mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2024-11-18 10:29:43 +00:00
Add TODOs
This commit is contained in:
parent
2e970dbcda
commit
76e5d8e77c
4 changed files with 13 additions and 4 deletions
|
@ -130,6 +130,7 @@ var tlsConfig = &tls.Config{
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: clean up & move to init
|
||||||
var keyCache = mcache.New()
|
var keyCache = mcache.New()
|
||||||
var keyDatabase, keyDatabaseErr = pogreb.Open("key-database.pogreb", &pogreb.Options{
|
var keyDatabase, keyDatabaseErr = pogreb.Open("key-database.pogreb", &pogreb.Options{
|
||||||
BackgroundSyncInterval: 30 * time.Second,
|
BackgroundSyncInterval: 30 * time.Second,
|
||||||
|
@ -218,6 +219,7 @@ func retrieveCertFromDB(sni []byte) (tls.Certificate, bool) {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: document & put into own function
|
||||||
if !bytes.Equal(sni, MainDomainSuffix) {
|
if !bytes.Equal(sni, MainDomainSuffix) {
|
||||||
tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0])
|
tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -226,6 +228,7 @@ func retrieveCertFromDB(sni []byte) (tls.Certificate, bool) {
|
||||||
|
|
||||||
// renew certificates 7 days before they expire
|
// renew certificates 7 days before they expire
|
||||||
if !tlsCertificate.Leaf.NotAfter.After(time.Now().Add(-7 * 24 * time.Hour)) {
|
if !tlsCertificate.Leaf.NotAfter.After(time.Now().Add(-7 * 24 * time.Hour)) {
|
||||||
|
// TODO: add ValidUntil to custom res struct
|
||||||
if res.CSR != nil && len(res.CSR) > 0 {
|
if res.CSR != nil && len(res.CSR) > 0 {
|
||||||
// CSR stores the time when the renewal shall be tried again
|
// CSR stores the time when the renewal shall be tried again
|
||||||
nextTryUnix, err := strconv.ParseInt(string(res.CSR), 10, 64)
|
nextTryUnix, err := strconv.ParseInt(string(res.CSR), 10, 64)
|
||||||
|
@ -315,9 +318,8 @@ func obtainCert(acmeClient *lego.Client, domains []string, renew *certificate.Re
|
||||||
PogrebPut(keyDatabase, []byte(name), renew)
|
PogrebPut(keyDatabase, []byte(name), renew)
|
||||||
return tlsCertificate, nil
|
return tlsCertificate, nil
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
return mockCert(domains[0], err.Error()), err
|
|
||||||
}
|
}
|
||||||
|
return mockCert(domains[0], err.Error()), err
|
||||||
}
|
}
|
||||||
log.Printf("Obtained certificate for %v", domains)
|
log.Printf("Obtained certificate for %v", domains)
|
||||||
|
|
||||||
|
@ -531,9 +533,10 @@ func setupCertificates() {
|
||||||
for {
|
for {
|
||||||
err := keyDatabase.Sync()
|
err := keyDatabase.Sync()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[ERROR] Syncinc key database failed: %s", err)
|
log.Printf("[ERROR] Syncing key database failed: %s", err)
|
||||||
}
|
}
|
||||||
time.Sleep(5 * time.Minute)
|
time.Sleep(5 * time.Minute)
|
||||||
|
// TODO: graceful exit
|
||||||
}
|
}
|
||||||
})()
|
})()
|
||||||
go (func() {
|
go (func() {
|
||||||
|
|
|
@ -301,6 +301,7 @@ func returnErrorPage(ctx *fasthttp.RequestCtx, code int) {
|
||||||
if code == fasthttp.StatusFailedDependency {
|
if code == fasthttp.StatusFailedDependency {
|
||||||
message += " - target repo/branch doesn't exist or is private"
|
message += " - target repo/branch doesn't exist or is private"
|
||||||
}
|
}
|
||||||
|
// TODO: use template engine?
|
||||||
ctx.Response.SetBody(bytes.ReplaceAll(NotFoundPage, []byte("%status"), []byte(strconv.Itoa(code)+" "+message)))
|
ctx.Response.SetBody(bytes.ReplaceAll(NotFoundPage, []byte("%status"), []byte(strconv.Itoa(code)+" "+message)))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -351,6 +352,7 @@ func getBranchTimestamp(owner, repo, branch string) *branchTimestamp {
|
||||||
if branch == "" {
|
if branch == "" {
|
||||||
// Get default branch
|
// Get default branch
|
||||||
var body = make([]byte, 0)
|
var body = make([]byte, 0)
|
||||||
|
// TODO: use header for API key?
