From 48198266fed1a2ffbffe13c93f3bd5c8c6f8545d Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Sat, 11 Feb 2023 01:20:40 +0100
Subject: [PATCH] split cached challengers into new file and rename

---
 cmd/main.go                               |  2 +-
 server/certificates/cached_challengers.go | 40 +++++++++++++++++++++++
 server/certificates/certificates.go       | 39 ++--------------------
 3 files changed, 44 insertions(+), 37 deletions(-)
 create mode 100644 server/certificates/cached_challengers.go

diff --git a/cmd/main.go b/cmd/main.go
index 488ed2c..9796931 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -87,7 +87,7 @@ func Serve(ctx *cli.Context) error {
 		return err
 	}
 
-	if err := certificates.SetupCertificates(mainDomainSuffix, acmeClient, certDB); err != nil {
+	if err := certificates.SetupMainDomainCertificates(mainDomainSuffix, acmeClient, certDB); err != nil {
 		return err
 	}
 
diff --git a/server/certificates/cached_challengers.go b/server/certificates/cached_challengers.go
new file mode 100644
index 0000000..f08d52e
--- /dev/null
+++ b/server/certificates/cached_challengers.go
@@ -0,0 +1,40 @@
+package certificates
+
+import (
+	"time"
+
+	"codeberg.org/codeberg/pages/server/cache"
+	"github.com/go-acme/lego/v4/challenge"
+)
+
+type AcmeTLSChallengeProvider struct {
+	challengeCache cache.SetGetKey
+}
+
+// make sure AcmeTLSChallengeProvider match Provider interface
+var _ challenge.Provider = AcmeTLSChallengeProvider{}
+
+func (a AcmeTLSChallengeProvider) Present(domain, _, keyAuth string) error {
+	return a.challengeCache.Set(domain, keyAuth, 1*time.Hour)
+}
+
+func (a AcmeTLSChallengeProvider) CleanUp(domain, _, _ string) error {
+	a.challengeCache.Remove(domain)
+	return nil
+}
+
+type AcmeHTTPChallengeProvider struct {
+	challengeCache cache.SetGetKey
+}
+
+// make sure AcmeHTTPChallengeProvider match Provider interface
+var _ challenge.Provider = AcmeHTTPChallengeProvider{}
+
+func (a AcmeHTTPChallengeProvider) Present(domain, token, keyAuth string) error {
+	return a.challengeCache.Set(domain+"/"+token, keyAuth, 1*time.Hour)
+}
+
+func (a AcmeHTTPChallengeProvider) CleanUp(domain, token, _ string) error {
+	a.challengeCache.Remove(domain + "/" + token)
+	return nil
+}
diff --git a/server/certificates/certificates.go b/server/certificates/certificates.go
index a9c01aa..6cf22e0 100644
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
-	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/reugn/equalizer"
@@ -25,6 +24,8 @@ import (
 	"codeberg.org/codeberg/pages/server/upstream"
 )
 
+var ErrUserRateLimitExceeded = errors.New("rate limit exceeded: 10 certificates per user per 24 hours")
+
 // TLSConfig returns the configuration for generating, serving and cleaning up Let's Encrypt certificates.
 func TLSConfig(mainDomainSuffix string,
 	giteaClient *gitea.Client,
@@ -132,8 +133,6 @@ func TLSConfig(mainDomainSuffix string,
 	}
 }
 
-var ErrUserRateLimitExceeded = errors.New("rate limit exceeded: 10 certificates per user per 24 hours")
-
 func (c *AcmeClient) checkUserLimit(user string) error {
 	userLimit, ok := c.acmeClientCertificateLimitPerUser[user]
 	if !ok {
@@ -147,38 +146,6 @@ func (c *AcmeClient) checkUserLimit(user string) error {
 	return nil
 }
 
-type AcmeTLSChallengeProvider struct {
-	challengeCache cache.SetGetKey
-}
-
-// make sure AcmeTLSChallengeProvider match Provider interface
-var _ challenge.Provider = AcmeTLSChallengeProvider{}
-
-func (a AcmeTLSChallengeProvider) Present(domain, _, keyAuth string) error {
-	return a.challengeCache.Set(domain, keyAuth, 1*time.Hour)
-}
-
-func (a AcmeTLSChallengeProvider) CleanUp(domain, _, _ string) error {
-	a.challengeCache.Remove(domain)
-	return nil
-}
-
-type AcmeHTTPChallengeProvider struct {
-	challengeCache cache.SetGetKey
-}
-
-// make sure AcmeHTTPChallengeProvider match Provider interface
-var _ challenge.Provider = AcmeHTTPChallengeProvider{}
-
-func (a AcmeHTTPChallengeProvider) Present(domain, token, keyAuth string) error {
-	return a.challengeCache.Set(domain+"/"+token, keyAuth, 1*time.Hour)
-}
-
-func (a AcmeHTTPChallengeProvider) CleanUp(domain, token, _ string) error {
-	a.challengeCache.Remove(domain + "/" + token)
-	return nil
-}
-
 func (c *AcmeClient) retrieveCertFromDB(sni, mainDomainSuffix string, useDnsProvider bool, certDB database.CertDB) (*tls.Certificate, error) {
 	// parse certificate from database
 	res, err := certDB.Get(sni)
@@ -325,7 +292,7 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
 	return &tlsCertificate, nil
 }
 
-func SetupCertificates(mainDomainSuffix string, acmeClient *AcmeClient, certDB database.CertDB) error {
+func SetupMainDomainCertificates(mainDomainSuffix string, acmeClient *AcmeClient, certDB database.CertDB) error {
 	// getting main cert before ACME account so that we can fail here without hitting rate limits
 	mainCertBytes, err := certDB.Get(mainDomainSuffix)
 	if err != nil && !errors.Is(err, database.ErrNotFound) {