feat: Allow disabling ACME and enable better file caching

This commit is contained in:
PapaTutuWawa 2024-01-01 00:38:01 +01:00
parent feabaf5221
commit 1154eff9ae
2 changed files with 138 additions and 79 deletions

124
main.go
View File

@ -3,6 +3,7 @@ package main
import ( import (
"crypto/tls" "crypto/tls"
"os" "os"
"errors"
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
@ -19,7 +20,7 @@ const (
PagesBranch = "pages" PagesBranch = "pages"
) )
func handleSubdomain(domain string, cname string, path string, giteaClient *gitea.Client, w http.ResponseWriter) { func handleSubdomain(domain string, cname string, path, giteaUrl string, giteaClient *gitea.Client, w http.ResponseWriter) {
hostParts := strings.Split(domain, ".") hostParts := strings.Split(domain, ".")
username := hostParts[0] username := hostParts[0]
@ -42,10 +43,10 @@ func handleSubdomain(domain string, cname string, path string, giteaClient *gite
return return
} }
serveFile(username, repo.Name, path, giteaClient, w) serveFile(username, repo.Name, path, giteaUrl, w)
} }
func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc { func Handler(pagesDomain, giteaUrl string, giteaClient *gitea.Client) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) { return func(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Server", "rio") w.Header().Set("Server", "rio")
@ -55,7 +56,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
} }
log.Debug("Domain can be directly handled") log.Debug("Domain can be directly handled")
handleSubdomain(req.Host, "", req.URL.Path, giteaClient, w) handleSubdomain(req.Host, "", req.URL.Path, giteaUrl, giteaClient, w)
return return
} }
@ -74,7 +75,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
} }
log.Debugf("Domain can be handled after a CNAME query") log.Debugf("Domain can be handled after a CNAME query")
handleSubdomain(cname, cname, req.URL.Path, giteaClient, w) handleSubdomain(cname, cname, req.URL.Path, giteaUrl, giteaClient, w)
return return
} }
@ -86,7 +87,6 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
func runServer(ctx *cli.Context) error { func runServer(ctx *cli.Context) error {
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)
giteaUrl := ctx.String("gitea-url") giteaUrl := ctx.String("gitea-url")
addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
domain := ctx.String("pages-domain") domain := ctx.String("pages-domain")
certsFile := ctx.String("certs-file") certsFile := ctx.String("certs-file")
acmeEmail := ctx.String("acme-email") acmeEmail := ctx.String("acme-email")
@ -94,46 +94,9 @@ func runServer(ctx *cli.Context) error {
acmeFile := ctx.String("acme-file") acmeFile := ctx.String("acme-file")
acmeHost := ctx.String("acme-host") acmeHost := ctx.String("acme-host")
acmePort := ctx.String("acme-port") acmePort := ctx.String("acme-port")
acmeDisable := ctx.Bool("acme-disable")
err := LoadCertificateStoreFromFile(certsFile) // Setup the Gitea stuff
if err != nil {
log.Debugf("Generating cert")
err := InitialiseFallbackCert(domain)
if err != nil {
log.Fatalf("Failed to generate fallback certificate: %v", err)
return err
}
FlushCertificateStoreToFile(certsFile)
log.Debug("Certificate wrote to disk")
} else {
log.Debug("Certificate store read from disk")
}
// Create an ACME client, if we failed to load one
acmeClient, err := ClientFromFile(acmeFile, acmeServer)
if err != nil {
log.Warn("Failed to load ACME client data from disk. Generating new account")
acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
if err != nil {
log.Fatalf("Failed to generate new ACME client: %v", err)
return err
}
log.Info("ACME account registered")
} else {
log.Info("ACME client data read from disk")
}
// Set up the HTTP01 listener
err = acmeClient.Challenge.SetHTTP01Provider(
http01.NewProviderServer(acmeHost, acmePort),
)
if err != nil {
log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
return err
}
// Setup the HTTPS stuff
httpClient := http.Client{Timeout: 10 * time.Second} httpClient := http.Client{Timeout: 10 * time.Second}
client, err := gitea.NewClient( client, err := gitea.NewClient(
giteaUrl, giteaUrl,
@ -142,20 +105,66 @@ func runServer(ctx *cli.Context) error {
gitea.SetUserAgent("rio"), gitea.SetUserAgent("rio"),
) )
// Listen on the port
addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
listener, err := net.Listen("tcp", addr) listener, err := net.Listen("tcp", addr)
if err != nil { if err != nil {
fmt.Errorf("Failed to create listener: %v", err) fmt.Errorf("Failed to create listener: %v", err)
return err return err
} }
tlsConfig := makeTlsConfig( if !acmeDisable {
domain, if acmeEmail == "" || acmeFile == "" || certsFile == "" {
certsFile, return errors.New("The options acme-file, acme-email, and certs-file are required")
acmeClient, }
)
listener = tls.NewListener(listener, tlsConfig)
if err := http.Serve(listener, Handler(domain, client)); err != nil { err := LoadCertificateStoreFromFile(certsFile)
if err != nil {
log.Debugf("Generating cert")
err := InitialiseFallbackCert(domain)
if err != nil {
log.Fatalf("Failed to generate fallback certificate: %v", err)
return err
}
FlushCertificateStoreToFile(certsFile)
log.Debug("Certificate wrote to disk")
} else {
log.Debug("Certificate store read from disk")
}
// Create an ACME client, if we failed to load one
acmeClient, err := ClientFromFile(acmeFile, acmeServer)
if err != nil {
log.Warn("Failed to load ACME client data from disk. Generating new account")
acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
if err != nil {
log.Fatalf("Failed to generate new ACME client: %v", err)
return err
}
log.Info("ACME account registered")
} else {
log.Info("ACME client data read from disk")
}
// Set up the HTTP01 listener
err = acmeClient.Challenge.SetHTTP01Provider(
http01.NewProviderServer(acmeHost, acmePort),
)
if err != nil {
log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
return err
}
tlsConfig := makeTlsConfig(
domain,
certsFile,
acmeClient,
)
listener = tls.NewListener(listener, tlsConfig)
}
if err := http.Serve(listener, Handler(domain, giteaUrl, client)); err != nil {
fmt.Printf("Listening failed") fmt.Printf("Listening failed")
return err return err
} }
@ -207,19 +216,19 @@ func main() {
Name: "certs-file", Name: "certs-file",
Usage: "File to store certificates in", Usage: "File to store certificates in",
EnvVars: []string{"CERTS_FILE"}, EnvVars: []string{"CERTS_FILE"},
Required: true, Value: "",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "acme-file", Name: "acme-file",
Usage: "File to store ACME configuration in", Usage: "File to store ACME configuration in",
EnvVars: []string{"ACME_FILE"}, EnvVars: []string{"ACME_FILE"},
Required: true, Value: "",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "acme-email", Name: "acme-email",
Usage: "Email to use for an ACME account", Usage: "Email to use for an ACME account",
EnvVars: []string{"ACME_EMAIL"}, EnvVars: []string{"ACME_EMAIL"},
Required: true, Value: "",
}, },
&cli.StringFlag{ &cli.StringFlag{
Name: "acme-server", Name: "acme-server",
@ -227,6 +236,11 @@ func main() {
EnvVars: []string{"ACME_SERVER"}, EnvVars: []string{"ACME_SERVER"},
Value: "https://acme-staging-v02.api.letsencrypt.org/directory", Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
}, },
&cli.BoolFlag{
Name: "acme-disable",
Usage: "Whether to disable automatic ACME certificates",
EnvVars: []string{"ACME_DISABLE"},
},
}, },
} }

