Format go code

Fix cached error when .domains is not readable (fixes https://codeberg.org/Codeberg/Community/issues/1512 )
Co-authored-by: @algernon
2024-04-02 21:14:03 +02:00 · 2024-04-02 21:06:05 +02:00 · 2024-04-02 00:16:30 +02:00 · 2024-04-01 21:59:09 +02:00 · 2024-03-29 23:15:08 +01:00 · 2024-03-26 22:53:32 +01:00
--- a/README.md
+++ b/README.md
@ -80,7 +80,9 @@ and especially have a look at [this section of the haproxy.cfg](https://codeberg
 - `ENABLE_HTTP_SERVER` (default: false): Set this to true to enable the HTTP-01 challenge and redirect all other HTTP requests to HTTPS. Currently only works with port 80.
 - `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard.  
  See <https://go-acme.github.io/lego/dns/> for available values & additional environment variables.
+- `NO_DNS_01` (default: `false`): Disable the use of ACME DNS. This means that the wildcard certificate is self-signed and all domains and subdomains will have a distinct certificate. Because this may lead to a rate limit from the ACME provider, this option is not recommended for Gitea/Forgejo instances with open registrations or a great number of users/orgs.
 - `LOG_LEVEL` (default: warn): Set this to specify the level of logging.
+- `REDIS_URL` (default: use in-memory cache): Set this to use Redis as a cache server.

 ## Contributing to the development

--- a/cli/flags.go
+++ b/cli/flags.go
@ -185,6 +185,11 @@ var (
 			Usage:   "Use DNS-Challenge for main domain. Read more at: https://go-acme.github.io/lego/dns/",
 			EnvVars: []string{"DNS_PROVIDER"},
 		},
+		&cli.BoolFlag{
+			Name:    "no-dns-01",
+			Usage:   "Always use individual certificates instead of a DNS-01 wild card certificate",
+			EnvVars: []string{"NO_DNS_01"},
+		},
 		&cli.StringFlag{
 			Name:    "acme-account-config",
 			Usage:   "json file of acme account",
--- a/config/config.go
+++ b/config/config.go
@ -6,7 +6,7 @@ type Config struct {
 	Gitea    GiteaConfig
 	Database DatabaseConfig
 	ACME     ACMEConfig
-	RedisURL string `default:""`
+	Cache    CacheConfig
 }

 type ServerConfig struct {
@ -43,5 +43,10 @@ type ACMEConfig struct {
 	EAB_HMAC          string
 	EAB_KID           string
 	DNSProvider       string
+	NoDNS01           bool   `default:"false"`
 	AccountConfigFile string `default:"acme-account.json"`
 }
+
+type CacheConfig struct {
+	RedisURL string `default:""`
+}
--- a/config/setup.go
+++ b/config/setup.go
@ -54,9 +54,7 @@ func MergeConfig(ctx *cli.Context, config *Config) {
 	mergeGiteaConfig(ctx, &config.Gitea)
 	mergeDatabaseConfig(ctx, &config.Database)
 	mergeACMEConfig(ctx, &config.ACME)
-	if ctx.IsSet("redis-url") {
-		config.RedisURL = ctx.String("redis-url")
-	}
+	mergeCacheConfig(ctx, &config.Cache)
 }

 func mergeServerConfig(ctx *cli.Context, config *ServerConfig) {
@ -144,7 +142,16 @@ func mergeACMEConfig(ctx *cli.Context, config *ACMEConfig) {
 	if ctx.IsSet("dns-provider") {
 		config.DNSProvider = ctx.String("dns-provider")
 	}
+	if ctx.IsSet("no-dns-01") {
+		config.NoDNS01 = ctx.Bool("no-dns-01")
+	}
 	if ctx.IsSet("acme-account-config") {
 		config.AccountConfigFile = ctx.String("acme-account-config")
 	}
 }
+
+func mergeCacheConfig(ctx *cli.Context, config *CacheConfig) {
+	if ctx.IsSet("redis-url") {
+		config.RedisURL = ctx.String("redis-url")
+	}
+}
--- a/config/setup_test.go
+++ b/config/setup_test.go
@ -166,6 +166,7 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T
 					EAB_HMAC:          "original",
 					EAB_KID:           "original",
 					DNSProvider:       "original",
+					NoDNS01:           false,
 					AccountConfigFile: "original",
 				},
 			}
@ -205,6 +206,7 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T
 					EAB_HMAC:          "changed",
 					EAB_KID:           "changed",
 					DNSProvider:       "changed",
+					NoDNS01:           true,
 					AccountConfigFile: "changed",
 				},
 			}
@ -243,6 +245,7 @@ func TestMergeConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testing.T
 			"--acme-eab-hmac", "changed",
 			"--acme-eab-kid", "changed",
 			"--dns-provider", "changed",
+			"--no-dns-01",
 			"--acme-account-config", "changed",
 		},
 	)
@ -517,6 +520,7 @@ func TestMergeACMEConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testi
 				EAB_HMAC:          "original",
 				EAB_KID:           "original",
 				DNSProvider:       "original",
+				NoDNS01:           false,
 				AccountConfigFile: "original",
 			}

