPort)
		}

		// Check if listener was started successfully.
		if nil != err {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Fatalf("Error starting listener: %s", err)
		}

		// Accept connections in a new goroutine.
		if config.UseDBAppConfigs {
			connStr := config.DBAppConfOptions.ConnectionString
			if connStr == "" {
				log.Fatal("Connection string is empty, failing.")
			}

			connStr = connStr + "/register/node"
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("Registering node.")
			RegisterNodeWithDashboard(connStr, config.NodeSecret)

			heartbeatConnStr := config.DBAppConfOptions.ConnectionString
			if heartbeatConnStr == "" {
				log.Fatal("Connection string is empty, failing.")
			}

			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("Starting heartbeat.")
			heartbeatConnStr = heartbeatConnStr + "/register/ping"
			go StartBeating(heartbeatConnStr, config.NodeSecret)

		}
		specs := getAPISpecs()
		loadApps(specs, defaultRouter)
		getPolicies()

		// Use a custom server so we can control keepalives
		if config.HttpServerOptions.OverrideDefaults {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("Custom gateway started")
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Warning("HTTP Server Overrides detected, this could destabilise long-running http-requests")
			s := &http.Server{
				Addr:         ":" + targetPort,
				ReadTimeout:  time.Duration(ReadTimeout) * time.Second,
				WriteTimeout: time.Duration(WriteTimeout) * time.Second,
				Handler:      defaultRouter,
			}

			go s.Serve(l)
			displayConfig()
		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Printf("Gateway started (%v)", VERSION)
			http.Handle("/", mainRouter)
			go http.Serve(l, nil)
			displayConfig()
		}

	} else {

		// Resume accepting connections in a new goroutine.
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Info("Resuming listening on", l.Addr())
		specs := getAPISpecs()
		loadApps(specs, defaultRouter)
		getPolicies()

		if config.HttpServerOptions.OverrideDefaults {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Warning("HTTP Server Overrides detected, this could destabilise long-running http-requests")
			s := &http.Server{
				Addr:         ":" + targetPort,
				ReadTimeout:  time.Duration(ReadTimeout) * time.Second,
				WriteTimeout: time.Duration(WriteTimeout) * time.Second,
				Handler:      defaultRouter,
			}

			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Info("Custom gateway started")
			go s.Serve(l)
			displayConfig()
		} else {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Printf("Gateway resumed (%v)", VERSION)
			displayConfig()
			http.Handle("/", mainRouter)
			http.Serve(l, nil)
		}

		// Kill the parent, now that the child has started successfully.
		if err := goagain.Kill(); nil != err {
			log.WithFields(logrus.Fields{
				"prefix": "main",
			}).Fatalln(err)
		}

	}

	// Block the main goroutine awaiting signals.
	if _, err := goagain.Wait(l); nil != err {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Fatalln(err)
	}

	// Do whatever's necessary to ensure a graceful exit like waiting for
	// goroutines to terminate or a channel to become closed.
	//
	// In this case, we'll simply stop listening and wait one second.
	if err := l.Close(); nil != err {
		log.WithFields(logrus.Fields{
			"prefix": "main",
		}).Fatalln(err)
	}
	//time.Sleep(1e9)
}