feat: Allow disabling ACME and enable better file caching

2024-01-01 00:38:01 +01:00 · 2024-01-01 00:38:01 +01:00 · 1154eff9ae
commit 1154eff9ae
parent feabaf5221
2 changed files with 138 additions and 79 deletions
--- a/main.go
+++ b/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"crypto/tls"
 	"os"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
@ -19,7 +20,7 @@ const (
 	PagesBranch = "pages"
 )
-func handleSubdomain(domain string, cname string, path string, giteaClient *gitea.Client, w http.ResponseWriter) {
+func handleSubdomain(domain string, cname string, path, giteaUrl string, giteaClient *gitea.Client, w http.ResponseWriter) {
 	hostParts := strings.Split(domain, ".")
 	username := hostParts[0]
@ -42,10 +43,10 @@ func handleSubdomain(domain string, cname string, path string, giteaClient *gite
 		return
 	}
-	serveFile(username, repo.Name, path, giteaClient, w)
+	serveFile(username, repo.Name, path, giteaUrl, w)
 }
-func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
+func Handler(pagesDomain, giteaUrl string, giteaClient *gitea.Client) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Server", "rio")
@ -55,7 +56,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
 			}
 			log.Debug("Domain can be directly handled")
-			handleSubdomain(req.Host, "", req.URL.Path, giteaClient, w)
+			handleSubdomain(req.Host, "", req.URL.Path, giteaUrl, giteaClient, w)
 			return
 		}
@ -74,7 +75,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
 			}
 			log.Debugf("Domain can be handled after a CNAME query")
-			handleSubdomain(cname, cname, req.URL.Path, giteaClient, w)
+			handleSubdomain(cname, cname, req.URL.Path, giteaUrl, giteaClient, w)
 			return
 		}
@ -86,7 +87,6 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
 func runServer(ctx *cli.Context) error {
 	log.SetLevel(log.DebugLevel)
 	giteaUrl := ctx.String("gitea-url")
 	addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
 	domain := ctx.String("pages-domain")
 	certsFile := ctx.String("certs-file")
 	acmeEmail := ctx.String("acme-email")
@ -94,46 +94,9 @@ func runServer(ctx *cli.Context) error {
 	acmeFile := ctx.String("acme-file")
 	acmeHost := ctx.String("acme-host")
 	acmePort := ctx.String("acme-port")
 	acmeDisable := ctx.Bool("acme-disable")
-	err := LoadCertificateStoreFromFile(certsFile)
+	// Setup the Gitea stuff
 	if err != nil {
 		log.Debugf("Generating cert")
 		err := InitialiseFallbackCert(domain)
 		if err != nil {
 			log.Fatalf("Failed to generate fallback certificate: %v", err)
 			return err
 		}
 		FlushCertificateStoreToFile(certsFile)
 		log.Debug("Certificate wrote to disk")
 	} else {
 		log.Debug("Certificate store read from disk")
 	}
 	// Create an ACME client, if we failed to load one
 	acmeClient, err := ClientFromFile(acmeFile, acmeServer)
 	if err != nil {
 		log.Warn("Failed to load ACME client data from disk. Generating new account")
 		acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
 		if err != nil {
 			log.Fatalf("Failed to generate new ACME client: %v", err)
 			return err
 		}
 		log.Info("ACME account registered")
 	} else {
 		log.Info("ACME client data read from disk")
 	}
 	// Set up the HTTP01 listener
 	err = acmeClient.Challenge.SetHTTP01Provider(
 		http01.NewProviderServer(acmeHost, acmePort),
 	)
 	if err != nil {
 		log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
 		return err
 	}
 	// Setup the HTTPS stuff
 	httpClient := http.Client{Timeout: 10 * time.Second}
 	client, err := gitea.NewClient(
 		giteaUrl,
@ -142,20 +105,66 @@ func runServer(ctx *cli.Context) error {
 		gitea.SetUserAgent("rio"),
 	)
 	// Listen on the port
 	addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
 	listener, err := net.Listen("tcp", addr)
 	if err != nil {
 		fmt.Errorf("Failed to create listener: %v", err)
 		return err
 	}
-	tlsConfig := makeTlsConfig(
+	if !acmeDisable {
-		domain,
+		if acmeEmail == "" || acmeFile == "" || certsFile == "" {
-		certsFile,
+			return errors.New("The options acme-file, acme-email, and certs-file are required")
-		acmeClient,
+		}
 	)
 	listener = tls.NewListener(listener, tlsConfig)
-	if err := http.Serve(listener, Handler(domain, client)); err != nil {
+		err := LoadCertificateStoreFromFile(certsFile)
 		if err != nil {
 			log.Debugf("Generating cert")
 			err := InitialiseFallbackCert(domain)
 			if err != nil {
 				log.Fatalf("Failed to generate fallback certificate: %v", err)
 				return err
 			}
 			FlushCertificateStoreToFile(certsFile)
 			log.Debug("Certificate wrote to disk")
 		} else {
 			log.Debug("Certificate store read from disk")
 		}
 		// Create an ACME client, if we failed to load one
 		acmeClient, err := ClientFromFile(acmeFile, acmeServer)
 		if err != nil {
 			log.Warn("Failed to load ACME client data from disk. Generating new account")
 			acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