@ -530,6 +534,7 @@ func TestMergeACMEConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testi
 				EAB_HMAC:          "changed",
 				EAB_KID:           "changed",
 				DNSProvider:       "changed",
+				NoDNS01:           true,
 				AccountConfigFile: "changed",
 			}

@ -545,6 +550,7 @@ func TestMergeACMEConfigShouldReplaceAllExistingValuesGivenAllArgsExist(t *testi
 			"--acme-eab-hmac", "changed",
 			"--acme-eab-kid", "changed",
 			"--dns-provider", "changed",
+			"--no-dns-01",
 			"--acme-account-config", "changed",
 		},
 	)
@ -563,6 +569,7 @@ func TestMergeACMEConfigShouldReplaceOnlyOneValueExistingValueGivenOnlyOneArgExi
 		{args: []string{"--acme-eab-hmac", "changed"}, callback: func(gc *ACMEConfig) { gc.EAB_HMAC = "changed" }},
 		{args: []string{"--acme-eab-kid", "changed"}, callback: func(gc *ACMEConfig) { gc.EAB_KID = "changed" }},
 		{args: []string{"--dns-provider", "changed"}, callback: func(gc *ACMEConfig) { gc.DNSProvider = "changed" }},
+		{args: []string{"--no-dns-01"}, callback: func(gc *ACMEConfig) { gc.NoDNS01 = true }},
 		{args: []string{"--acme-account-config", "changed"}, callback: func(gc *ACMEConfig) { gc.AccountConfigFile = "changed" }},
 	}

--- a/server/acme/client.go
+++ b/server/acme/client.go
@ -13,8 +13,8 @@ var ErrAcmeMissConfig = errors.New("ACME client has wrong config")

 func CreateAcmeClient(cfg config.ACMEConfig, enableHTTPServer bool, challengeCache cache.ICache) (*certificates.AcmeClient, error) {
 	// check config
-	if (!cfg.AcceptTerms || cfg.DNSProvider == "") && cfg.APIEndpoint != "https://acme.mock.directory" {
-		return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory", ErrAcmeMissConfig)
+	if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && cfg.APIEndpoint != "https://acme.mock.directory" {
+		return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to https://acme.mock.directory", ErrAcmeMissConfig)
 	}
 	if cfg.EAB_HMAC != "" && cfg.EAB_KID == "" {
 		return nil, fmt.Errorf("%w: ACME_EAB_HMAC also needs ACME_EAB_KID to be set", ErrAcmeMissConfig)
--- a/server/cache/memory.go
+++ b/server/cache/memory.go
@ -1,8 +1,9 @@
 package cache

 import (
-	"github.com/OrlovEvgeny/go-mcache"
 	"time"
+
+	"github.com/OrlovEvgeny/go-mcache"
 )

 type MCache struct {
--- a/server/cache/redis.go
+++ b/server/cache/redis.go
@ -3,41 +3,48 @@ package cache
 import (
 	"context"
 	"errors"
+	"time"
+
 	"github.com/redis/go-redis/v9"
 	"github.com/rs/zerolog/log"
-	"time"
 )

 type RedisCache struct {
-	ctx context.Context
-	rdb *redis.Client
+	name string
+	ctx  context.Context
+	rdb  *redis.Client
 }