|
||||||
status, body, err := fasthttp.GetTimeout(body, string(GiteaRoot)+"/api/v1/repos/"+owner+"/"+repo+"?access_token="+GiteaApiToken, 5*time.Second)
|
status, body, err := fasthttp.GetTimeout(body, string(GiteaRoot)+"/api/v1/repos/"+owner+"/"+repo+"?access_token="+GiteaApiToken, 5*time.Second)
|
||||||
if err != nil || status != 200 {
|
if err != nil || status != 200 {
|
||||||
_ = branchTimestampCache.Set(owner+"/"+repo+"/"+branch, nil, DefaultBranchCacheTimeout)
|
_ = branchTimestampCache.Set(owner+"/"+repo+"/"+branch, nil, DefaultBranchCacheTimeout)
|
||||||
|
@ -509,6 +511,7 @@ func upstream(ctx *fasthttp.RequestCtx, targetOwner string, targetRepo string, t
|
||||||
if res.Header.ContentLength() > FileCacheSizeLimit {
|
if res.Header.ContentLength() > FileCacheSizeLimit {
|
||||||
err = res.BodyWriteTo(ctx.Response.BodyWriter())
|
err = res.BodyWriteTo(ctx.Response.BodyWriter())
|
||||||
} else {
|
} else {
|
||||||
|
// TODO: cache is half-empty if request is cancelled - does the ctx.Err() below do the trick?
|
||||||
err = res.BodyWriteTo(io.MultiWriter(ctx.Response.BodyWriter(), &cacheBodyWriter))
|
err = res.BodyWriteTo(io.MultiWriter(ctx.Response.BodyWriter(), &cacheBodyWriter))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -51,6 +51,7 @@ frontend https_sni_frontend
|
||||||
###################################################
|
###################################################
|
||||||
acl use_http_backend req.ssl_sni -i "codeberg.org"
|
acl use_http_backend req.ssl_sni -i "codeberg.org"
|
||||||
acl use_http_backend req.ssl_sni -i "join.codeberg.org"
|
acl use_http_backend req.ssl_sni -i "join.codeberg.org"
|
||||||
|
# TODO: use this if no SNI exists
|
||||||
use_backend https_termination_backend if use_http_backend
|
use_backend https_termination_backend if use_http_backend
|
||||||
|
|
||||||
############################
|
############################
|
||||||
|
|
4
main.go
4
main.go
|
@ -71,6 +71,7 @@ var IndexPages = []string{
|
||||||
|
|
||||||
// main sets up and starts the web server.
|
// main sets up and starts the web server.
|
||||||
func main() {
|
func main() {
|
||||||
|
// TODO: CLI Library
|
||||||
if len(os.Args) > 1 && os.Args[1] == "--remove-certificate" {
|
if len(os.Args) > 1 && os.Args[1] == "--remove-certificate" {
|
||||||
if len(os.Args) < 2 {
|
if len(os.Args) < 2 {
|
||||||
println("--remove-certificate requires at least one domain as an argument")
|
println("--remove-certificate requires at least one domain as an argument")
|
||||||
|
@ -105,7 +106,7 @@ func main() {
|
||||||
|
|
||||||
server := &fasthttp.Server{
|
server := &fasthttp.Server{
|
||||||
Handler: compressedHandler,
|
Handler: compressedHandler,
|
||||||
DisablePreParseMultipartForm: false,
|
DisablePreParseMultipartForm: true,
|
||||||
MaxRequestBodySize: 0,
|
MaxRequestBodySize: 0,
|
||||||
NoDefaultServerHeader: true,
|
NoDefaultServerHeader: true,
|
||||||
NoDefaultDate: true,
|
NoDefaultDate: true,
|
||||||
|
@ -151,6 +152,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// envOr reads an environment variable and returns a default value if it's empty.
|
// envOr reads an environment variable and returns a default value if it's empty.
|
||||||
|
// TODO: to helpers.go or use CLI framework
|
||||||
func envOr(env string, or string) string {
|
func envOr(env string, or string) string {
|
||||||
if v := os.Getenv(env); v != "" {
|
if v := os.Getenv(env); v != "" {
|
||||||
return v
|
return v
|
||||||
|
|
Loading…
Reference in a new issue