Skip to content

Commit

Permalink
fix ci
Browse files Browse the repository at this point in the history
  • Loading branch information
timzaak committed Jun 28, 2024
1 parent c1beb7a commit 998e0e6
Show file tree
Hide file tree
Showing 6 changed files with 55 additions and 37 deletions.
1 change: 0 additions & 1 deletion docs/develop/change-log.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
- feat: support host alias. add config `http.external_port`, `https.external_port`
- conf: **break change** `https.http_redirect_to_https` move to `http.redirect_https`, and value is bool.
- improve: improve change_status response text style (release JS SDK 2.3.0)
- ci: use pebble root cert to check domain redirect.

### Version 2.2.4

Expand Down
46 changes: 23 additions & 23 deletions server/src/acme.rs
Original file line number Diff line number Diff line change
Expand Up @@ -165,29 +165,29 @@ impl ACMEProvider {
debug!("domain:{domain} order state:{:#?}", state);
assert!(matches!(state.status, OrderStatus::Pending));
let authorizations = order.authorizations()?;
assert_eq!(authorizations.len(), 1);
let authz = authorizations.first().unwrap();
//for authz in &authorizations {
// get authorization
match authz.status {
AuthorizationStatus::Pending => {}
//AuthorizationStatus::Valid => continue,
_ => todo!(),
let mut names = vec![];
for authz in &authorizations {
match authz.status {
AuthorizationStatus::Pending => {}
AuthorizationStatus::Valid => continue,
_ => {
warn!("authorization : {authz:#?}")
},
}
let challenge = authz
.challenges
.iter()
.find(|c| c.r#type == ChallengeType::Http01)
.ok_or_else(|| anyhow!("no http01 challenge found for domain:{domain}"))?;
let Identifier::Dns(identifier) = &authz.identifier;
let token = challenge.token.clone();

let key_authorization = order.key_authorization(challenge);
let challenge_domain_token_path = get_challenge_path(&challenge_path, identifier, &token);
fs::write(challenge_domain_token_path, key_authorization.as_str())?;
names.push(identifier.clone());
order.set_challenge_ready(&challenge.url)?;
}
let challenge = authz
.challenges
.iter()
.find(|c| c.r#type == ChallengeType::Http01)
.ok_or_else(|| anyhow!("no http01 challenge found for domain:{domain}"))?;
let Identifier::Dns(identifier) = &authz.identifier;
let token = challenge.token.clone();

let key_authorization = order.key_authorization(challenge);
//TODO: save to
let challenge_domain_token_path = get_challenge_path(&challenge_path, &domain, &token);
fs::write(challenge_domain_token_path, key_authorization.as_str())?;
order.set_challenge_ready(&challenge.url)?;

// get token
let mut retries: u32 = 0;
let state = loop {
Expand All @@ -211,7 +211,7 @@ impl ACMEProvider {
bail!("domain: {domain} order is invalid")
}

let mut params = CertificateParams::new(vec![identifier.to_string()]);
let mut params = CertificateParams::new(names);
params.distinguished_name = DistinguishedName::new();
let cert = Certificate::from_params(params).unwrap();
let csr = cert.serialize_request_der()?;
Expand Down
8 changes: 5 additions & 3 deletions server/src/service.rs
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@ impl ServiceConfig {
}
}

fn alias_redirect(uri: &Uri, https:bool, host:&str, external_port:u16) -> warp::reply::Response { // cors?
// http to https
// alias
fn alias_redirect(uri: &Uri, https: bool, host:&str, external_port:u16) -> warp::reply::Response { // cors?
let mut resp = Response::default();
let schema = if https {"https://"} else {"http://"};

Expand Down Expand Up @@ -137,7 +139,7 @@ pub async fn create_http_service(
let token = &path[ACME_CHALLENGE.len()..];
{
if let Some(path) = challenge_path.read().await.as_ref() {
let path = get_challenge_path(path, host, token);
let path = get_challenge_path(path, origin_host, token);
let headers = req.headers();
let conditionals = Conditionals {
if_modified_since: headers.typed_get(),
Expand All @@ -163,7 +165,7 @@ pub async fn create_http_service(
Some(external_port) => (true, external_port),
None => (false, external_port)
};
return Ok(alias_redirect(uri,https, host, external_port));
return Ok(alias_redirect(uri, https, host, external_port));
}
file_resp(&req, uri, host, domain_storage, origin_opt).await
} else {
Expand Down
32 changes: 24 additions & 8 deletions server/src/web_server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,31 @@ pub struct Server {
impl Server {
pub fn new(conf: Config, storage: Arc<DomainStorage>) -> anyhow::Result<Self> {
let default_http_redirect_to_https:Option<Either<&'static str, u16>> = conf.http.as_ref().and_then(|x| {
if x.redirect_https.is_some_and(|x|x) {
let external_port = conf.https.as_ref().and_then(|https| https.external_port);
if external_port.is_none() {
Some(Either::Left("when redirect_https is undefined or true, https.external_port should be set"))
} else {
external_port.map(|x|Either::Right(x))
match x.redirect_https {
Some(true) => {
let external_port = conf.https.as_ref().and_then(|https| https.external_port);
if external_port.is_none() {
Some(Either::Left("when redirect_https is undefined or true, https.external_port should be set"))
} else {
external_port.map(|x|Either::Right(x))
}
},
None => {
match &conf.https {
Some(https) => {
let external_port = https.external_port;
if external_port.is_none() {
Some(Either::Left("when redirect_https is undefined or true, https.external_port should be set"))
} else {
external_port.map(|x|Either::Right(x))
}
},
None => None,
}
},
Some(false) => {
None
}
} else {
None
}
});
let default_http_redirect_to_https = match default_http_redirect_to_https {
Expand Down
2 changes: 1 addition & 1 deletion tests/tests/acme_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,6 @@ async fn alias_acme() {
wait_count += 1;
}
assert_files(domain, request_prefix, 1, vec!["index.html"]).await;
assert_redirects(request_prefix, vec![format!("https://{LOCAL_HOST}:8443/27"), "/27/".to_owned()]).await
assert_redirects(request_prefix, vec![format!("https://{LOCAL_HOST}:8443/")]).await
}

3 changes: 2 additions & 1 deletion tests/tests/common.rs
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,8 @@ pub async fn assert_files(
}
pub async fn assert_redirect_correct(request_prefix: &str, target_prefix: &str) -> String {
let client = ClientBuilder::new()
.add_root_certificate(get_root_cert())
//.add_root_certificate(get_root_cert()) // does not work
.danger_accept_invalid_certs(true)
.redirect(Policy::none())
.build()
.unwrap();
Expand Down

0 comments on commit 998e0e6

Please sign in to comment.