 func (r *RedisCache) Set(key string, value []byte, ttl time.Duration) error {
-	return r.rdb.Set(r.ctx, key, value, ttl).Err()
+	log.Trace().Str("key", r.name+"::"+key).Int("len(value)", len(value)).Bytes("value", value).Msg("Set in Redis.")
+	return r.rdb.Set(r.ctx, r.name+"::"+key, value, ttl).Err()
 }

 func (r *RedisCache) Get(key string) ([]byte, bool) {
-	val, err := r.rdb.Get(r.ctx, key).Bytes()
+	val, err := r.rdb.Get(r.ctx, r.name+"::"+key).Bytes()
 	if err != nil {
-		if errors.Is(err, redis.Nil) {
-			log.Error().Err(err).Str("key", key).Msg("Couldn't request key from cache.")
+		if !errors.Is(err, redis.Nil) {
+			log.Error().Err(err).Str("key", r.name+"::"+key).Msg("Couldn't request key from cache.")
+		} else {
+			log.Trace().Str("key", r.name+"::"+key).Msg("Get from Redis, doesn't exist.")
 		}
 		return nil, false
 	} else {
+		log.Trace().Str("key", r.name+"::"+key).Int("len(value)", len(val)).Msg("Get from Redis.")
 		return val, true
 	}
 }

 func (r *RedisCache) Remove(key string) {
-	err := r.rdb.Del(r.ctx, key).Err()
-	if err == nil {
-		log.Error().Err(err).Str("key", key).Msg("Couldn't delete key from cache.")
+	err := r.rdb.Del(r.ctx, r.name+"::"+key).Err()
+	if err != nil {
+		log.Error().Err(err).Str("key", r.name+"::"+key).Msg("Couldn't delete key from cache.")
 	}
 }

-func NewRedisCache(opts *redis.Options) ICache {
+func NewRedisCache(name string, opts *redis.Options) ICache {
 	return &RedisCache{
+		name,
 		context.Background(),
 		redis.NewClient(opts),
 	}
--- a/server/certificates/acme_client.go
+++ b/server/certificates/acme_client.go
@ -56,11 +56,8 @@ func NewAcmeClient(cfg config.ACMEConfig, enableHTTPServer bool, challengeCache
 		log.Error().Err(err).Msg("Can't create ACME client, continuing with mock certs only")
 	} else {
 		if cfg.DNSProvider == "" {
-			// using mock server, don't use wildcard certs
-			err := mainDomainAcmeClient.Challenge.SetTLSALPN01Provider(AcmeTLSChallengeProvider{challengeCache})
-			if err != nil {
-				log.Error().Err(err).Msg("Can't create TLS-ALPN-01 provider")
-			}
+			// using mock wildcard certs
+			mainDomainAcmeClient = nil
 		} else {
 			// use DNS-Challenge https://go-acme.github.io/lego/dns/
 			provider, err := dns.NewDNSChallengeProviderByName(cfg.DNSProvider)
--- a/server/certificates/certificates.go
+++ b/server/certificates/certificates.go
@ -6,11 +6,12 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"github.com/OrlovEvgeny/go-mcache"
 	"strconv"
 	"strings"
 	"time"

+	"github.com/OrlovEvgeny/go-mcache"
+
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
@ -34,6 +35,8 @@ func TLSConfig(mainDomainSuffix string,
 	firstDefaultBranch string,
 	keyCache *mcache.CacheDriver, challengeCache cache.ICache, dnsLookupCache *mcache.CacheDriver, canonicalDomainCache cache.ICache,
 	certDB database.CertDB,
+	noDNS01 bool,
+	rawDomain string,
 ) *tls.Config {
 	return &tls.Config{
 		// check DNS name & get certificate from Let's Encrypt
@ -65,9 +68,24 @@ func TLSConfig(mainDomainSuffix string,

