cmd/syncthing, lib/api: Separate api/gui into own package (ref #4085) (#5529)

* cmd/syncthing, lib/gui: Separate gui into own package (ref #4085)

* fix tests

* Don't use main as interface name (make old go happy)

* gui->api

* don't leak state via locations and use in-tree config

* let api (un-)subscribe to config

* interface naming and exporting

* lib/ur

* fix tests and lib/foldersummary

* shorter URVersion and ur debug fix

* review

* model.JsonCompletion(FolderCompletion) -> FolderCompletion.Map()

* rename debug facility https -> api

* folder summaries in model

* disassociate unrelated constants

* fix merge fail

* missing id assignement

lib/api/api_auth.go

@@ -0,0 +1,175 @@
+// Copyright (C) 2014 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/events"
+	"github.com/syncthing/syncthing/lib/rand"
+	"github.com/syncthing/syncthing/lib/sync"
+	"golang.org/x/crypto/bcrypt"
+	ldap "gopkg.in/ldap.v2"
+)
+
+var (
+	sessions    = make(map[string]bool)
+	sessionsMut = sync.NewMutex()
+)
+
+func emitLoginAttempt(success bool, username string) {
+	events.Default.Log(events.LoginAttempt, map[string]interface{}{
+		"success":  success,
+		"username": username,
+	})
+}
+
+func basicAuthAndSessionMiddleware(cookieName string, guiCfg config.GUIConfiguration, ldapCfg config.LDAPConfiguration, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if guiCfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		cookie, err := r.Cookie(cookieName)
+		if err == nil && cookie != nil {
+			sessionsMut.Lock()
+			_, ok := sessions[cookie.Value]
+			sessionsMut.Unlock()
+			if ok {
+				next.ServeHTTP(w, r)
+				return
+			}
+		}
+
+		l.Debugln("Sessionless HTTP request with authentication; this is expensive.")
+
+		error := func() {
+			time.Sleep(time.Duration(rand.Intn(100)+100) * time.Millisecond)
+			w.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"")
+			http.Error(w, "Not Authorized", http.StatusUnauthorized)
+		}
+
+		hdr := r.Header.Get("Authorization")
+		if !strings.HasPrefix(hdr, "Basic ") {
+			error()
+			return
+		}
+
+		hdr = hdr[6:]
+		bs, err := base64.StdEncoding.DecodeString(hdr)
+		if err != nil {
+			error()
+			return
+		}
+
+		fields := bytes.SplitN(bs, []byte(":"), 2)
+		if len(fields) != 2 {
+			error()
+			return
+		}
+
+		username := string(fields[0])
+		password := string(fields[1])
+
+		authOk := auth(username, password, guiCfg, ldapCfg)
+		if !authOk {
+			usernameIso := string(iso88591ToUTF8([]byte(username)))
+			passwordIso := string(iso88591ToUTF8([]byte(password)))
+			authOk = auth(usernameIso, passwordIso, guiCfg, ldapCfg)
+			if authOk {
+				username = usernameIso
+			}
+		}
+
+		if !authOk {
+			emitLoginAttempt(false, username)
+			error()
+			return
+		}
+
+		sessionid := rand.String(32)
+		sessionsMut.Lock()
+		sessions[sessionid] = true
+		sessionsMut.Unlock()
+		http.SetCookie(w, &http.Cookie{
+			Name:   cookieName,
+			Value:  sessionid,
+			MaxAge: 0,
+		})
+
+		emitLoginAttempt(true, username)
+		next.ServeHTTP(w, r)
+	})
+}
+
+func auth(username string, password string, guiCfg config.GUIConfiguration, ldapCfg config.LDAPConfiguration) bool {
+	if guiCfg.AuthMode == config.AuthModeLDAP {
+		return authLDAP(username, password, ldapCfg)
+	} else {
+		return authStatic(username, password, guiCfg.User, guiCfg.Password)
+	}
+}
+
+func authStatic(username string, password string, configUser string, configPassword string) bool {
+	configPasswordBytes := []byte(configPassword)
+	passwordBytes := []byte(password)
+	return bcrypt.CompareHashAndPassword(configPasswordBytes, passwordBytes) == nil && username == configUser
+}
+
+func authLDAP(username string, password string, cfg config.LDAPConfiguration) bool {
+	address := cfg.Address
+	var connection *ldap.Conn
+	var err error
+	if cfg.Transport == config.LDAPTransportTLS {
+		connection, err = ldap.DialTLS("tcp", address, &tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify})
+	} else {
+		connection, err = ldap.Dial("tcp", address)
+	}
+
+	if err != nil {
+		l.Warnln("LDAP Dial:", err)
+		return false
+	}
+
+	if cfg.Transport == config.LDAPTransportStartTLS {
+		err = connection.StartTLS(&tls.Config{InsecureSkipVerify: cfg.InsecureSkipVerify})
+		if err != nil {
+			l.Warnln("LDAP Start TLS:", err)
+			return false
+		}
+	}
+
+	defer connection.Close()
+
+	err = connection.Bind(fmt.Sprintf(cfg.BindDN, username), password)
+	if err != nil {
+		l.Warnln("LDAP Bind:", err)
+		return false
+	}
+
+	return true
+}
+
+// Convert an ISO-8859-1 encoded byte string to UTF-8. Works by the
+// principle that ISO-8859-1 bytes are equivalent to unicode code points,
+// that a rune slice is a list of code points, and that stringifying a slice
+// of runes generates UTF-8 in Go.
+func iso88591ToUTF8(s []byte) []byte {
+	runes := make([]rune, len(s))
+	for i := range s {
+		runes[i] = rune(s[i])
+	}
+	return []byte(string(runes))
+}

lib/api/api_auth_test.go

@@ -0,0 +1,40 @@
+// Copyright (C) 2014 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+var passwordHashBytes []byte
+
+func init() {
+	passwordHashBytes, _ = bcrypt.GenerateFromPassword([]byte("pass"), 0)
+}
+
+func TestStaticAuthOK(t *testing.T) {
+	ok := authStatic("user", "pass", "user", string(passwordHashBytes))
+	if !ok {
+		t.Fatalf("should pass auth")
+	}
+}
+
+func TestSimpleAuthUsernameFail(t *testing.T) {
+	ok := authStatic("userWRONG", "pass", "user", string(passwordHashBytes))
+	if ok {
+		t.Fatalf("should fail auth")
+	}
+}
+
+func TestStaticAuthPasswordFail(t *testing.T) {
+	ok := authStatic("user", "passWRONG", "user", string(passwordHashBytes))
+	if ok {
+		t.Fatalf("should fail auth")
+	}
+}

