pages/pages-server
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2025-04-25 06:16:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

wip

Browse source
This commit is contained in:
6543 2023-02-09 19:14:53 +01:00
parent 75942990ac
commit 3c0ee7e8a3
9 changed files with 192 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/certificates/certificates.go
View file

@ -485,11 +485,11 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffi
log.Error().Err(err).Msg("could not get certs from list")
} else {
for _, cert := range certs {
if !strings.EqualFold(cert.Name, mainDomainSuffix) {
if !strings.EqualFold(cert.Domain, strings.TrimPrefix(mainDomainSuffix, ".")) {
if time.Unix(cert.ValidTill, 0).Before(threshold) {
err := certDB.Delete(cert.Name)
err := certDB.Delete(cert.Domain)
if err != nil {
log.Error().Err(err).Msgf("Deleting expired certificate for %q failed", cert.Name)
log.Error().Err(err).Msgf("Deleting expired certificate for %q failed", cert.Domain)
} else {
expiredCertCount++
}

52
server/database/interface.go
View file

@ -19,29 +19,28 @@ type CertDB interface {
}
type Cert struct {
Name string `xorm:"pk NOT NULL 'name'"`
Domain string `xorm:" NOT NULL UNIQUE 'domain'"` // TODO: check: is name always same as domain?
Domain string `xorm:"pk NOT NULL UNIQUE 'domain'"`
Created int64 `xorm:"created NOT NULL DEFAULT 0 'created'"`
Updated int64 `xorm:"updated NOT NULL DEFAULT 0 'updated'"`
ValidTill int64 `xorm:" NOT NULL DEFAULT 0 'valid_till'"`
// certificate.Resource
certURL string `xorm:"'cert_url'"`
certStableURL string `xorm:"'cert_stable_url''"`
privateKey []byte `xorm:"'private_key'"`
certificate []byte `xorm:"'certificate'"`
issuerCertificate []byte `xorm:"'issuer_certificate'"` // TODO: dedup ?
csr []byte `xorm:"'csr'"`
CertURL string `xorm:"'cert_url'"`
CertStableURL string `xorm:"'cert_stable_url'"`
PrivateKey []byte `xorm:"'private_key'"`
Certificate []byte `xorm:"'certificate'"`
IssuerCertificate []byte `xorm:"'issuer_certificate'"`
CSR []byte `xorm:"'csr'"`
}
func (c Cert) Raw() *certificate.Resource {
return &certificate.Resource{
Domain: c.Domain,
CertURL: c.certURL,
CertStableURL: c.certStableURL,
PrivateKey: c.privateKey,
Certificate: c.certificate,
IssuerCertificate: c.issuerCertificate,
CSR: c.csr,
CertURL: c.CertURL,
CertStableURL: c.CertStableURL,
PrivateKey: c.PrivateKey,
Certificate: c.Certificate,
IssuerCertificate: c.IssuerCertificate,
CSR: c.CSR,
}
}
@ -50,23 +49,28 @@ func toCert(name string, c *certificate.Resource) (*Cert, error) {
if err != nil {
return nil, err
}
if len(tlsCertificates) != 1 || tlsCertificates[0] == nil {
err := fmt.Errorf("parsed cert resource has no or more than one cert")
log.Error().Err(err).Str("name", name).Msgf("cert: %v", c)
if len(tlsCertificates) == 0 || tlsCertificates[0] == nil {
err := fmt.Errorf("parsed cert resource has no cert")
log.Error().Err(err).Str("domain", c.Domain).Msgf("cert: %v", c)
return nil, err
}
validTill := tlsCertificates[0].NotAfter.Unix()
// TODO: do we need this or can we just go with domain name for wildcard cert
// default *.mock cert is prefixed with '.'
if name != c.Domain && name[1:] != c.Domain && name[0] != '.' {
return nil, fmt.Errorf("domain key and cert domain not equal")
}
return &Cert{
Name: name,
Domain: c.Domain,
ValidTill: validTill,
certURL: c.CertURL,
certStableURL: c.CertStableURL,
privateKey: c.PrivateKey,
certificate: c.Certificate,
issuerCertificate: c.IssuerCertificate,
csr: c.CSR,
CertURL: c.CertURL,
CertStableURL: c.CertStableURL,
PrivateKey: c.PrivateKey,
Certificate: c.Certificate,
IssuerCertificate: c.IssuerCertificate,
CSR: c.CSR,
}, nil
}

31
server/database/xorm.go
View file

@ -3,6 +3,7 @@ package database
import (
"errors"
"fmt"
"strings"
"github.com/rs/zerolog/log"
@ -27,6 +28,9 @@ func NewXormDB(dbType, dbConn string) (CertDB, error) {
if !supportedDriver(dbType) {
return nil, fmt.Errorf("not supported db type '%s'", dbType)
}
if dbConn == "" {
return nil, fmt.Errorf("no db connection provided")
}
e, err := xorm.NewEngine(dbType, dbConn)
if err != nil {
@ -46,31 +50,35 @@ func (x xDB) Close() error {
return x.engine.Close()
}
func (x xDB) Put(name string, cert *certificate.Resource) error {
log.Trace().Str("name", name).Msg("inserting cert to db")
c, err := toCert(name, cert)
func (x xDB) Put(domain string, cert *certificate.Resource) error {
log.Trace().Str("domain", cert.Domain).Msg("inserting cert to db")
c, err := toCert(domain, cert)
if err != nil {
return err
}
_, err = x.engine.Insert(c)
return err
}
func (x xDB) Get(name string) (*certificate.Resource, error) {
func (x xDB) Get(domain string) (*certificate.Resource, error) {
// TODO: do we need this or can we just go with domain name for wildcard cert
domain = strings.TrimPrefix(domain, ".")
cert := new(Cert)
log.Trace().Str("name", name).Msg("get cert from db")
if _, err := x.engine.ID(name).Get(&cert); err != nil {
log.Trace().Str("domain", domain).Msg("get cert from db")
if _, err := x.engine.ID(domain).Get(&cert); err != nil {
return nil, err
}
if cert == nil {
return nil, fmt.Errorf("%w: name='%s'", ErrNotFound, name)
return nil, fmt.Errorf("%w: name='%s'", ErrNotFound, domain)
}
return cert.Raw(), nil
}
func (x xDB) Delete(name string) error {
log.Trace().Str("name", name).Msg("delete cert from db")
_, err := x.engine.ID(name).Delete(new(Cert))
func (x xDB) Delete(domain string) error {
log.Trace().Str("domain", domain).Msg("delete cert from db")
_, err := x.engine.ID(domain).Delete(new(Cert))
return err
}
@ -93,7 +101,8 @@ func (x xDB) Items(page, pageSize int) ([]*Cert, error) {
// return all
certs := make([]*Cert, 0, 64)
return certs, x.engine.Find(&certs)
err := x.engine.Find(&certs)
return certs, err
}
// Supported database drivers