 			targetOwner := ""
 			mayObtainCert := true
+
 			if strings.HasSuffix(domain, mainDomainSuffix) || strings.EqualFold(domain, mainDomainSuffix[1:]) {
-				// deliver default certificate for the main domain (*.codeberg.page)
-				domain = mainDomainSuffix
+				if noDNS01 {
+					// Limit the domains allowed to request a certificate to pages-server domains
+					// and domains for an existing user of org
+					if !strings.EqualFold(domain, mainDomainSuffix[1:]) && !strings.EqualFold(domain, rawDomain) {
+						targetOwner := strings.TrimSuffix(domain, mainDomainSuffix)
+						owner_exist, err := giteaClient.GiteaCheckIfOwnerExists(targetOwner)
+						mayObtainCert = owner_exist
+						if err != nil {
+							log.Error().Err(err).Msgf("Failed to check '%s' existence on the forge: %s", targetOwner, err)
+							mayObtainCert = false
+						}
+					}
+				} else {
+					// deliver default certificate for the main domain (*.codeberg.page)
+					domain = mainDomainSuffix
+				}
 			} else {
 				var targetRepo, targetBranch string
 				targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch, dnsLookupCache)
@ -200,9 +218,6 @@ func (c *AcmeClient) retrieveCertFromDB(sni, mainDomainSuffix string, useDnsProv

 func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew *certificate.Resource, user string, useDnsProvider bool, mainDomainSuffix string, keyDatabase database.CertDB) (*tls.Certificate, error) {
 	name := strings.TrimPrefix(domains[0], "*")
-	if useDnsProvider && domains[0] != "" && domains[0][0] == '*' {
-		domains = domains[1:]
-	}

 	// lock to avoid simultaneous requests
 	_, working := c.obtainLocks.LoadOrStore(name, struct{}{})
@ -220,7 +235,11 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
 	defer c.obtainLocks.Delete(name)

 	if acmeClient == nil {
-		return mockCert(domains[0], "ACME client uninitialized. This is a server error, please report!", mainDomainSuffix, keyDatabase)
+		if useDnsProvider {
+			return mockCert(domains[0], "DNS ACME client is not defined", mainDomainSuffix, keyDatabase)
+		} else {
+			return mockCert(domains[0], "ACME client uninitialized. This is a server error, please report!", mainDomainSuffix, keyDatabase)
+		}
 	}

 	// request actual cert
--- a/server/database/xorm.go
+++ b/server/database/xorm.go
@ -52,7 +52,6 @@ func (x xDB) Close() error {
 func (x xDB) Put(domain string, cert *certificate.Resource) error {
 	log.Trace().Str("domain", cert.Domain).Msg("inserting cert to db")

-	domain = integrationTestReplacements(domain)
 	c, err := toCert(domain, cert)
 	if err != nil {
 		return err
@ -82,7 +81,6 @@ func (x xDB) Get(domain string) (*certificate.Resource, error) {
 	if domain[:1] == "." {
 		domain = "*" + domain
 	}
-	domain = integrationTestReplacements(domain)

 	cert := new(Cert)
 	log.Trace().Str("domain", domain).Msg("get cert from db")
@ -99,7 +97,6 @@ func (x xDB) Delete(domain string) error {
 	if domain[:1] == "." {
 		domain = "*" + domain
 	}
-	domain = integrationTestReplacements(domain)

 	log.Trace().Str("domain", domain).Msg("delete cert from db")
 	_, err := x.engine.ID(domain).Delete(new(Cert))
@ -139,13 +136,3 @@ func supportedDriver(driver string) bool {
 		return false
 	}
 }
-
-// integrationTestReplacements is needed because integration tests use a single domain cert,
-// while production use a wildcard cert
-// TODO: find a better way to handle this
-func integrationTestReplacements(domainKey string) string {
-	if domainKey == "*.localhost.mock.directory" {
-		return "localhost.mock.directory"
-	}
-	return domainKey
-}
--- a/server/dns/dns.go
+++ b/server/dns/dns.go
@ -1,10 +1,11 @@
 package dns

 import (
-	"github.com/OrlovEvgeny/go-mcache"
 	"net"
 	"strings"
 	"time"
+
+	"github.com/OrlovEvgeny/go-mcache"
 )

 // lookupCacheTimeout specifies the timeout for the DNS lookup cache.
--- a/server/gitea/cache.go
+++ b/server/gitea/cache.go
@ -28,6 +28,9 @@ const (
 	// TODO: move as option into cache interface
 	fileCacheTimeout = 5 * time.Minute