lib/api/api_csrf.go

@@ -0,0 +1,143 @@
+// Copyright (C) 2014 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"bufio"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/locations"
+	"github.com/syncthing/syncthing/lib/osutil"
+	"github.com/syncthing/syncthing/lib/rand"
+	"github.com/syncthing/syncthing/lib/sync"
+)
+
+// csrfTokens is a list of valid tokens. It is sorted so that the most
+// recently used token is first in the list. New tokens are added to the front
+// of the list (as it is the most recently used at that time). The list is
+// pruned to a maximum of maxCsrfTokens, throwing away the least recently used
+// tokens.
+var csrfTokens []string
+var csrfMut = sync.NewMutex()
+
+const maxCsrfTokens = 25
+
+// Check for CSRF token on /rest/ URLs. If a correct one is not given, reject
+// the request with 403. For / and /index.html, set a new CSRF cookie if none
+// is currently set.
+func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
+	loadCsrfTokens()
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Allow requests carrying a valid API key
+		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
+			// Set the access-control-allow-origin header for CORS requests
+			// since a valid API key has been provided
+			w.Header().Add("Access-Control-Allow-Origin", "*")
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if strings.HasPrefix(r.URL.Path, "/rest/debug") {
+			// Debugging functions are only available when explicitly
+			// enabled, and can be accessed without a CSRF token
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// Allow requests for anything not under the protected path prefix,
+		// and set a CSRF cookie if there isn't already a valid one.
+		if !strings.HasPrefix(r.URL.Path, prefix) {
+			cookie, err := r.Cookie("CSRF-Token-" + unique)
+			if err != nil || !validCsrfToken(cookie.Value) {
+				l.Debugln("new CSRF cookie in response to request for", r.URL)
+				cookie = &http.Cookie{
+					Name:  "CSRF-Token-" + unique,
+					Value: newCsrfToken(),
+				}
+				http.SetCookie(w, cookie)
+			}
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// Verify the CSRF token
+		token := r.Header.Get("X-CSRF-Token-" + unique)
+		if !validCsrfToken(token) {
+			http.Error(w, "CSRF Error", 403)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func validCsrfToken(token string) bool {
+	csrfMut.Lock()
+	defer csrfMut.Unlock()
+	for i, t := range csrfTokens {
+		if t == token {
+			if i > 0 {
+				// Move this token to the head of the list. Copy the tokens at
+				// the front one step to the right and then replace the token
+				// at the head.
+				copy(csrfTokens[1:], csrfTokens[:i+1])
+				csrfTokens[0] = token
+			}
+			return true
+		}
+	}
+	return false
+}
+
+func newCsrfToken() string {
+	token := rand.String(32)
+
+	csrfMut.Lock()
+	csrfTokens = append([]string{token}, csrfTokens...)
+	if len(csrfTokens) > maxCsrfTokens {
+		csrfTokens = csrfTokens[:maxCsrfTokens]
+	}
+	defer csrfMut.Unlock()
+
+	saveCsrfTokens()
+
+	return token
+}
+
+func saveCsrfTokens() {
+	// We're ignoring errors in here. It's not super critical and there's
+	// nothing relevant we can do about them anyway...
+
+	name := locations.Get(locations.CsrfTokens)
+	f, err := osutil.CreateAtomic(name)
+	if err != nil {
+		return
+	}
+
+	for _, t := range csrfTokens {
+		fmt.Fprintln(f, t)
+	}
+
+	f.Close()
+}
+
+func loadCsrfTokens() {
+	f, err := os.Open(locations.Get(locations.CsrfTokens))
+	if err != nil {
+		return
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		csrfTokens = append(csrfTokens, s.Text())
+	}
+}