View File

@ -1,12 +1,13 @@
package main package main
import ( import (
"fmt"
"io"
"mime" "mime"
"net/http" "net/http"
"strings" "strings"
"time" "time"
"code.gitea.io/sdk/gitea"
"github.com/patrickmn/go-cache" "github.com/patrickmn/go-cache"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
@ -18,13 +19,14 @@ var (
type PageContentCache struct { type PageContentCache struct {
Content []byte Content []byte
mimeType string mimeType string
RequestedAt time.Time
} }
func makePageContentCacheEntry(username, path string) string { func makePageContentCacheEntry(username, path string) string {
return username + ":" + path return username + ":" + path
} }
func serveFile(username, reponame, path string, giteaClient *gitea.Client, w http.ResponseWriter) { func serveFile(username, reponame, path, giteaUrl string, w http.ResponseWriter) {
// Provide a default // Provide a default
if path == "" { if path == "" {
path = "/index.html" path = "/index.html"
@ -44,30 +46,73 @@ func serveFile(username, reponame, path string, giteaClient *gitea.Client, w htt
log.Debugf("Returning %s from cache", path) log.Debugf("Returning %s from cache", path)
content = entry.(PageContentCache).Content content = entry.(PageContentCache).Content
mimeType = entry.(PageContentCache).mimeType mimeType = entry.(PageContentCache).mimeType
} else {
content, _, err = giteaClient.GetFile(username, reponame, PagesBranch, path, false)
if err != nil {
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
w.WriteHeader(404)
return
}
pathParts := strings.Split(path, ".")
ext := pathParts[len(pathParts) - 1]
mimeType = mime.TypeByExtension("." + ext)
pageCache.Set(
key,
PageContentCache{
content,
mimeType,
},
cache.DefaultExpiration,
)
log.Debugf("Page %s requested from Gitea and cached in memory", path)
} }
// We have to do the raw request manually because the Gitea SDK does not allow
// passing the If-Modfied-Since header.
apiUrl := fmt.Sprintf(
"%s/api/v1/repos/%s/%s/raw/%s?ref=%s",
giteaUrl,
username,
reponame,
path,
PagesBranch,
)
client := &http.Client{}
req, err := http.NewRequest("GET", apiUrl, nil)
if found {
since := entry.(PageContentCache).RequestedAt.Format(time.RFC1123)
log.Debugf("Found %s in cache. Adding '%s' as If-Modified-Since", key, since)
req.Header.Add("If-Modified-Since", since)
}
resp, err := client.Do(req)
if err != nil {
if !found {
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
w.WriteHeader(404)
} else {
log.Debugf("Request failed but page %s is cached in memory", path)
w.WriteHeader(200)
w.Header().Set("Content-Type", mimeType)
w.Write(content)
}
return
}
defer resp.Body.Close()
log.Debugf("Gitea API request returned %d", resp.StatusCode)
if found && resp.StatusCode == 302 {
log.Debugf("Page %s is unchanged and cached in memory", path)
w.WriteHeader(200)
w.Header().Set("Content-Type", mimeType)
w.Write(content)
return
}
content, err = io.ReadAll(resp.Body)
if err != nil {
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
w.WriteHeader(404)
return
}
pathParts := strings.Split(path, ".")
ext := pathParts[len(pathParts) - 1]
mimeType = mime.TypeByExtension("." + ext)
now := time.Now()
pageCache.Set(
key,
PageContentCache{
content,
mimeType,
now,
},
cache.DefaultExpiration,
)
log.Debugf("Page %s requested from Gitea and cached in memory at %v", path, now)
w.WriteHeader(200) w.WriteHeader(200)
w.Header().Set("Content-Type", mimeType) w.Header().Set("Content-Type", mimeType)
w.Write(content) w.Write(content)