+	// ownerExistenceCacheTimeout specifies the timeout for the existence of a repo/org
+	ownerExistenceCacheTimeout = 5 * time.Minute
+
 	// fileCacheSizeLimit limits the maximum file size that will be cached, and is set to 1 MB by default.
 	fileCacheSizeLimit = int64(1000 * 1000)
 )
@ -96,6 +99,7 @@ type writeCacheReader struct {
 	cacheKey       string
 	cache          cache.ICache
 	hasError       bool
+	doNotCache     bool
 }

 func (t *writeCacheReader) Read(p []byte) (n int, err error) {
@ -105,19 +109,20 @@ func (t *writeCacheReader) Read(p []byte) (n int, err error) {
 		log.Trace().Err(err).Msgf("[cache] original reader for %q has returned an error", t.cacheKey)
 		t.hasError = true
 	} else if n > 0 {
-		_, _ = t.buffer.Write(p[:n])
+		if t.buffer.Len()+n > int(fileCacheSizeLimit) {
+			t.doNotCache = true
+			t.buffer.Reset()
+		} else {
+			_, _ = t.buffer.Write(p[:n])
+		}
 	}
 	return
 }

 func (t *writeCacheReader) Close() error {
-	doWrite := !t.hasError
+	doWrite := !t.hasError && !t.doNotCache
 	fc := *t.fileResponse
 	fc.Body = t.buffer.Bytes()
-	if fc.IsEmpty() {
-		log.Trace().Msg("[cache] file response is empty")
-		doWrite = false
-	}
 	if doWrite {
 		err := t.cache.Set(t.cacheKey+"|Metadata", []byte(fc.MetadataAsString()), fileCacheTimeout)
 		if err != nil {
--- a/server/gitea/client.go
+++ b/server/gitea/client.go
@ -9,7 +9,6 @@ import (
 	"net/http"
 	"net/url"
 	"path"
-	"strconv"
 	"strings"
 	"time"

@ -28,6 +27,7 @@ const (
 	branchTimestampCacheKeyPrefix = "branchTime"
 	defaultBranchCacheKeyPrefix   = "defaultBranch"
 	rawContentCacheKeyPrefix      = "rawContent"
+	ownerExistenceKeyPrefix       = "ownerExist"

 	// pages server
 	PagesCacheIndicatorHeader = "X-Pages-Cache"
@ -116,27 +116,25 @@ func (client *Client) ServeRawContent(targetOwner, targetRepo, ref, resource str
 	// handle if cache entry exist
 	if cacheMetadata, ok := client.responseCache.Get(cacheKey + "|Metadata"); ok {
 		cache := FileResponseFromMetadataString(string(cacheMetadata))
-		cacheBodyString, _ := client.responseCache.Get(cacheKey + "|Body")
-		cache.Body = []byte(cacheBodyString)
+		cache.Body, _ = client.responseCache.Get(cacheKey + "|Body")
 		// TODO: don't grab the content from the cache if the ETag matches?!

 		cachedHeader, cachedStatusCode := cache.createHttpResponse(cacheKey)
 		// TODO: check against some timestamp mismatch?!?
 		if cache.Exists {
-			log.Debug().Msg("[cache] exists")
 			if cache.IsSymlink {
 				linkDest := string(cache.Body)
 				log.Debug().Msgf("[cache] follow symlink from %q to %q", resource, linkDest)
 				return client.ServeRawContent(targetOwner, targetRepo, ref, linkDest)
-			} else if !cache.IsEmpty() {
+			} else {
 				log.Debug().Msgf("[cache] return %d bytes", len(cache.Body))
 				return io.NopCloser(bytes.NewReader(cache.Body)), cachedHeader, cachedStatusCode, nil
-			} else if cache.IsEmpty() {
-				log.Debug().Msg("[cache] is empty")
-				// TODO: empty files aren't cached anyways; but when closing the issue please make sure that a missing body cache key is also handled correctly.
 			}
+		} else {
+			return nil, nil, http.StatusNotFound, ErrorNotFound
 		}
 	}
+	// TODO: metadata not written, is close ever called?
 	log.Trace().Msg("file not in cache")
 	// not in cache, open reader via gitea api
 	reader, resp, err := client.sdkClient.GetFileReader(targetOwner, targetRepo, ref, resource, client.supportLFS)
@ -185,10 +183,6 @@ func (client *Client) ServeRawContent(targetOwner, targetRepo, ref, resource str
 			mimeType := client.getMimeTypeByExtension(resource)
 			resp.Response.Header.Set(ContentTypeHeader, mimeType)

