Add TODOs

This commit is contained in:
Moritz Marquardt 2021-12-02 19:12:45 +01:00 committed by 6543
parent 2e970dbcda
commit 76e5d8e77c
No known key found for this signature in database
GPG Key ID: C99B82E40B027BAE
4 changed files with 13 additions and 4 deletions

View File

@ -130,6 +130,7 @@ var tlsConfig = &tls.Config{
}, },
} }
// TODO: clean up & move to init
var keyCache = mcache.New() var keyCache = mcache.New()
var keyDatabase, keyDatabaseErr = pogreb.Open("key-database.pogreb", &pogreb.Options{ var keyDatabase, keyDatabaseErr = pogreb.Open("key-database.pogreb", &pogreb.Options{
BackgroundSyncInterval: 30 * time.Second, BackgroundSyncInterval: 30 * time.Second,
@ -218,6 +219,7 @@ func retrieveCertFromDB(sni []byte) (tls.Certificate, bool) {
panic(err) panic(err)
} }
// TODO: document & put into own function
if !bytes.Equal(sni, MainDomainSuffix) { if !bytes.Equal(sni, MainDomainSuffix) {
tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0]) tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0])
if err != nil { if err != nil {
@ -226,6 +228,7 @@ func retrieveCertFromDB(sni []byte) (tls.Certificate, bool) {
// renew certificates 7 days before they expire // renew certificates 7 days before they expire
if !tlsCertificate.Leaf.NotAfter.After(time.Now().Add(-7 * 24 * time.Hour)) { if !tlsCertificate.Leaf.NotAfter.After(time.Now().Add(-7 * 24 * time.Hour)) {
// TODO: add ValidUntil to custom res struct
if res.CSR != nil && len(res.CSR) > 0 { if res.CSR != nil && len(res.CSR) > 0 {
// CSR stores the time when the renewal shall be tried again // CSR stores the time when the renewal shall be tried again
nextTryUnix, err := strconv.ParseInt(string(res.CSR), 10, 64) nextTryUnix, err := strconv.ParseInt(string(res.CSR), 10, 64)
@ -315,9 +318,8 @@ func obtainCert(acmeClient *lego.Client, domains []string, renew *certificate.Re
PogrebPut(keyDatabase, []byte(name), renew) PogrebPut(keyDatabase, []byte(name), renew)
return tlsCertificate, nil return tlsCertificate, nil
} }
} else {
return mockCert(domains[0], err.Error()), err
} }
return mockCert(domains[0], err.Error()), err
} }
log.Printf("Obtained certificate for %v", domains) log.Printf("Obtained certificate for %v", domains)
@ -531,9 +533,10 @@ func setupCertificates() {
for { for {
err := keyDatabase.Sync() err := keyDatabase.Sync()
if err != nil { if err != nil {
log.Printf("[ERROR] Syncinc key database failed: %s", err) log.Printf("[ERROR] Syncing key database failed: %s", err)
} }
time.Sleep(5 * time.Minute) time.Sleep(5 * time.Minute)
// TODO: graceful exit
} }
})() })()
go (func() { go (func() {

View File

@ -301,6 +301,7 @@ func returnErrorPage(ctx *fasthttp.RequestCtx, code int) {
if code == fasthttp.StatusFailedDependency { if code == fasthttp.StatusFailedDependency {
message += " - target repo/branch doesn't exist or is private" message += " - target repo/branch doesn't exist or is private"
} }
// TODO: use template engine?
ctx.Response.SetBody(bytes.ReplaceAll(NotFoundPage, []byte("%status"), []byte(strconv.Itoa(code)+" "+message))) ctx.Response.SetBody(bytes.ReplaceAll(NotFoundPage, []byte("%status"), []byte(strconv.Itoa(code)+" "+message)))
} }
@ -351,6 +352,7 @@ func getBranchTimestamp(owner, repo, branch string) *branchTimestamp {
if branch == "" { if branch == "" {
// Get default branch // Get default branch
var body = make([]byte, 0) var body = make([]byte, 0)
// TODO: use header for API key?
status, body, err := fasthttp.GetTimeout(body, string(GiteaRoot)+"/api/v1/repos/"+owner+"/"+repo+"?access_token="+GiteaApiToken, 5*time.Second) status, body, err := fasthttp.GetTimeout(body, string(GiteaRoot)+"/api/v1/repos/"+owner+"/"+repo+"?access_token="+GiteaApiToken, 5*time.Second)
if err != nil || status != 200 { if err != nil || status != 200 {
_ = branchTimestampCache.Set(owner+"/"+repo+"/"+branch, nil, DefaultBranchCacheTimeout) _ = branchTimestampCache.Set(owner+"/"+repo+"/"+branch, nil, DefaultBranchCacheTimeout)
@ -509,6 +511,7 @@ func upstream(ctx *fasthttp.RequestCtx, targetOwner string, targetRepo string, t
if res.Header.ContentLength() > FileCacheSizeLimit { if res.Header.ContentLength() > FileCacheSizeLimit {
err = res.BodyWriteTo(ctx.Response.BodyWriter()) err = res.BodyWriteTo(ctx.Response.BodyWriter())
} else { } else {
// TODO: cache is half-empty if request is cancelled - does the ctx.Err() below do the trick?
err = res.BodyWriteTo(io.MultiWriter(ctx.Response.BodyWriter(), &cacheBodyWriter)) err = res.BodyWriteTo(io.MultiWriter(ctx.Response.BodyWriter(), &cacheBodyWriter))
} }
} else { } else {

View File

@ -51,6 +51,7 @@ frontend https_sni_frontend
################################################### ###################################################
acl use_http_backend req.ssl_sni -i "codeberg.org" acl use_http_backend req.ssl_sni -i "codeberg.org"
acl use_http_backend req.ssl_sni -i "join.codeberg.org" acl use_http_backend req.ssl_sni -i "join.codeberg.org"
# TODO: use this if no SNI exists
use_backend https_termination_backend if use_http_backend use_backend https_termination_backend if use_http_backend
############################ ############################

View File

@ -71,6 +71,7 @@ var IndexPages = []string{
// main sets up and starts the web server. // main sets up and starts the web server.
func main() { func main() {
// TODO: CLI Library
if len(os.Args) > 1 && os.Args[1] == "--remove-certificate" { if len(os.Args) > 1 && os.Args[1] == "--remove-certificate" {
if len(os.Args) < 2 { if len(os.Args) < 2 {
println("--remove-certificate requires at least one domain as an argument") println("--remove-certificate requires at least one domain as an argument")
@ -105,7 +106,7 @@ func main() {
server := &fasthttp.Server{ server := &fasthttp.Server{
Handler: compressedHandler, Handler: compressedHandler,
DisablePreParseMultipartForm: false, DisablePreParseMultipartForm: true,
MaxRequestBodySize: 0, MaxRequestBodySize: 0,
NoDefaultServerHeader: true, NoDefaultServerHeader: true,
NoDefaultDate: true, NoDefaultDate: true,
@ -151,6 +152,7 @@ func main() {
} }
// envOr reads an environment variable and returns a default value if it's empty. // envOr reads an environment variable and returns a default value if it's empty.
// TODO: to helpers.go or use CLI framework
func envOr(env string, or string) string { func envOr(env string, or string) string {
if v := os.Getenv(env); v != "" { if v := os.Getenv(env); v != "" {
return v return v