lib/api/api_statics.go

@@ -0,0 +1,207 @@
+// Copyright (C) 2014 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io/ioutil"
+	"mime"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/syncthing/syncthing/lib/auto"
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/sync"
+)
+
+type staticsServer struct {
+	assetDir        string
+	assets          map[string][]byte
+	availableThemes []string
+
+	mut   sync.RWMutex
+	theme string
+}
+
+func newStaticsServer(theme, assetDir string) *staticsServer {
+	s := &staticsServer{
+		assetDir: assetDir,
+		assets:   auto.Assets(),
+		mut:      sync.NewRWMutex(),
+		theme:    theme,
+	}
+
+	seen := make(map[string]struct{})
+	// Load themes from compiled in assets.
+	for file := range auto.Assets() {
+		theme := strings.Split(file, "/")[0]
+		if _, ok := seen[theme]; !ok {
+			seen[theme] = struct{}{}
+			s.availableThemes = append(s.availableThemes, theme)
+		}
+	}
+	if assetDir != "" {
+		// Load any extra themes from the asset override dir.
+		for _, dir := range dirNames(assetDir) {
+			if _, ok := seen[dir]; !ok {
+				seen[dir] = struct{}{}
+				s.availableThemes = append(s.availableThemes, dir)
+			}
+		}
+	}
+
+	return s
+}
+
+func (s *staticsServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	switch r.URL.Path {
+	case "/themes.json":
+		s.serveThemes(w, r)
+	default:
+		s.serveAsset(w, r)
+	}
+}
+
+func (s *staticsServer) serveAsset(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Cache-Control", "no-cache, must-revalidate")
+
+	file := r.URL.Path
+
+	if file[0] == '/' {
+		file = file[1:]
+	}
+
+	if len(file) == 0 {
+		file = "index.html"
+	}
+
+	s.mut.RLock()
+	theme := s.theme
+	s.mut.RUnlock()
+
+	// Check for an override for the current theme.
+	if s.assetDir != "" {
+		p := filepath.Join(s.assetDir, theme, filepath.FromSlash(file))
+		if _, err := os.Stat(p); err == nil {
+			mtype := s.mimeTypeForFile(file)
+			if len(mtype) != 0 {
+				w.Header().Set("Content-Type", mtype)
+			}
+			http.ServeFile(w, r, p)
+			return
+		}
+	}
+
+	// Check for a compiled in asset for the current theme.
+	bs, ok := s.assets[theme+"/"+file]
+	if !ok {
+		// Check for an overridden default asset.
+		if s.assetDir != "" {
+			p := filepath.Join(s.assetDir, config.DefaultTheme, filepath.FromSlash(file))
+			if _, err := os.Stat(p); err == nil {
+				mtype := s.mimeTypeForFile(file)
+				if len(mtype) != 0 {
+					w.Header().Set("Content-Type", mtype)
+				}
+				http.ServeFile(w, r, p)
+				return
+			}
+		}
+
+		// Check for a compiled in default asset.
+		bs, ok = s.assets[config.DefaultTheme+"/"+file]
+		if !ok {
+			http.NotFound(w, r)
+			return
+		}
+	}
+
+	etag := fmt.Sprintf("%d", auto.Generated)
+	modified := time.Unix(auto.Generated, 0).UTC()
+
+	w.Header().Set("Last-Modified", modified.Format(http.TimeFormat))
+	w.Header().Set("Etag", etag)
+
+	if t, err := time.Parse(http.TimeFormat, r.Header.Get("If-Modified-Since")); err == nil {
+		if modified.Equal(t) || modified.Before(t) {
+			w.WriteHeader(http.StatusNotModified)
+			return
+		}
+	}
+
+	if match := r.Header.Get("If-None-Match"); match != "" {
+		if strings.Contains(match, etag) {
+			w.WriteHeader(http.StatusNotModified)
+			return
+		}
+	}
+
+	mtype := s.mimeTypeForFile(file)
+	if len(mtype) != 0 {
+		w.Header().Set("Content-Type", mtype)
+	}
+	if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
+		w.Header().Set("Content-Encoding", "gzip")
+	} else {
+		// ungzip if browser not send gzip accepted header
+		var gr *gzip.Reader
+		gr, _ = gzip.NewReader(bytes.NewReader(bs))
+		bs, _ = ioutil.ReadAll(gr)
+		gr.Close()
+	}
+	w.Header().Set("Content-Length", fmt.Sprintf("%d", len(bs)))
+
+	w.Write(bs)
+}
+
+func (s *staticsServer) serveThemes(w http.ResponseWriter, r *http.Request) {
+	sendJSON(w, map[string][]string{
+		"themes": s.availableThemes,
+	})
+}
+
+func (s *staticsServer) mimeTypeForFile(file string) string {
+	// We use a built in table of the common types since the system
+	// TypeByExtension might be unreliable. But if we don't know, we delegate
+	// to the system. All our files are UTF-8.
+	ext := filepath.Ext(file)
+	switch ext {
+	case ".htm", ".html":
+		return "text/html; charset=utf-8"
+	case ".css":
+		return "text/css; charset=utf-8"
+	case ".js":
+		return "application/javascript; charset=utf-8"
+	case ".json":
+		return "application/json; charset=utf-8"
+	case ".png":
+		return "image/png"
+	case ".ttf":
+		return "application/x-font-ttf"
+	case ".woff":
+		return "application/x-font-woff"
+	case ".svg":
+		return "image/svg+xml; charset=utf-8"
+	default:
+		return mime.TypeByExtension(ext)
+	}
+}
+
+func (s *staticsServer) setTheme(theme string) {
+	s.mut.Lock()
+	s.theme = theme
+	s.mut.Unlock()
+}
+
+func (s *staticsServer) String() string {
+	return fmt.Sprintf("staticsServer@%p", s)
+}

lib/api/debug.go

@@ -0,0 +1,28 @@
+// Copyright (C) 2014 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"os"
+	"strings"
+
+	"github.com/syncthing/syncthing/lib/logger"
+)
+
+var (
+	l = logger.DefaultLogger.NewFacility("api", "REST API")
+)
+
+func shouldDebugHTTP() bool {
+	return l.ShouldDebug("api")
+}
+
+func init() {
+	// The debug facility was originally named "http", changed in:
+	// https://github.com/syncthing/syncthing/pull/5548
+	l.SetDebug("api", strings.Contains(os.Getenv("STTRACE"), "api") || strings.Contains(os.Getenv("STTRACE"), "http") || os.Getenv("STTRACE") == "all")
+}

lib/api/mocked_config_test.go

@@ -0,0 +1,127 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/protocol"
+	"github.com/syncthing/syncthing/lib/util"
+)
+
+type mockedConfig struct {
+	gui config.GUIConfiguration
+}
+
+func (c *mockedConfig) GUI() config.GUIConfiguration {
+	return c.gui
+}
+
+func (c *mockedConfig) ListenAddresses() []string {
+	return nil
+}
+
+func (c *mockedConfig) LDAP() config.LDAPConfiguration {
+	return config.LDAPConfiguration{}
+}
+
+func (c *mockedConfig) RawCopy() config.Configuration {
+	cfg := config.Configuration{}
+	util.SetDefaults(&cfg.Options)
+	return cfg
+}
+
+func (c *mockedConfig) Options() config.OptionsConfiguration {
+	return config.OptionsConfiguration{}
+}
+
+func (c *mockedConfig) Replace(cfg config.Configuration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (c *mockedConfig) Subscribe(cm config.Committer) {}
+
+func (c *mockedConfig) Unsubscribe(cm config.Committer) {}
+
+func (c *mockedConfig) Folders() map[string]config.FolderConfiguration {
+	return nil
+}
+
+func (c *mockedConfig) Devices() map[protocol.DeviceID]config.DeviceConfiguration {
+	return nil
+}
+
+func (c *mockedConfig) SetDevice(config.DeviceConfiguration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (c *mockedConfig) SetDevices([]config.DeviceConfiguration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (c *mockedConfig) Save() error {
+	return nil
+}
+
+func (c *mockedConfig) RequiresRestart() bool {
+	return false
+}
+
+func (c *mockedConfig) AddOrUpdatePendingDevice(device protocol.DeviceID, name, address string) {}
+
+func (c *mockedConfig) AddOrUpdatePendingFolder(id, label string, device protocol.DeviceID) {}
+
+func (m *mockedConfig) MyName() string {
+	return ""
+}
+
+func (m *mockedConfig) ConfigPath() string {
+	return ""
+}
+
+func (m *mockedConfig) SetGUI(gui config.GUIConfiguration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (m *mockedConfig) SetOptions(opts config.OptionsConfiguration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (m *mockedConfig) Folder(id string) (config.FolderConfiguration, bool) {
+	return config.FolderConfiguration{}, false
+}
+
+func (m *mockedConfig) FolderList() []config.FolderConfiguration {
+	return nil
+}
+
+func (m *mockedConfig) SetFolder(fld config.FolderConfiguration) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (m *mockedConfig) Device(id protocol.DeviceID) (config.DeviceConfiguration, bool) {
+	return config.DeviceConfiguration{}, false
+}
+
+func (m *mockedConfig) RemoveDevice(id protocol.DeviceID) (config.Waiter, error) {
+	return noopWaiter{}, nil
+}
+
+func (m *mockedConfig) IgnoredDevice(id protocol.DeviceID) bool {
+	return false
+}
+
+func (m *mockedConfig) IgnoredFolder(device protocol.DeviceID, folder string) bool {
+	return false
+}
+
+func (m *mockedConfig) GlobalDiscoveryServers() []string {
+	return nil
+}
+
+type noopWaiter struct{}
+
+func (noopWaiter) Wait() {}