-			if !shouldRespBeSavedToCache(resp.Response) {
-				return reader, resp.Response.Header, resp.StatusCode, err
-			}
-
 			// now we write to cache and respond at the same time
 			fileResp := FileResponse{
 				Exists:   true,
@ -279,6 +273,38 @@ func (client *Client) GiteaGetRepoDefaultBranch(repoOwner, repoName string) (str
 	return branch, nil
 }

+func (client *Client) GiteaCheckIfOwnerExists(owner string) (bool, error) {
+	cacheKey := fmt.Sprintf("%s/%s", ownerExistenceKeyPrefix, owner)
+
+	if exist, ok := client.responseCache.Get(cacheKey); ok && exist != nil {
+		return string(exist) == "true", nil
+	}
+
+	_, resp, err := client.sdkClient.GetUserInfo(owner)
+	if resp.StatusCode == http.StatusOK && err == nil {
+		if err := client.responseCache.Set(cacheKey, []byte("true"), ownerExistenceCacheTimeout); err != nil {
+			log.Error().Err(err).Msg("[cache] error on cache write")
+		}
+		return true, nil
+	} else if resp.StatusCode != http.StatusNotFound {
+		return false, err
+	}
+
+	_, resp, err = client.sdkClient.GetOrg(owner)
+	if resp.StatusCode == http.StatusOK && err == nil {
+		if err := client.responseCache.Set(cacheKey, []byte("true"), ownerExistenceCacheTimeout); err != nil {
+			log.Error().Err(err).Msg("[cache] error on cache write")
+		}
+		return true, nil
+	} else if resp.StatusCode != http.StatusNotFound {
+		return false, err
+	}
+	if err := client.responseCache.Set(cacheKey, []byte("false"), ownerExistenceCacheTimeout); err != nil {
+		log.Error().Err(err).Msg("[cache] error on cache write")
+	}
+	return false, nil
+}
+
 func (client *Client) getMimeTypeByExtension(resource string) string {
 	mimeType := mime.TypeByExtension(path.Ext(resource))
 	mimeTypeSplit := strings.SplitN(mimeType, ";", 2)
@ -288,22 +314,3 @@ func (client *Client) getMimeTypeByExtension(resource string) string {
 	log.Trace().Msgf("probe mime of %q is %q", resource, mimeType)
 	return mimeType
 }
-
-func shouldRespBeSavedToCache(resp *http.Response) bool {
-	if resp == nil {
-		return false
-	}
-
-	contentLengthRaw := resp.Header.Get(ContentLengthHeader)
-	if contentLengthRaw == "" {
-		return false
-	}
-
-	contentLength, err := strconv.ParseInt(contentLengthRaw, 10, 64)
-	if err != nil {
-		log.Error().Err(err).Msg("could not parse content length")
-	}
-
-	// if content to big or could not be determined we not cache it
-	return contentLength > 0 && contentLength < fileCacheSizeLimit
-}
--- a/server/handler/handler.go
+++ b/server/handler/handler.go
@ -1,10 +1,11 @@
 package handler

 import (
-	"github.com/OrlovEvgeny/go-mcache"
 	"net/http"
 	"strings"

+	"github.com/OrlovEvgeny/go-mcache"
+
 	"github.com/rs/zerolog/log"

 	"codeberg.org/codeberg/pages/config"
--- a/server/handler/handler_custom_domain.go
+++ b/server/handler/handler_custom_domain.go
@ -1,11 +1,12 @@
 package handler

 import (
-	"github.com/OrlovEvgeny/go-mcache"
 	"net/http"
 	"path"
 	"strings"

+	"github.com/OrlovEvgeny/go-mcache"
+
 	"codeberg.org/codeberg/pages/html"
 	"codeberg.org/codeberg/pages/server/cache"
 	"codeberg.org/codeberg/pages/server/context"
--- a/server/handler/handler_test.go
+++ b/server/handler/handler_test.go
@ -6,6 +6,8 @@ import (
 	"testing"
 	"time"

