mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2025-07-06 00:08:16 +07:00
Code Issues Packages Projects Releases Wiki Activity

Go 1.9 and Iris v8, added possibility to bind to IP (#15)

Browse Source
This commit is contained in:
Joona Hoikkala
2017-11-12 23:40:15 +02:00
committed by GitHub
parent 0ec12dbc5f
commit c70a6cffb0
6 changed files with 37 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -1,6 +1,6 @@
language: go language: go
go: go:
- 1.8 - 1.9
env: env:
- "PATH=/home/travis/gopath/bin:$PATH" - "PATH=/home/travis/gopath/bin:$PATH"
before_install: before_install:

2
README.md
View File

@ -107,7 +107,7 @@ Check out how in the INSTALL section.
## Installation ## Installation
1) Install [Go 1.8 or newer](https://golang.org/doc/install) 1) Install [Go 1.9 or newer](https://golang.org/doc/install)
2) Clone this repo: `git clone https://github.com/joohoi/acme-dns $GOPATH/src/acme-dns` 2) Clone this repo: `git clone https://github.com/joohoi/acme-dns $GOPATH/src/acme-dns`

34
api.go
View File

@ -4,15 +4,15 @@ import (
"errors" "errors"
"fmt" "fmt"
"github.com/kataras/iris"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"gopkg.in/kataras/iris.v6"
) )
// Serve is an authentication middlware function used to authenticate update requests // Serve is an authentication middlware function used to authenticate update requests
func (a authMiddleware) Serve(ctx *iris.Context) { func (a authMiddleware) Serve(ctx iris.Context) {
allowUpdate := false allowUpdate := false
usernameStr := ctx.RequestHeader("X-Api-User") usernameStr := ctx.GetHeader("X-Api-User")
password := ctx.RequestHeader("X-Api-Key") password := ctx.GetHeader("X-Api-Key")
postData := ACMETxt{} postData := ACMETxt{}
username, err := getValidUsername(usernameStr) username, err := getValidUsername(usernameStr)
@ -28,7 +28,7 @@ func (a authMiddleware) Serve(ctx *iris.Context) {
// Now test for the possibly limited ranges // Now test for the possibly limited ranges
if DNSConf.API.UseHeader { if DNSConf.API.UseHeader {
ips := getIPListFromHeader(ctx.RequestHeader(DNSConf.API.HeaderName)) ips := getIPListFromHeader(ctx.GetHeader(DNSConf.API.HeaderName))
allowUpdate = au.allowedFromList(ips) allowUpdate = au.allowedFromList(ips)
} else { } else {
allowUpdate = au.allowedFrom(ctx.RemoteAddr()) allowUpdate = au.allowedFrom(ctx.RemoteAddr())
@ -43,7 +43,9 @@ func (a authMiddleware) Serve(ctx *iris.Context) {
} }
} else { } else {
// JSON error // JSON error
ctx.JSON(iris.StatusBadRequest, iris.Map{"error": "bad data"}) log.WithFields(log.Fields{"error": err.Error()}).Warning("Failed reading POST data")
ctx.JSON(iris.Map{"error": "bad data"})
ctx.StatusCode(iris.StatusBadRequest)
return return
} }
} }
@ -53,10 +55,11 @@ func (a authMiddleware) Serve(ctx *iris.Context) {
} }
} }
} }
ctx.JSON(iris.StatusUnauthorized, iris.Map{"error": "unauthorized"}) ctx.JSON(iris.Map{"error": "unauthorized"})
ctx.StatusCode(iris.StatusUnauthorized)
} }
func webRegisterPost(ctx *iris.Context) { func webRegisterPost(ctx iris.Context) {
var regJSON iris.Map var regJSON iris.Map
var regStatus int var regStatus int
aTXT := ACMETxt{} aTXT := ACMETxt{}
@ -74,13 +77,14 @@ func webRegisterPost(ctx *iris.Context) {
log.WithFields(log.Fields{"user": nu.Username.String()}).Debug("Created new user") log.WithFields(log.Fields{"user": nu.Username.String()}).Debug("Created new user")
} }
ctx.JSON(regStatus, regJSON) ctx.JSON(regJSON)
ctx.StatusCode(regStatus)
} }
func webUpdatePost(ctx *iris.Context) { func webUpdatePost(ctx iris.Context) {
// User auth done in middleware // User auth done in middleware
a := ACMETxt{} a := ACMETxt{}
userStr := ctx.RequestHeader("X-API-User") userStr := ctx.GetHeader("X-API-User")
// Already checked in auth middlware // Already checked in auth middlware
username, _ := getValidUsername(userStr) username, _ := getValidUsername(userStr)
// Already checked in auth middleware // Already checked in auth middleware
@ -94,7 +98,8 @@ func webUpdatePost(ctx *iris.Context) {
webUpdatePostError(ctx, errors.New("internal error"), iris.StatusInternalServerError) webUpdatePostError(ctx, errors.New("internal error"), iris.StatusInternalServerError)
return return
} }
ctx.JSON(iris.StatusOK, iris.Map{"txt": a.Value}) ctx.JSON(iris.Map{"txt": a.Value})
ctx.StatusCode(iris.StatusOK)
} else { } else {
log.WithFields(log.Fields{"subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad data for subdomain") log.WithFields(log.Fields{"subdomain": a.Subdomain, "txt": a.Value}).Debug("Bad data for subdomain")
webUpdatePostError(ctx, errors.New("bad data"), iris.StatusBadRequest) webUpdatePostError(ctx, errors.New("bad data"), iris.StatusBadRequest)
@ -102,8 +107,9 @@ func webUpdatePost(ctx *iris.Context) {
} }
} }
func webUpdatePostError(ctx *iris.Context, err error, status int) { func webUpdatePostError(ctx iris.Context, err error, status int) {
errStr := fmt.Sprintf("%v", err) errStr := fmt.Sprintf("%v", err)
updJSON := iris.Map{"error": errStr} updJSON := iris.Map{"error": errStr}
ctx.JSON(status, updJSON) ctx.JSON(updJSON)
ctx.StatusCode(status)
} }