lib/api/mocked_connections_test.go

@@ -0,0 +1,21 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+type mockedConnections struct{}
+
+func (m *mockedConnections) Status() map[string]interface{} {
+	return nil
+}
+
+func (m *mockedConnections) NATType() string {
+	return ""
+}
+
+func (m *mockedConnections) Serve() {}
+
+func (m *mockedConnections) Stop() {}

lib/api/mocked_cpuusage_test.go

@@ -0,0 +1,13 @@
+// Copyright (C) 2017 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+type mockedCPUService struct{}
+
+func (*mockedCPUService) Rate() float64 {
+	return 42
+}

lib/api/mocked_discovery_test.go

@@ -0,0 +1,52 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"time"
+
+	"github.com/syncthing/syncthing/lib/discover"
+	"github.com/syncthing/syncthing/lib/protocol"
+)
+
+type mockedCachingMux struct{}
+
+// from suture.Service
+
+func (m *mockedCachingMux) Serve() {
+	select {}
+}
+
+func (m *mockedCachingMux) Stop() {
+}
+
+// from events.Finder
+
+func (m *mockedCachingMux) Lookup(deviceID protocol.DeviceID) (direct []string, err error) {
+	return nil, nil
+}
+
+func (m *mockedCachingMux) Error() error {
+	return nil
+}
+
+func (m *mockedCachingMux) String() string {
+	return "mockedCachingMux"
+}
+
+func (m *mockedCachingMux) Cache() map[protocol.DeviceID]discover.CacheEntry {
+	return nil
+}
+
+// from events.CachingMux
+
+func (m *mockedCachingMux) Add(finder discover.Finder, cacheTime, negCacheTime time.Duration) {
+}
+
+func (m *mockedCachingMux) ChildErrors() map[string]error {
+	return nil
+}

lib/api/mocked_events_test.go

@@ -0,0 +1,19 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"time"
+
+	"github.com/syncthing/syncthing/lib/events"
+)
+
+type mockedEventSub struct{}
+
+func (s *mockedEventSub) Since(id int, into []events.Event, timeout time.Duration) []events.Event {
+	select {}
+}

lib/api/mocked_logger_test.go

@@ -0,0 +1,26 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"time"
+
+	"github.com/syncthing/syncthing/lib/logger"
+)
+
+type mockedLoggerRecorder struct{}
+
+func (r *mockedLoggerRecorder) Since(t time.Time) []logger.Line {
+	return []logger.Line{
+		{
+			When:    time.Now(),
+			Message: "Test message",
+		},
+	}
+}
+
+func (r *mockedLoggerRecorder) Clear() {}

lib/api/mocked_model_test.go

@@ -0,0 +1,189 @@
+// Copyright (C) 2016 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"net"
+	"time"
+
+	"github.com/syncthing/syncthing/lib/config"
+	"github.com/syncthing/syncthing/lib/connections"
+	"github.com/syncthing/syncthing/lib/db"
+	"github.com/syncthing/syncthing/lib/model"
+	"github.com/syncthing/syncthing/lib/protocol"
+	"github.com/syncthing/syncthing/lib/stats"
+	"github.com/syncthing/syncthing/lib/versioner"
+)
+
+type mockedModel struct{}
+
+func (m *mockedModel) GlobalDirectoryTree(folder, prefix string, levels int, dirsonly bool) map[string]interface{} {
+	return nil
+}
+
+func (m *mockedModel) Completion(device protocol.DeviceID, folder string) model.FolderCompletion {
+	return model.FolderCompletion{}
+}
+
+func (m *mockedModel) Override(folder string) {}
+
+func (m *mockedModel) Revert(folder string) {}
+
+func (m *mockedModel) NeedFolderFiles(folder string, page, perpage int) ([]db.FileInfoTruncated, []db.FileInfoTruncated, []db.FileInfoTruncated) {
+	return nil, nil, nil
+}
+
+func (m *mockedModel) RemoteNeedFolderFiles(device protocol.DeviceID, folder string, page, perpage int) ([]db.FileInfoTruncated, error) {
+	return nil, nil
+}
+
+func (m *mockedModel) NeedSize(folder string) db.Counts {
+	return db.Counts{}
+}
+
+func (m *mockedModel) ConnectionStats() map[string]interface{} {
+	return nil
+}
+
+func (m *mockedModel) DeviceStatistics() map[string]stats.DeviceStatistics {
+	return nil
+}
+
+func (m *mockedModel) FolderStatistics() map[string]stats.FolderStatistics {
+	return nil
+}
+
+func (m *mockedModel) CurrentFolderFile(folder string, file string) (protocol.FileInfo, bool) {
+	return protocol.FileInfo{}, false
+}
+
+func (m *mockedModel) CurrentGlobalFile(folder string, file string) (protocol.FileInfo, bool) {
+	return protocol.FileInfo{}, false
+}
+
+func (m *mockedModel) ResetFolder(folder string) {
+}
+
+func (m *mockedModel) Availability(folder string, file protocol.FileInfo, block protocol.BlockInfo) []model.Availability {
+	return nil
+}
+
+func (m *mockedModel) GetIgnores(folder string) ([]string, []string, error) {
+	return nil, nil, nil
+}
+
+func (m *mockedModel) SetIgnores(folder string, content []string) error {
+	return nil
+}
+
+func (m *mockedModel) GetFolderVersions(folder string) (map[string][]versioner.FileVersion, error) {
+	return nil, nil
+}
+
+func (m *mockedModel) RestoreFolderVersions(folder string, versions map[string]time.Time) (map[string]string, error) {
+	return nil, nil
+}
+
+func (m *mockedModel) PauseDevice(device protocol.DeviceID) {
+}
+
+func (m *mockedModel) ResumeDevice(device protocol.DeviceID) {}
+
+func (m *mockedModel) DelayScan(folder string, next time.Duration) {}
+
+func (m *mockedModel) ScanFolder(folder string) error {
+	return nil
+}
+
+func (m *mockedModel) ScanFolders() map[string]error {
+	return nil
+}
+
+func (m *mockedModel) ScanFolderSubdirs(folder string, subs []string) error {
+	return nil
+}
+
+func (m *mockedModel) BringToFront(folder, file string) {}
+
+func (m *mockedModel) Connection(deviceID protocol.DeviceID) (connections.Connection, bool) {
+	return nil, false
+}
+
+func (m *mockedModel) GlobalSize(folder string) db.Counts {
+	return db.Counts{}
+}
+
+func (m *mockedModel) LocalSize(folder string) db.Counts {
+	return db.Counts{}
+}
+
+func (m *mockedModel) ReceiveOnlyChangedSize(folder string) db.Counts {
+	return db.Counts{}
+}
+
+func (m *mockedModel) CurrentSequence(folder string) (int64, bool) {
+	return 0, false
+}
+
+func (m *mockedModel) RemoteSequence(folder string) (int64, bool) {
+	return 0, false
+}
+
+func (m *mockedModel) State(folder string) (string, time.Time, error) {
+	return "", time.Time{}, nil
+}
+
+func (m *mockedModel) UsageReportingStats(version int, preview bool) map[string]interface{} {
+	return nil
+}
+
+func (m *mockedModel) FolderErrors(folder string) ([]model.FileError, error) {
+	return nil, nil
+}
+
+func (m *mockedModel) WatchError(folder string) error {
+	return nil
+}
+
+func (m *mockedModel) LocalChangedFiles(folder string, page, perpage int) []db.FileInfoTruncated {
+	return nil
+}
+
+func (m *mockedModel) Serve()                                                                     {}
+func (m *mockedModel) Stop()                                                                      {}
+func (m *mockedModel) Index(deviceID protocol.DeviceID, folder string, files []protocol.FileInfo) {}
+func (m *mockedModel) IndexUpdate(deviceID protocol.DeviceID, folder string, files []protocol.FileInfo) {
+}
+
+func (m *mockedModel) Request(deviceID protocol.DeviceID, folder, name string, size int32, offset int64, hash []byte, weakHash uint32, fromTemporary bool) (protocol.RequestResponse, error) {
+	return nil, nil
+}
+
+func (m *mockedModel) ClusterConfig(deviceID protocol.DeviceID, config protocol.ClusterConfig) {}
+
+func (m *mockedModel) Closed(conn protocol.Connection, err error) {}
+
+func (m *mockedModel) DownloadProgress(deviceID protocol.DeviceID, folder string, updates []protocol.FileDownloadProgressUpdate) {
+}
+
+func (m *mockedModel) AddConnection(conn connections.Connection, hello protocol.HelloResult) {}
+
+func (m *mockedModel) OnHello(protocol.DeviceID, net.Addr, protocol.HelloResult) error {
+	return nil
+}
+
+func (m *mockedModel) GetHello(protocol.DeviceID) protocol.HelloIntf {
+	return nil
+}
+
+func (m *mockedModel) AddFolder(cfg config.FolderConfiguration) {}
+
+func (m *mockedModel) RestartFolder(from, to config.FolderConfiguration) {}
+
+func (m *mockedModel) StartFolder(folder string) {}
+
+func (m *mockedModel) StartDeadlockDetector(timeout time.Duration) {}