 			if err != nil {
 				log.Fatalf("Failed to generate new ACME client: %v", err)
 				return err
 			}
 			log.Info("ACME account registered")
 		} else {
 			log.Info("ACME client data read from disk")
 		}
 		// Set up the HTTP01 listener
 		err = acmeClient.Challenge.SetHTTP01Provider(
 			http01.NewProviderServer(acmeHost, acmePort),
 		)
 		if err != nil {
 			log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
 			return err
 		}
 		tlsConfig := makeTlsConfig(
 			domain,
 			certsFile,
 			acmeClient,
 		)
 		listener = tls.NewListener(listener, tlsConfig)
 	}
 	if err := http.Serve(listener, Handler(domain, giteaUrl, client)); err != nil {
 		fmt.Printf("Listening failed")
 		return err
 	}
@ -207,19 +216,19 @@ func main() {
 				Name: "certs-file",
 				Usage: "File to store certificates in",
 				EnvVars: []string{"CERTS_FILE"},
-				Required: true,
+				Value: "",
 			},
 			&cli.StringFlag{
 				Name: "acme-file",
 				Usage: "File to store ACME configuration in",
 				EnvVars: []string{"ACME_FILE"},
-				Required: true,
+				Value: "",
 			},
 			&cli.StringFlag{
 				Name: "acme-email",
 				Usage: "Email to use for an ACME account",
 				EnvVars: []string{"ACME_EMAIL"},
-				Required: true,
+				Value: "",
 			},
 			&cli.StringFlag{
 				Name: "acme-server",
@ -227,6 +236,11 @@ func main() {
 				EnvVars: []string{"ACME_SERVER"},
 				Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
 			},
 			&cli.BoolFlag{
 				Name: "acme-disable",
 				Usage: "Whether to disable automatic ACME certificates",
 				EnvVars: []string{"ACME_DISABLE"},
 			},
 		},
 	}
--- a/pages.go
+++ b/pages.go
@ -1,12 +1,13 @@
 package main
 import (
 	"fmt"
 	"io"
 	"mime"
 	"net/http"
 	"strings"
 	"time"
 	"code.gitea.io/sdk/gitea"
 	"github.com/patrickmn/go-cache"
 	log "github.com/sirupsen/logrus"
 )
@ -18,13 +19,14 @@ var (
 type PageContentCache struct {
 	Content []byte
 	mimeType string
 	RequestedAt time.Time
 }
 func makePageContentCacheEntry(username, path string) string {
 	return username + ":" + path
 }
-func serveFile(username, reponame, path string, giteaClient *gitea.Client, w http.ResponseWriter) {
+func serveFile(username, reponame, path, giteaUrl string, w http.ResponseWriter) {
 	// Provide a default
 	if path == "" {
 		path = "/index.html"
@ -44,30 +46,73 @@ func serveFile(username, reponame, path string, giteaClient *gitea.Client, w htt
 		log.Debugf("Returning %s from cache", path)
 		content = entry.(PageContentCache).Content
 		mimeType = entry.(PageContentCache).mimeType
 	} else {
 		content, _, err = giteaClient.GetFile(username, reponame, PagesBranch, path, false)
 		if err != nil {
 			log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
 			w.WriteHeader(404)
 			return
 		}
 		pathParts := strings.Split(path, ".")
 		ext := pathParts[len(pathParts) - 1]
 		mimeType = mime.TypeByExtension("." + ext)
 		pageCache.Set(
 			key,
 			PageContentCache{
 				content,
 				mimeType,
 			},
 			cache.DefaultExpiration,
 		)
 		log.Debugf("Page %s requested from Gitea and cached in memory", path)
 	}
 	// We have to do the raw request manually because the Gitea SDK does not allow
 	// passing the If-Modfied-Since header.
 	apiUrl := fmt.Sprintf(
 		"%s/api/v1/repos/%s/%s/raw/%s?ref=%s",
 		giteaUrl,
 		username,
 		reponame,
 		path,
 		PagesBranch,
 	)
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", apiUrl, nil)
 	if found {
 		since := entry.(PageContentCache).RequestedAt.Format(time.RFC1123)
 		log.Debugf("Found %s in cache. Adding '%s' as If-Modified-Since", key, since)
 		req.Header.Add("If-Modified-Since", since)
 	}
 	resp, err := client.Do(req)
 	if err != nil {
 		if !found {
 			log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
 			w.WriteHeader(404)
 		} else {
 			log.Debugf("Request failed but page %s is cached in memory", path)
 			w.WriteHeader(200)
 			w.Header().Set("Content-Type", mimeType)
 			w.Write(content)
 		}
 		return
 	}
 	defer resp.Body.Close()
 	log.Debugf("Gitea API request returned %d", resp.StatusCode)
 	if found && resp.StatusCode == 302 {
 		log.Debugf("Page %s is unchanged and cached in memory", path)
 		w.WriteHeader(200)
 		w.Header().Set("Content-Type", mimeType)
 		w.Write(content)
 		return
 	}
 	content, err = io.ReadAll(resp.Body)
 	if err != nil {
 		log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
 		w.WriteHeader(404)
 		return
 	}
 	pathParts := strings.Split(path, ".")
 	ext := pathParts[len(pathParts) - 1]
 	mimeType = mime.TypeByExtension("." + ext)
 	now := time.Now()
 	pageCache.Set(
 		key,
 		PageContentCache{
 			content,
 			mimeType,
 			now,
 		},
 		cache.DefaultExpiration,
 	)
 	log.Debugf("Page %s requested from Gitea and cached in memory at %v", path, now)
 	w.WriteHeader(200)
 	w.Header().Set("Content-Type", mimeType)
 	w.Write(content)