4
config.cfg
View File

@ -33,6 +33,10 @@ connection = "acme-dns.db"
[api] [api]
# domain name to listen requests for, mandatory if using tls = "letsencrypt" # domain name to listen requests for, mandatory if using tls = "letsencrypt"
api_domain = "" api_domain = ""
# email to use for account registration for Let's Encrypt, used only if tls = "letsencrypt"
le_email = "admin@example.com"
# listen ip eg. 127.0.0.1
ip = "127.0.0.1"
# listen port, eg. 443 for default HTTPS # listen port, eg. 443 for default HTTPS
port = "8080" port = "8080"
# possible values: "letsencrypt", "cert", "none" # possible values: "letsencrypt", "cert", "none"

24
main.go
View File

@ -5,10 +5,9 @@ package main
import ( import (
"os" "os"
"github.com/iris-contrib/middleware/cors"
"github.com/kataras/iris"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"gopkg.in/kataras/iris.v6"
"gopkg.in/kataras/iris.v6/adaptors/cors"
"gopkg.in/kataras/iris.v6/adaptors/httprouter"
) )
func main() { func main() {
@ -41,9 +40,8 @@ func main() {
} }
func startHTTPAPI() { func startHTTPAPI() {
api := iris.New(iris.Configuration{DisableBodyConsumptionOnUnmarshal: true}) api := iris.New()
api.Adapt(httprouter.New()) api.Use(cors.New(cors.Options{
api.Adapt(cors.New(cors.Options{
AllowedOrigins: DNSConf.API.CorsOrigins, AllowedOrigins: DNSConf.API.CorsOrigins,
AllowedMethods: []string{"GET", "POST"}, AllowedMethods: []string{"GET", "POST"},
OptionsPassthrough: false, OptionsPassthrough: false,
@ -52,18 +50,14 @@ func startHTTPAPI() {
var ForceAuth = authMiddleware{} var ForceAuth = authMiddleware{}
api.Post("/register", webRegisterPost) api.Post("/register", webRegisterPost)
api.Post("/update", ForceAuth.Serve, webUpdatePost) api.Post("/update", ForceAuth.Serve, webUpdatePost)
host := DNSConf.API.Domain + ":" + DNSConf.API.Port
switch DNSConf.API.TLS { switch DNSConf.API.TLS {
case "letsencrypt": case "letsencrypt":
listener, err := iris.LETSENCRYPT("0.0.0.0", DNSConf.API.Domain) api.Run(iris.AutoTLS(host, DNSConf.API.Domain, DNSConf.API.LEmail), iris.WithoutBodyConsumptionOnUnmarshal)
err = api.Serve(listener)
if err != nil {
log.Errorf("Error in HTTP server [%v]", err)
}
case "cert": case "cert":
host := DNSConf.API.Domain + ":" + DNSConf.API.Port api.Run(iris.TLS(host, DNSConf.API.TLSCertFullchain, DNSConf.API.TLSCertPrivkey), iris.WithoutBodyConsumptionOnUnmarshal)
api.ListenTLS(host, DNSConf.API.TLSCertFullchain, DNSConf.API.TLSCertPrivkey)
default: default:
host := DNSConf.API.Domain + ":" + DNSConf.API.Port api.Run(iris.Addr(host), iris.WithoutBodyConsumptionOnUnmarshal)
api.Listen(host)
} }
} }

2
types.go
View File

@ -51,6 +51,8 @@ type dbsettings struct {
// API config // API config
type httpapi struct { type httpapi struct {
Domain string `toml:"api_domain"` Domain string `toml:"api_domain"`
LEmail string `toml:"le_email"`
IP string
Port string Port string
TLS string TLS string
TLSCertPrivkey string `toml:"tls_cert_privkey"` TLSCertPrivkey string `toml:"tls_cert_privkey"`