From af4d7bfaf5a3640d3b85a13cc9d54f9649d3543c Mon Sep 17 00:00:00 2001 From: Peter Sanchez Date: Thu, 8 Feb 2024 16:30:04 -0600 Subject: [PATCH] Make AutoTLS a config option instead of depending on debug being enabled. Implements: https://todo.code.netlandish.com/~netlandish/links/45 --- cmd/links/main.go | 18 +++--------------- cmd/list/main.go | 21 +++++---------------- cmd/server.go | 21 +++++++++++++++++++++ cmd/short/main.go | 17 +++-------------- config.example.ini | 2 ++ 5 files changed, 34 insertions(+), 45 deletions(-) diff --git a/cmd/links/main.go b/cmd/links/main.go index 45667b4..34dcbf0 100644 --- a/cmd/links/main.go +++ b/cmd/links/main.go @@ -28,7 +28,6 @@ import ( work "git.sr.ht/~sircmpwn/dowork" "github.com/labstack/echo/v4" - "golang.org/x/crypto/acme/autocert" "netlandish.com/x/gobwebs" formguard "netlandish.com/x/gobwebs-formguard" oauth2 "netlandish.com/x/gobwebs-oauth2" @@ -132,12 +131,6 @@ func run() error { return fmt.Errorf("Unknown storage service configured") } - certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir") - if !ok || certcachedir == "" { - certcachedir = "./.cache" - } - - var tlsman autocert.Manager e := echo.New() // email work queue and service, general task queue @@ -188,14 +181,9 @@ func run() error { auth.AuthMiddleware(accounts.NewUserFetch()), ) - if !config.Debug { - tlsman = autocert.Manager{ - Prompt: autocert.AcceptTOS, - Cache: autocert.DirCache(certcachedir), - Email: config.AdminEmail, - HostPolicy: core.DomainHostPolicy(db, models.DomainServiceLinks), - } - srv = srv.WithCertManager(&tlsman) + tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks) + if tlsman != nil { + srv = srv.WithCertManager(tlsman) } srv.AddStaticFunc( diff --git a/cmd/list/main.go b/cmd/list/main.go index 0ca8f78..29e3ff2 100644 --- a/cmd/list/main.go +++ b/cmd/list/main.go @@ -17,7 +17,6 @@ import ( work "git.sr.ht/~sircmpwn/dowork" "github.com/labstack/echo/v4" - "golang.org/x/crypto/acme/autocert" "netlandish.com/x/gobwebs/config" "netlandish.com/x/gobwebs/crypto" "netlandish.com/x/gobwebs/database" @@ -46,11 +45,6 @@ func run() error { return fmt.Errorf("No access entropy set. Required value") } - certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir") - if !ok || certcachedir == "" { - certcachedir = "./.cache" - } - if val, ok := config.File.Get("links", "list-listen-address"); ok { if val != "" { config.ListenAddr = val @@ -91,20 +85,15 @@ func run() error { core.CORSReadOnlyMiddleware, ) + tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks) + if tlsman != nil { + srv = srv.WithCertManager(tlsman) + } + srv.AddStaticFunc( core.AddGlobalTmpl, ) - if !config.Debug { - tlsman := autocert.Manager{ - Prompt: autocert.AcceptTOS, - Cache: autocert.DirCache(certcachedir), - Email: config.AdminEmail, - HostPolicy: core.DomainHostPolicy(db, models.DomainServiceShort), - } - srv = srv.WithCertManager(&tlsman) - } - srv.AddFuncs(template.FuncMap{ "staticURL": func(path string) string { url, _ := url.JoinPath(config.StaticURL, path) diff --git a/cmd/server.go b/cmd/server.go index 47eda24..28ed5ed 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -3,8 +3,10 @@ package cmd import ( "database/sql" "fmt" + "links/core" "strconv" + "golang.org/x/crypto/acme/autocert" "netlandish.com/x/gobwebs/config" "netlandish.com/x/gobwebs/storage" "petersanchez.com/x/carrier" @@ -185,3 +187,22 @@ func LoadStorageService(config *config.Config) (storage.Service, error) { } return storesvc, nil } + +// LoadAutoTLS ... +func LoadAutoTLS(config *config.Config, db *sql.DB, service int) *autocert.Manager { + autotls, ok := config.File.Get("links", "auto-tls") + if ok || autotls == "false" { + // Enabled by default + return nil + } + certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir") + if !ok || certcachedir == "" { + certcachedir = "./.cache" + } + return &autocert.Manager{ + Prompt: autocert.AcceptTOS, + Cache: autocert.DirCache(certcachedir), + Email: config.AdminEmail, + HostPolicy: core.DomainHostPolicy(db, service), + } +} diff --git a/cmd/short/main.go b/cmd/short/main.go index ad4df22..da57e91 100644 --- a/cmd/short/main.go +++ b/cmd/short/main.go @@ -15,7 +15,6 @@ import ( work "git.sr.ht/~sircmpwn/dowork" "github.com/labstack/echo/v4" - "golang.org/x/crypto/acme/autocert" "netlandish.com/x/gobwebs/config" "netlandish.com/x/gobwebs/crypto" "netlandish.com/x/gobwebs/database" @@ -57,11 +56,6 @@ func run() error { } } - certcachedir, ok := config.File.Get("links", "ssl-cert-cachedir") - if !ok || certcachedir == "" { - certcachedir = "./.cache" - } - db, err := cmd.OpenDB(config) if err != nil { return fmt.Errorf("Unable to open connection to PostgreSQL: %v", err) @@ -89,14 +83,9 @@ func run() error { core.CORSReadOnlyMiddleware, ) - if !config.Debug { - tlsman := autocert.Manager{ - Prompt: autocert.AcceptTOS, - Cache: autocert.DirCache(certcachedir), - Email: config.AdminEmail, - HostPolicy: core.DomainHostPolicy(db, models.DomainServiceShort), - } - srv = srv.WithCertManager(&tlsman) + tlsman := cmd.LoadAutoTLS(config, db, models.DomainServiceLinks) + if tlsman != nil { + srv = srv.WithCertManager(tlsman) } redirectService := e.Group("") diff --git a/config.example.ini b/config.example.ini index f9f7d4f..c488b22 100644 --- a/config.example.ini +++ b/config.example.ini @@ -112,6 +112,8 @@ max-upload-size=10737418 # URL for the GraphQL API instance api-origin=http://127.0.0.1:8080/query +# Enable AutoTLS / SSL Cert management? +auto-tls=true # Where will SSL certs be stored ssl-cert-cachedir=/var/www/.cache -- 2.45.2