~netlandish/links: Make AutoTLS a config option instead of depending on debug being

5 files changed, 34 insertions(+), 45 deletions(-)

M cmd/links/main.go
M cmd/list/main.go
M cmd/server.go
M cmd/short/main.go
M config.example.ini

M cmd/links/main.go => cmd/links/main.go +3 -15

@@ 28,7 28,6 @@ import (
 
 	work "git.sr.ht/~sircmpwn/dowork"
 	"github.com/labstack/echo/v4"
-	"golang.org/x/crypto/acme/autocert"
 	"netlandish.com/x/gobwebs"
 	formguard "netlandish.com/x/gobwebs-formguard"
 	oauth2 "netlandish.com/x/gobwebs-oauth2"


@@ 132,12 131,6 @@ func run() error {
 		return fmt.Errorf("Unknown storage service configured")
 	}
 
-	certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir")
-	if !ok || certcachedir == "" {
-		certcachedir = "./.cache"
-	}
-
-	var tlsman autocert.Manager
 	e := echo.New()
 
 	// email work queue and service, general task queue


@@ 188,14 181,9 @@ func run() error {
 			auth.AuthMiddleware(accounts.NewUserFetch()),
 		)
 
-	if !config.Debug {
-		tlsman = autocert.Manager{
-			Prompt:     autocert.AcceptTOS,
-			Cache:      autocert.DirCache(certcachedir),
-			Email:      config.AdminEmail,
-			HostPolicy: core.DomainHostPolicy(db, models.DomainServiceLinks),
-		}
-		srv = srv.WithCertManager(&tlsman)
+	tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks)
+	if tlsman != nil {
+		srv = srv.WithCertManager(tlsman)
 	}
 
 	srv.AddStaticFunc(

M cmd/list/main.go => cmd/list/main.go +5 -16

@@ 17,7 17,6 @@ import (
 
 	work "git.sr.ht/~sircmpwn/dowork"
 	"github.com/labstack/echo/v4"
-	"golang.org/x/crypto/acme/autocert"
 	"netlandish.com/x/gobwebs/config"
 	"netlandish.com/x/gobwebs/crypto"
 	"netlandish.com/x/gobwebs/database"


@@ 46,11 45,6 @@ func run() error {
 		return fmt.Errorf("No access entropy set. Required value")
 	}
 
-	certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir")
-	if !ok || certcachedir == "" {
-		certcachedir = "./.cache"
-	}
-
 	if val, ok := config.File.Get("links", "list-listen-address"); ok {
 		if val != "" {
 			config.ListenAddr = val


@@ 91,20 85,15 @@ func run() error {
 			core.CORSReadOnlyMiddleware,
 		)
 
+	tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks)
+	if tlsman != nil {
+		srv = srv.WithCertManager(tlsman)
+	}
+
 	srv.AddStaticFunc(
 		core.AddGlobalTmpl,
 	)
 
-	if !config.Debug {
-		tlsman := autocert.Manager{
-			Prompt:     autocert.AcceptTOS,
-			Cache:      autocert.DirCache(certcachedir),
-			Email:      config.AdminEmail,
-			HostPolicy: core.DomainHostPolicy(db, models.DomainServiceShort),
-		}
-		srv = srv.WithCertManager(&tlsman)
-	}
-
 	srv.AddFuncs(template.FuncMap{
 		"staticURL": func(path string) string {
 			url, _ := url.JoinPath(config.StaticURL, path)

M cmd/server.go => cmd/server.go +21 -0

@@ 3,8 3,10 @@ package cmd
 import (
 	"database/sql"
 	"fmt"
+	"links/core"
 	"strconv"
 
+	"golang.org/x/crypto/acme/autocert"
 	"netlandish.com/x/gobwebs/config"
 	"netlandish.com/x/gobwebs/storage"
 	"petersanchez.com/x/carrier"


@@ 185,3 187,22 @@ func LoadStorageService(config *config.Config) (storage.Service, error) {
 	}
 	return storesvc, nil
 }
+
+// LoadAutoTLS ...
+func LoadAutoTLS(config *config.Config, db *sql.DB, service int) *autocert.Manager {
+	autotls, ok := config.File.Get("links", "auto-tls")
+	if ok || autotls == "false" {
+		// Enabled by default
+		return nil
+	}
+	certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir")
+	if !ok || certcachedir == "" {
+		certcachedir = "./.cache"
+	}
+	return &autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		Cache:      autocert.DirCache(certcachedir),
+		Email:      config.AdminEmail,
+		HostPolicy: core.DomainHostPolicy(db, service),
+	}
+}

M cmd/short/main.go => cmd/short/main.go +3 -14

@@ 15,7 15,6 @@ import (
 
 	work "git.sr.ht/~sircmpwn/dowork"
 	"github.com/labstack/echo/v4"
-	"golang.org/x/crypto/acme/autocert"
 	"netlandish.com/x/gobwebs/config"
 	"netlandish.com/x/gobwebs/crypto"
 	"netlandish.com/x/gobwebs/database"


@@ 57,11 56,6 @@ func run() error {
 		}
 	}
 
-	certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir")
-	if !ok || certcachedir == "" {
-		certcachedir = "./.cache"
-	}
-
 	db, err := cmd.OpenDB(config)
 	if err != nil {
 		return fmt.Errorf("Unable to open connection to PostgreSQL: %v", err)


@@ 89,14 83,9 @@ func run() error {
 			core.CORSReadOnlyMiddleware,
 		)
 
-	if !config.Debug {
-		tlsman := autocert.Manager{
-			Prompt:     autocert.AcceptTOS,
-			Cache:      autocert.DirCache(certcachedir),
-			Email:      config.AdminEmail,
-			HostPolicy: core.DomainHostPolicy(db, models.DomainServiceShort),
-		}
-		srv = srv.WithCertManager(&tlsman)
+	tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks)
+	if tlsman != nil {
+		srv = srv.WithCertManager(tlsman)
 	}
 
 	redirectService := e.Group("")

M config.example.ini => config.example.ini +2 -0

@@ 112,6 112,8 @@ max-upload-size=10737418
 # URL for the GraphQL API instance
 api-origin=http://127.0.0.1:8080/query
 
+# Enable AutoTLS / SSL Cert management?
+auto-tls=true
 # Where will SSL certs be stored
 ssl-cert-cachedir=/var/www/.cache