lib/api/support_bundle.go

@@ -0,0 +1,47 @@
+// Copyright (C) 2018 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package api
+
+import (
+	"archive/zip"
+	"io"
+
+	"github.com/syncthing/syncthing/lib/config"
+)
+
+// getRedactedConfig redacting some parts of config
+func getRedactedConfig(s *service) config.Configuration {
+	rawConf := s.cfg.RawCopy()
+	rawConf.GUI.APIKey = "REDACTED"
+	if rawConf.GUI.Password != "" {
+		rawConf.GUI.Password = "REDACTED"
+	}
+	if rawConf.GUI.User != "" {
+		rawConf.GUI.User = "REDACTED"
+	}
+	return rawConf
+}
+
+// writeZip writes a zip file containing the given entries
+func writeZip(writer io.Writer, files []fileEntry) error {
+	zipWriter := zip.NewWriter(writer)
+	defer zipWriter.Close()
+
+	for _, file := range files {
+		zipFile, err := zipWriter.Create(file.name)
+		if err != nil {
+			return err
+		}
+
+		_, err = zipFile.Write(file.data)
+		if err != nil {
+			return err
+		}
+	}
+
+	return zipWriter.Close()
+}

lib/api/testdata/config/cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3jCCAkigAwIBAgIBADALBgkqhkiG9w0BAQUwFDESMBAGA1UEAxMJc3luY3Ro
+aW5nMB4XDTE0MDMxNDA3MDA1M1oXDTQ5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ
+c3luY3RoaW5nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArDOcd5ft
+R7SnalxF1ckU3lDQpgfMIPhFDU//4dvdSSFevrMuVDTbUYhyCfGtg/g+F5TmKhZg
+E2peYhllITupz5MP7OHGaO2GHf2XnUDD4QUO3E+KVAUw7dyFSwy09esqApVLzH3+
+ov+QXyyzmRWPsJe9u18BHU1Hob/RmBhS9m2CAJgzN6EJ8KGjApiW3iR8lD/hjVyi
+IVde8IRD6qYHEJYiPJuziTVcQpCblVYxTz3ScmmT190/O9UvViIpcOPQdwgOdewP
+NNMK35c9Edt0AH5flYp6jgrja9NkLQJ3+KOiro6yl9IUS5w87GMxI8qzI8SgCAZZ
+pYSoLbu1FJPvxV4p5eHwuprBCwmFYZWw6Y7rqH0sN52C+3TeObJCMNP9ilPadqRI
++G0Q99TCaloeR022x33r/8D8SIn3FP35zrlFM+DvqlxoS6glbNb/Bj3p9vN0XONO
+RCuynOGe9F/4h/DaNnrbrRWqJOxBsZTsbbcJaKATfWU/Z9GcC+pUpPRhAgMBAAGj
+PzA9MA4GA1UdDwEB/wQEAwIAoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQUDggGBAFF8dklGoC43fMrUZfb4
+6areRWG8quO6cSX6ATzRQVJ8WJ5VcC7OJk8/FeiYA+wcvUJ/1Zm/VHMYugtOz5M8
+CrWAF1r9D3Xfe5D8qfrEOYG2XjxD2nFHCnkbY4fP+SMSuXaDs7ixQnzw0UFh1wsV
+9Jy/QrgXFAIFZtu1Nz+rrvoAgw24gkDhY3557MbmYfmfPsJ8cw+WJ845sxGMPFF2
+c+5EN0jiSm0AwZK11BMJda36ke829UZctDkopbGEg1peydDR5LiyhiTAPtWn7uT/
+PkzHYLuaECAkVbWC3bZLocMGOP6F1pG+BMr00NJgVy05ASQzi4FPjcZQNNY8s69R
+ZgoCIBaJZq3ti1EsZQ1H0Ynm2c2NMVKdj4czoy8a9ZC+DCuhG7EV5Foh20VhCWgA
+RfPhlHVJthuimsWBx39X85gjSBR017uk0AxOJa6pzh/b/RPCRtUfX8EArInS3XCf
+RvRtdrnBZNI3tiREopZGt0SzgDZUs4uDVBUX8HnHzyFJrg==
+-----END CERTIFICATE-----

