pages-server/server/database/interface.go

package database

import (
	"fmt"

	"github.com/go-acme/lego/v4/certcrypto"
	"github.com/go-acme/lego/v4/certificate"
	"github.com/rs/zerolog/log"
)

type CertDB interface {
	Close() error
	Put(name string, cert *certificate.Resource) error
	Get(name string) (*certificate.Resource, error)
	Delete(key string) error
	Items(page, pageSize int) ([]*Cert, error)
}

type Cert struct {
	Domain    string `xorm:"pk      NOT NULL UNIQUE    'domain'"`
	Created   int64  `xorm:"created NOT NULL DEFAULT 0 'created'"`
	Updated   int64  `xorm:"updated NOT NULL DEFAULT 0 'updated'"`
	ValidTill int64  `xorm:"        NOT NULL DEFAULT 0 'valid_till'"`
	// certificate.Resource
	CertURL           string `xorm:"'cert_url'"`
	CertStableURL     string `xorm:"'cert_stable_url'"`
	PrivateKey        []byte `xorm:"'private_key'"`
	Certificate       []byte `xorm:"'certificate'"`
	IssuerCertificate []byte `xorm:"'issuer_certificate'"`
}

func (c Cert) Raw() *certificate.Resource {
	return &certificate.Resource{
		Domain:            c.Domain,
		CertURL:           c.CertURL,
		CertStableURL:     c.CertStableURL,
		PrivateKey:        c.PrivateKey,
		Certificate:       c.Certificate,
		IssuerCertificate: c.IssuerCertificate,
	}
}

func toCert(name string, c *certificate.Resource) (*Cert, error) {
	tlsCertificates, err := certcrypto.ParsePEMBundle(c.Certificate)
	if err != nil {
		return nil, err
	}
	if len(tlsCertificates) == 0 || tlsCertificates[0] == nil {
		err := fmt.Errorf("parsed cert resource has no cert")
		log.Error().Err(err).Str("domain", c.Domain).Msgf("cert: %v", c)
		return nil, err
	}
	validTill := tlsCertificates[0].NotAfter.Unix()

	// handle wildcard certs
	if name[:1] == "." {
		name = "*" + name
	}
	if name != c.Domain {
		err := fmt.Errorf("domain key '%s' and cert domain '%s' not equal", name, c.Domain)
		log.Error().Err(err).Msg("toCert conversion did discover mismatch")
		// TODO: fail hard: return nil, err
	}

	return &Cert{
		Domain:    c.Domain,
		ValidTill: validTill,

		CertURL:           c.CertURL,
		CertStableURL:     c.CertStableURL,
		PrivateKey:        c.PrivateKey,
		Certificate:       c.Certificate,
		IssuerCertificate: c.IssuerCertificate,
	}, nil
}
open key-database deterministic 2021-12-03 03:15:48 +00:00			`package database`

rm certDB helper and build in 2021-12-05 18:00:57 +00:00			`import (`
Add cert store option based on sqlite3, mysql & postgres (#173) Deprecate pogreb! close #169 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/173 2023-02-10 03:00:14 +00:00			`"fmt"`

			`"github.com/go-acme/lego/v4/certcrypto"`
rm certDB helper and build in 2021-12-05 18:00:57 +00:00			`"github.com/go-acme/lego/v4/certificate"`
Add cert store option based on sqlite3, mysql & postgres (#173) Deprecate pogreb! close #169 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/173 2023-02-10 03:00:14 +00:00			`"github.com/rs/zerolog/log"`
rm certDB helper and build in 2021-12-05 18:00:57 +00:00			`)`
open key-database deterministic 2021-12-03 03:15:48 +00:00
wrap cert db and make sync gracefull 2021-12-05 16:42:53 +00:00			`type CertDB interface {`
			`Close() error`
rm certDB helper and build in 2021-12-05 18:00:57 +00:00			`Put(name string, cert *certificate.Resource) error`
Move gitea api calls in own "client" package (#78) continue #75 close #16 - fix regression (from #34) _thanks to @crystal_ - create own gitea client package - more logging - add mock impl of CertDB Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: crystal <crystal@noreply.codeberg.org> Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/78 Reviewed-by: crapStone <crapstone@noreply.codeberg.org> 2022-06-11 21:02:06 +00:00			`Get(name string) (*certificate.Resource, error)`
			`Delete(key string) error`
Add cert store option based on sqlite3, mysql & postgres (#173) Deprecate pogreb! close #169 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/173 2023-02-10 03:00:14 +00:00			`Items(page, pageSize int) ([]*Cert, error)`
			`}`

			`type Cert struct {`
			Domain string `xorm:"pk NOT NULL UNIQUE 'domain'"`
			Created int64 `xorm:"created NOT NULL DEFAULT 0 'created'"`
			Updated int64 `xorm:"updated NOT NULL DEFAULT 0 'updated'"`
			ValidTill int64 `xorm:" NOT NULL DEFAULT 0 'valid_till'"`
			`// certificate.Resource`
			CertURL string `xorm:"'cert_url'"`
			CertStableURL string `xorm:"'cert_stable_url'"`
			PrivateKey []byte `xorm:"'private_key'"`
			Certificate []byte `xorm:"'certificate'"`
			IssuerCertificate []byte `xorm:"'issuer_certificate'"`
			`}`

			`func (c Cert) Raw() *certificate.Resource {`
			`return &certificate.Resource{`
			`Domain: c.Domain,`
			`CertURL: c.CertURL,`
			`CertStableURL: c.CertStableURL,`
			`PrivateKey: c.PrivateKey,`
			`Certificate: c.Certificate,`
			`IssuerCertificate: c.IssuerCertificate,`
			`}`
			`}`

			`func toCert(name string, c certificate.Resource) (Cert, error) {`
			`tlsCertificates, err := certcrypto.ParsePEMBundle(c.Certificate)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if len(tlsCertificates) == 0 \|\| tlsCertificates[0] == nil {`
			`err := fmt.Errorf("parsed cert resource has no cert")`
			`log.Error().Err(err).Str("domain", c.Domain).Msgf("cert: %v", c)`
			`return nil, err`
			`}`
			`validTill := tlsCertificates[0].NotAfter.Unix()`

Fix xorm regressions by handle wildcard certs correctly (#177) close #176 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/177 2023-02-11 01:26:21 +00:00			`// handle wildcard certs`
			`if name[:1] == "." {`
			`name = "*" + name`
			`}`
			`if name != c.Domain {`
			`err := fmt.Errorf("domain key '%s' and cert domain '%s' not equal", name, c.Domain)`
			`log.Error().Err(err).Msg("toCert conversion did discover mismatch")`
			`// TODO: fail hard: return nil, err`
Add cert store option based on sqlite3, mysql & postgres (#173) Deprecate pogreb! close #169 Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/173 2023-02-10 03:00:14 +00:00			`}`

			`return &Cert{`
			`Domain: c.Domain,`
			`ValidTill: validTill,`

			`CertURL: c.CertURL,`
			`CertStableURL: c.CertStableURL,`
			`PrivateKey: c.PrivateKey,`
			`Certificate: c.Certificate,`
			`IssuerCertificate: c.IssuerCertificate,`
			`}, nil`
open key-database deterministic 2021-12-03 03:15:48 +00:00			`}`