Upstream/pages-server
2
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2024-06-16 08:00:54 +02:00
Code Issues Projects Releases Wiki Activity

improve

Browse Source
This commit is contained in:
6543 2023-02-09 22:03:11 +01:00
parent 1c5561231b
commit aa21b81586
5 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/certs.go
View File

@ -85,11 +85,11 @@ func migrateCerts(ctx *cli.Context) error {
} }
func listCerts(ctx *cli.Context) error { func listCerts(ctx *cli.Context) error {
certDB, close, err := openCertDB(ctx) certDB, closeFn, err := openCertDB(ctx)
if err != nil { if err != nil {
return err return err
} }
defer close() defer closeFn()
items, err := certDB.Items(0, 0) items, err := certDB.Items(0, 0)
if err != nil { if err != nil {
@ -115,11 +115,11 @@ func removeCert(ctx *cli.Context) error {
domains := ctx.Args().Slice() domains := ctx.Args().Slice()
certDB, close, err := openCertDB(ctx) certDB, closeFn, err := openCertDB(ctx)
if err != nil { if err != nil {
return err return err
} }
defer close() defer closeFn()
for _, domain := range domains { for _, domain := range domains {
fmt.Printf("Removing domain %s from the database...\n", domain) fmt.Printf("Removing domain %s from the database...\n", domain)

4
cmd/main.go
View File

@ -74,11 +74,11 @@ func Serve(ctx *cli.Context) error {
} }
// Init ssl cert database // Init ssl cert database
certDB, close, err := openCertDB(ctx) certDB, closeFn, err := openCertDB(ctx)
if err != nil { if err != nil {
return err return err
} }
defer close() defer closeFn()
keyCache := cache.NewKeyValueCache() keyCache := cache.NewKeyValueCache()
challengeCache := cache.NewKeyValueCache() challengeCache := cache.NewKeyValueCache()

6
cmd/setup.go
View File

@ -9,7 +9,7 @@ import (
"codeberg.org/codeberg/pages/server/database" "codeberg.org/codeberg/pages/server/database"
) )
func openCertDB(ctx *cli.Context) (certDB database.CertDB, close func(), err error) { func openCertDB(ctx *cli.Context) (certDB database.CertDB, closeFn func(), err error) {
if ctx.String("db-type") != "" { if ctx.String("db-type") != "" {
log.Trace().Msg("use xorm mode") log.Trace().Msg("use xorm mode")
certDB, err = database.NewXormDB(ctx.String("db-type"), ctx.String("db-conn")) certDB, err = database.NewXormDB(ctx.String("db-type"), ctx.String("db-conn"))
@ -35,11 +35,11 @@ The simplest way is, to use './pages certs migrate' and set environment var DB_T
} }
} }
close = func() { closeFn = func() {
if err := certDB.Close(); err != nil { if err := certDB.Close(); err != nil {
log.Error().Err(err) log.Error().Err(err)
} }
} }
return certDB, close, nil return certDB, closeFn, nil
} }

27
server/certificates/certificates.go
View File

@ -208,7 +208,7 @@ func retrieveCertFromDB(sni, mainDomainSuffix, dnsProvider string, acmeUseRateLi
tlsCertificate, err := tls.X509KeyPair(res.Certificate, res.PrivateKey) tlsCertificate, err := tls.X509KeyPair(res.Certificate, res.PrivateKey)
if err != nil { if err != nil {
panic(err) log.Error().Err(err).Msgf("could not create tlsCert from key pair: %v", res)
} }
// TODO: document & put into own function // TODO: document & put into own function
@ -423,7 +423,7 @@ func SetupCertificates(mainDomainSuffix, dnsProvider string, acmeConfig *lego.Co
// getting main cert before ACME account so that we can fail here without hitting rate limits // getting main cert before ACME account so that we can fail here without hitting rate limits
mainCertBytes, err := certDB.Get(mainDomainSuffix) mainCertBytes, err := certDB.Get(mainDomainSuffix)
if err != nil { if err != nil {
return fmt.Errorf("cert database is not working") return fmt.Errorf("cert database is not working: %w", err)
} }
acmeClient, err = lego.NewClient(acmeConfig) acmeClient, err = lego.NewClient(acmeConfig)
@ -477,7 +477,7 @@ func SetupCertificates(mainDomainSuffix, dnsProvider string, acmeConfig *lego.Co
func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffix, dnsProvider string, acmeUseRateLimits bool, certDB database.CertDB) { func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffix, dnsProvider string, acmeUseRateLimits bool, certDB database.CertDB) {
for { for {
// delete expired certs that will be invalid until next clean up // delete expired certs that will be invalid until next clean up
threshold := time.Now().Add(-interval) threshold := time.Now().Add(interval)
expiredCertCount := 0 expiredCertCount := 0
certs, err := certDB.Items(0, 0) certs, err := certDB.Items(0, 0)
@ -515,15 +515,18 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffi
log.Error().Msgf("Couldn't renew certificate for main domain %q expected main domain cert to exist, but it's missing - seems like the database is corrupted", mainDomainSuffix) log.Error().Msgf("Couldn't renew certificate for main domain %q expected main domain cert to exist, but it's missing - seems like the database is corrupted", mainDomainSuffix)
} else { } else {
tlsCertificates, err := certcrypto.ParsePEMBundle(res.Certificate) tlsCertificates, err := certcrypto.ParsePEMBundle(res.Certificate)
if err != nil {
// renew main certificate 30 days before it expires log.Error().Err(fmt.Errorf("could not parse cert for mainDomainSuffix: %w", err))
if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) { } else {
go (func() { // renew main certificate 30 days before it expires
_, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB) if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
if err != nil { go (func() {
log.Error().Err(err).Msg("Couldn't renew certificate for main domain") _, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB)
} if err != nil {
})() log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
}
})()
}
} }
} }

5
server/database/xorm.go
View File

@ -67,10 +67,9 @@ func (x xDB) Get(domain string) (*certificate.Resource, error) {
cert := new(Cert) cert := new(Cert)
log.Trace().Str("domain", domain).Msg("get cert from db") log.Trace().Str("domain", domain).Msg("get cert from db")
if _, err := x.engine.ID(domain).Get(&cert); err != nil { if found, err := x.engine.ID(domain).Get(cert); err != nil {
return nil, err return nil, err
} } else if !found {
if cert == nil {
return nil, fmt.Errorf("%w: name='%s'", ErrNotFound, domain) return nil, fmt.Errorf("%w: name='%s'", ErrNotFound, domain)
} }
return cert.Raw(), nil return cert.Raw(), nil