lib/api/testdata/config/config.xml

@@ -0,0 +1,134 @@
+<configuration version="28">
+    <folder id="default" label="" path="s1/" type="sendreceive" rescanIntervalS="10" fsWatcherEnabled="false" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU" introducedBy=""></device>
+        <device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC" introducedBy=""></device>
+        <device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" introducedBy=""></device>
+        <device id="7PBCTLL-JJRYBSA-MOWZRKL-MSDMN4N-4US4OMX-SYEXUS4-HSBGNRY-CZXRXAT" introducedBy=""></device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning></versioning>
+        <copiers>1</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <useLargeBlocks>true</useLargeBlocks>
+    </folder>
+    <folder id="¯\_(ツ)_/¯ Räksmörgås 动作 Адрес" label="" path="s12-1/" type="sendreceive" rescanIntervalS="10" fsWatcherEnabled="false" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU" introducedBy=""></device>
+        <device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC" introducedBy=""></device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning></versioning>
+        <copiers>1</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <useLargeBlocks>true</useLargeBlocks>
+    </folder>
+    <device id="EJHMPAQ-OGCVORE-ISB4IS3-SYYVJXF-TKJGLTU-66DIQPF-GJ5D2GX-GQ3OWQK" name="s4" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://127.0.0.1:22004</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+    </device>
+    <device id="I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU" name="s1" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://127.0.0.1:22001</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+    </device>
+    <device id="MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC" name="s2" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://127.0.0.1:22002</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+    </device>
+    <device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" name="s3" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://127.0.0.1:22003</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+    </device>
+    <device id="7PBCTLL-JJRYBSA-MOWZRKL-MSDMN4N-4US4OMX-SYEXUS4-HSBGNRY-CZXRXAT" name="s4" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>tcp://127.0.0.1:22004</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+    </device>
+    <gui enabled="true" tls="false" debugging="true">
+        <address>127.0.0.1:8081</address>
+        <user>testuser</user>
+        <password>$2a$10$7tKL5uvLDGn5s2VLPM2yWOK/II45az0mTel8hxAUJDRQN1Tk2QYwu</password>
+        <apikey>abc123</apikey>
+        <theme>default</theme>
+    </gui>
+    <ldap></ldap>
+    <options>
+        <listenAddress>tcp://127.0.0.1:22001</listenAddress>
+        <globalAnnounceServer>default</globalAnnounceServer>
+        <globalAnnounceEnabled>false</globalAnnounceEnabled>
+        <localAnnounceEnabled>true</localAnnounceEnabled>
+        <localAnnouncePort>21027</localAnnouncePort>
+        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <reconnectionIntervalS>5</reconnectionIntervalS>
+        <relaysEnabled>false</relaysEnabled>
+        <relayReconnectIntervalM>10</relayReconnectIntervalM>
+        <startBrowser>false</startBrowser>
+        <natEnabled>true</natEnabled>
+        <natLeaseMinutes>0</natLeaseMinutes>
+        <natRenewalMinutes>30</natRenewalMinutes>
+        <natTimeoutSeconds>10</natTimeoutSeconds>
+        <urAccepted>3</urAccepted>
+        <urSeen>2</urSeen>
+        <urUniqueID>tmwxxCqi</urUniqueID>
+        <urURL>https://data.syncthing.net/newdata</urURL>
+        <urPostInsecurely>false</urPostInsecurely>
+        <urInitialDelayS>1800</urInitialDelayS>
+        <restartOnWakeup>true</restartOnWakeup>
+        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
+        <upgradeToPreReleases>false</upgradeToPreReleases>
+        <keepTemporariesH>24</keepTemporariesH>
+        <cacheIgnoredFiles>false</cacheIgnoredFiles>
+        <progressUpdateIntervalS>5</progressUpdateIntervalS>
+        <limitBandwidthInLan>false</limitBandwidthInLan>
+        <minHomeDiskFree unit="%">1</minHomeDiskFree>
+        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
+        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
+        <tempIndexMinBlocks>10</tempIndexMinBlocks>
+        <trafficClass>0</trafficClass>
+        <defaultFolderPath>~</defaultFolderPath>
+        <setLowPriority>true</setLowPriority>
+        <maxConcurrentScans>0</maxConcurrentScans>
+        <minHomeDiskFreePct>0</minHomeDiskFreePct>
+    </options>
+</configuration>

lib/api/testdata/config/https-cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5TCCAk+gAwIBAgIIBYqoKiSgB+owCwYJKoZIhvcNAQELMBQxEjAQBgNVBAMT
+CXN5bmN0aGluZzAeFw0xNDA5MTQyMjIzMzVaFw00OTEyMzEyMzU5NTlaMBQxEjAQ
+BgNVBAMTCXN5bmN0aGluZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AKZK/sjb6ZuVVHPvo77Cp5E8LfiznfoIWJRoX/MczE99iDyFZm1Wf9GFT8WhXICM
+C2kgGbr/gAxhkeEcZ500vhA2C+aois1DGcb+vNY53I0qp3vSUl4ow55R0xJ4UjpJ
+nJWF8p9iPDMwMP6WQ/E/ekKRKCOt0TFj4xqtiSt0pxPLeHfKVpWXxqIVDhnsoGQ+
+NWuUjM3FkmEmhp5DdRtwskiZZYz1zCgoHkFzKt/+IxjCuzbO0+Ti8R3b/d0A+WLN
+LHr0SjatajLbHebA+9c3ts6t3V5YzcMqDJ4MyxFtRoXFJjEbcM9IqKQE8t8TIhv8
+a302yRikJ2uPx+fXJGospnmWCbaK2rViPbvICSgvSBA3As0f3yPzXsEt+aW5NmDV
+fLBX1DU7Ow6oBqZTlI+STrzZR1qfvIuweIWoPqnPNd4sxuoxAK50ViUKdOtSYL/a
+F0eM3bqbp2ozhct+Bfmqu2oI/RHXe+RUfAXrlFQ8p6jcISW2ip+oiBtR4GZkncI9
+YQIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCAKAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwCwYJKoZIhvcNAQELA4IBgQBsYc5XVQy5
+aJVdwx+mAKiuCs5ZCvV4H4VWY9XUwEJuUUD3yXw2xyzuQl5+lOxfiQcaudhVwARC
+Dao75MUctXmx1YU+J5G31cGdC9kbxWuo1xypkK+2Zl+Kwh65aod3OkHVz9oNkKpf
+JnXbdph4UiFJzijSruXDDaerrQdABUvlusPozZn8vMwZ21Ls/eNIOJvA0S2d2jep
+fvmu7yQPejDp7zcgPdmneuZqmUyXLxxFopYqHqFQVM8f+Y8iZ8HnMiAJgLKQcmro
+pp1z/NY0Xr0pLyBY5d/sO+tZmQkyUEWegHtEtQQOO+x8BWinDEAurej/YvZTWTmN
++YoUvGdKyV6XfC6WPFcUDFHY4KPSqS3xoLmoVV4xNjJU3aG/xL4uDencNZR/UFNw
+wKsdvm9SX4TpSLlQa0wu1iNv7QyeR4ZKgaBNSwp2rxpatOi7TTs9KRPfjLFLpYAg
+bIons/a890SIxpuneuhQZkH63t930EXIZ+9GkU0aUs7MFg5cCmwmlvE=
+-----END CERTIFICATE-----

lib/api/testdata/config/https-key.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEApkr+yNvpm5VUc++jvsKnkTwt+LOd+ghYlGhf8xzMT32IPIVm
+bVZ/0YVPxaFcgIwLaSAZuv+ADGGR4RxnnTS+EDYL5qiKzUMZxv681jncjSqne9JS
+XijDnlHTEnhSOkmclYXyn2I8MzAw/pZD8T96QpEoI63RMWPjGq2JK3SnE8t4d8pW
+lZfGohUOGeygZD41a5SMzcWSYSaGnkN1G3CySJlljPXMKCgeQXMq3/4jGMK7Ns7T
+5OLxHdv93QD5Ys0sevRKNq1qMtsd5sD71ze2zq3dXljNwyoMngzLEW1GhcUmMRtw
+z0iopATy3xMiG/xrfTbJGKQna4/H59ckaiymeZYJtoratWI9u8gJKC9IEDcCzR/f
+I/NewS35pbk2YNV8sFfUNTs7DqgGplOUj5JOvNlHWp+8i7B4hag+qc813izG6jEA
+rnRWJQp061Jgv9oXR4zdupunajOFy34F+aq7agj9Edd75FR8BeuUVDynqNwhJbaK
+n6iIG1HgZmSdwj1hAgMBAAECggGAQkd334TPSmStgXwNLrYU5a0vwYWNvJ9g9t3X
+CGX9BN3K1BxzY7brQQ46alHTNaUb0y2pM8AsQEMPSsLwhVcFPh7chXW9xOwutQLJ
+LzVms5lBofeFPuROe6avUxhD5dl7IJl/x4j254wYqxAnSlt7llaWwgnAbEgct4Bd
+QMXA5gHeJRivg/Y3hFiSA0Et+GZXEmbl7AoIOtKJK0FFxscXOBpzwEgjtAmxbXLC
+rv5y7KaIyeKL0Bmn8rfBKjn+LCQMJt4wZCrNtFLg3aSpkmqZl6r8Q84OwHMp2x8l
+SFNVi7j1Cv8DC/yhyEOCbHIRZrK/vzt6Cqe+yjr1UG9niwhQJbEvaV26odzvMSNZ
+1VodN+ltCZRFFEBc+z3CR7SKDZayT93dLxolzQ4DuSfDnk0fBLtOfeISxS/Wg7Yv
+5q0XF6cTmQEsDbuDswvlHo3k8w3cjz9SmxMasxgHx6jHkSBbkw0iFLT3KdqA8PrG
+D3uo67fIQEkcncmRLP3I1qUiWX21AoHBAMVQLLgOd3bOrByyVeugA+5dhef0uopJ
+GadzBlAT4EY7Vuxu1Qu/m876FnhQc3tGTLfZhcnL9VXV+3DSTosfRz+YDm+K5lOh
+ZRtswuZscm+l26X+2j1h+AGW8SIz5f9M0CnFpqjC8KkopPk/ZKTcDvrNRRxI5EPx
+TPZaiPhztlcsc7K5jkLJRL0GiadUniOFY7kUA18hs3MEyzkdYbz8WolUyHeSJT2H
+hmpdsA5tzUKB1NVdsIsjWESQF3Hd2FFHMwKBwQDXwOCUq5KSBKa1BSO1oQxhyHy3
+ZQ86d5weLNxovwrHd4ivaVPJ46YLjNk+/q685XPUfoDxO1fnyIYIy4ChtkhXmyli
+LOPfNt0iSW2M1/L1wb6ZwMz+RWpb3zqPgjMlDCEtD5hQ8Cl5do2tyh3sIrLgamVG
+sY1hx+VD0BmXUUTGjl8nJqQSMYl6IXTKzrFrx+QWdzA0yWN753XiAF5cLkxNahes
+SKb/ibrMtO/JKt3RBlZPS3wiFRkxtNcS1HrVWRsCgcBaFir0thYxNlc6munDtMFW
+uXiD2Sa6MHn4C/pb4VdKeZlMRaYbwRYAQAq2T/UJ2aT5Y+VDp02SLSqp7jtSJavA
+C0q7/qz+jfe9t8Cct/LfqthIR72YvPwgravWs99U2ttH1ygqcSaz9QytiBYJdzeX
+ptTg/x7JLoi3CcrztNERqAgDF9kuAPrTWwLKVUYGbcaEH/ESJC7sWsn2f8W6JXWo
+sf79KMq79v6V3cSeMd+/d8uWxzntrOuGEkvB/0negiUCgcEAp0YwGLQJGFKo2XIZ
+pIkva2SgZSPiMadoj/CiFkf/2HRxseYMg1uPcicKjA+zdFrFejt2RxGGbvsGCC2X
+FkmYPuvaovZA2d/UhO+/EtKe2TEUUGqtxHoXIxGoenkspA2Kb0BHDIGW9kgXQmWQ
+23JvkxSKXsvr3KK5uuDN5oaotvTNCzKnRD/J4bmsrkygO/sneM+BvXtiOT9UIxu8
+DOYMXHzjy7wsVbT38hxaSHKGtbefFS1mGZqYBPS7Rysb7Ot/AoHBAL0SAbt1a2Ol
+ObrK8vjTHcQHJH74n+6PWRfsBO+UJ1vtOYFzW85BiVZmi8tC4bJ0Hd89TT7AibzP
+L1Ftrn0XmBfniwV1SsrjVaRy/KbBeUhjruqyQ2oDLEU7DAm5Z2jG4aG2rLbXYAS9
+yOQITLN5AVraI4Pr1IWjZTzd/zaaWA5nFNthyXSww1II0f1BgX1S/49k4aWjXeMn
+FrKN5T7BqIh9W6d7YTrzXoH9lEsUPQHV/ci+YRP4mrfrcC9hJZ3O9g==
+-----END RSA PRIVATE KEY-----

lib/api/testdata/config/key.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEArDOcd5ftR7SnalxF1ckU3lDQpgfMIPhFDU//4dvdSSFevrMu
+VDTbUYhyCfGtg/g+F5TmKhZgE2peYhllITupz5MP7OHGaO2GHf2XnUDD4QUO3E+K
+VAUw7dyFSwy09esqApVLzH3+ov+QXyyzmRWPsJe9u18BHU1Hob/RmBhS9m2CAJgz
+N6EJ8KGjApiW3iR8lD/hjVyiIVde8IRD6qYHEJYiPJuziTVcQpCblVYxTz3ScmmT
+190/O9UvViIpcOPQdwgOdewPNNMK35c9Edt0AH5flYp6jgrja9NkLQJ3+KOiro6y
+l9IUS5w87GMxI8qzI8SgCAZZpYSoLbu1FJPvxV4p5eHwuprBCwmFYZWw6Y7rqH0s
+N52C+3TeObJCMNP9ilPadqRI+G0Q99TCaloeR022x33r/8D8SIn3FP35zrlFM+Dv
+qlxoS6glbNb/Bj3p9vN0XONORCuynOGe9F/4h/DaNnrbrRWqJOxBsZTsbbcJaKAT
+fWU/Z9GcC+pUpPRhAgMBAAECggGAL8+Unc/c3Y/W+7zq1tShqqgdhjub/XtxEKUp
+kngNFITjXWc6cb7LNfQAVap4Vq/R7ZI15XGY80sRMYODhJqgJzXZshdtkyx/lEwY
+kFyvBgb1fU3IRlO6phAYIiJBDBZi75ysEvbYgEEcwJAUvWgzIQDAeQmDsbMHNG2h
+r+zw++Kjua6IaeWYcOsv60Safsr6m96wrSMPENrFTVor0TaPt5c3okRIsMvT9ddY
+mzn3Lt0nVQTjO4f+SoqCPhP2FZXqksfKlZlKlr6BLxXGt6b49OrLSXM5eQXIcIZn
+ZDRsO24X5z8156qPgM9cA8oNEjuSdnArUTreBOsTwNoSpf24Qadsv/uTZlaHM19V
+q6zQvkjH3ERcOpixmg48TKdIj8cPYxezvcbNqSbZmdyQuaVlgDbUxwYI8A4IhhWl
+6xhwpX3qPDgw/QHIEngFIWfiIfCk11EPY0SN4cGO6f1rLYug8kqxMPuIQ5Jz9Hhx
+eFSRnr/fWoJcVYG6bMDKn9YWObQBAoHBAM8NahsLbjl8mdT43LH1Od1tDmDch+0Y
+JM7TgiIN/GM3piZSpGMOFqToLAqvY+Gf3l4sPgNs10cqdPAEpMk8MJ/IXGmbKq38
+iVmMaqHTQorCxyUbc54q9AbFU4HKv//F6ZN6K1wSaJt2RBeZpYI+MyBXr5baFiBZ
+ddXtXlqoEcCFyNR0DhlXrlZPs+cnyM2ZDp++lpn9Wfy+zkv36+NWpAkXVnARjxdF
+l6M+L7OlurYAWiyJE4uHUjawAM82i5+w8QKBwQDU6RCN6/AMmVrYqPy+7QcnAq67
+tPDv25gzVExeMKLBAMoz1TkMS+jIF1NMp3cYg5GbLqvx8Qd27fjFbWe/GPeZvlgL
+qdQI/T8J60dHAySMeOFOB2QWXhI1kwh0b2X0SDkTgfdJBKGdrKVcLTuLyVE24exu
+yRc8cXpYwBtVkXNBYFd7XEM+tC4b1khO23OJXHJUen9+hgsmn8/zUjASAoq3+Zly
+J+OHwwXcDcTFLeok3kX3A9NuqIV/Fa9DOGYlenECgcEAvO1onDTZ5uqjE4nhFyDE
+JB+WtxuDi/wz2eV1IM3SNlZY7S8LgLciQmb3iOhxIzdVGGkWTNnLtcwv17LlCho5
+5BJXAKXtU8TTLzrJMdArL6J7RIi//tsCwAreH9h5SVG1yDP5zJGfkftgNoikVSuc
+Sy63sdZdyjbXJtTo+5/QUvPARNuA4e73zRn89jd/Kts2VNz7XpemvND+PKOEQnSU
+SRdab/gVsQ53RyU/MZVPwTKhFXIeu3pGsk/27RzAWn6BAoHBAMIRYwaKDffd/SHJ
+/v+lHEThvBXa21c26ae36hhc6q1UI/tVGrfrpVZldIdFilgs7RbvVsmksvIj/gMv
+M0bL4j0gdC7FcUF0XPaUoBbJdZIZSP0P3ZpJyv1MdYN0WxFsl6IBcD79WrdXPC8m
+B8XmDgIhsppU77onkaa+DOxVNSJdR8BpG95W7ERxcN14SPrm6ku4kOfqFNXzC+C1
+hJ2V9Y22lLiqRUplaLzpS/eTX36VoF6E/T87mtt5D5UNHoaA8QKBwH5sRqZXoatU
+X+vw1MHU5eptMwG7LXR0gw2xmvG3cCN4hbnnBp5YaXlWPiIMmaWhpvschgBIo1TP
+qGWUpMEETGES18NenLBym+tWIXlfuyZH3B4NUi4kItiZaKb09LzmTjFvzdfQzun4
+HzIeigTNBDHdS0rdicNIn83QLZ4pJaOZJHq79+mFYkp+9It7UUoWsws6DGl/qX8o
+0cj4NmJB6QiJa1QCzrGkaajbtThbFoQal9Twk2h3jHgJzX3FbwCpLw==
+-----END RSA PRIVATE KEY-----

lib/api/testdata/default/a

@@ -0,0 +1 @@
+overridden-default

lib/api/testdata/default/b

@@ -0,0 +1 @@
+overridden-default

lib/api/testdata/default/d

@@ -0,0 +1 @@
+overridden-default

lib/api/testdata/foo/a

@@ -0,0 +1 @@
+overridden-foo