+	"github.com/OrlovEvgeny/go-mcache"
+
 	"codeberg.org/codeberg/pages/config"
 	"codeberg.org/codeberg/pages/server/cache"
 	"codeberg.org/codeberg/pages/server/gitea"
@ -29,7 +31,7 @@ func TestHandlerPerformance(t *testing.T) {
 		AllowedCorsDomains: []string{"raw.codeberg.org", "fonts.codeberg.org", "design.codeberg.org"},
 		PagesBranches:      []string{"pages"},
 	}
-	testHandler := Handler(serverCfg, giteaClient, cache.NewInMemoryCache(), cache.NewInMemoryCache(), cache.NewInMemoryCache())
+	testHandler := Handler(serverCfg, giteaClient, mcache.New(), cache.NewInMemoryCache(), cache.NewInMemoryCache())

 	testCase := func(uri string, status int) {
 		t.Run(uri, func(t *testing.T) {
--- a/server/startup.go
+++ b/server/startup.go
@ -5,14 +5,15 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/OrlovEvgeny/go-mcache"
-	"github.com/redis/go-redis/v9"
 	"net"
 	"net/http"
 	"os"
 	"strings"
 	"time"

+	"github.com/OrlovEvgeny/go-mcache"
+	"github.com/redis/go-redis/v9"
+
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/urfave/cli/v2"
@ -78,24 +79,24 @@ func Serve(ctx *cli.Context) error {
 	dnsLookupCache := mcache.New()

 	var redisErr error = nil
-	createCache := func() cache.ICache {
-		if cfg.RedisURL != "" {
-			opts, err := redis.ParseURL(cfg.RedisURL)
+	createCache := func(name string) cache.ICache {
+		if cfg.Cache.RedisURL != "" {
+			opts, err := redis.ParseURL(cfg.Cache.RedisURL)
 			if err != nil {
 				redisErr = err
 			}
-			return cache.NewRedisCache(opts)
+			return cache.NewRedisCache(name, opts)
 		}
 		return cache.NewInMemoryCache()
 	}
 	// challengeCache stores the certificate challenges
-	challengeCache := createCache()
+	challengeCache := createCache("challenge")
 	// canonicalDomainCache stores canonical domains
-	canonicalDomainCache := createCache()
+	canonicalDomainCache := createCache("canonicalDomain")
 	// redirectsCache stores redirects in _redirects files
-	redirectsCache := createCache()
+	redirectsCache := createCache("redirects")
 	// clientResponseCache stores responses from the Gitea server
-	clientResponseCache := createCache()
+	clientResponseCache := createCache("clientResponse")
 	if redisErr != nil {
 		return redisErr
 	}
@ -129,6 +130,8 @@ func Serve(ctx *cli.Context) error {
 		cfg.Server.PagesBranches[0],
 		keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
 		certDB,
+		cfg.ACME.NoDNS01,
+		cfg.Server.RawDomain,
 	))

 	interval := 12 * time.Hour
--- a/server/upstream/domains.go
+++ b/server/upstream/domains.go
@ -33,7 +33,8 @@ func (o *Options) CheckCanonicalDomain(giteaClient *gitea.Client, actualDomain,
 	body, err := giteaClient.GiteaRawContent(o.TargetOwner, o.TargetRepo, o.TargetBranch, canonicalDomainConfig)
 	if err != nil && !errors.Is(err, gitea.ErrorNotFound) {
 		log.Error().Err(err).Msgf("could not read %s of %s/%s", canonicalDomainConfig, o.TargetOwner, o.TargetRepo)
-		// TODO: WTF we just continue?! Seems fine as body is empty... :/
+		// Assume that the domain is valid, as Gitea seems to be broken. Don't cache it though.
+		return actualDomain, true
 	}

 	var domains []string
--- a/server/upstream/redirects.go
+++ b/server/upstream/redirects.go
@ -31,7 +31,7 @@ func (o *Options) getRedirects(giteaClient *gitea.Client, redirectsCache cache.I
 	// Check for cached redirects
 	if cachedValue, ok := redirectsCache.Get(cacheKey); ok {
 		redirects := []Redirect{}
-		err := json.Unmarshal(cachedValue, redirects)
+		err := json.Unmarshal(cachedValue, &redirects)
 		if err != nil {
 			log.Error().Err(err).Msgf("could not parse redirects for key %s", cacheKey)
 			// It's okay to continue, the array stays empty.
Autor	SHA1	Wiadomość	Data
Moritz Marquardt	2f3418449d	Format go code	2024-04-02 21:14:03 +02:00
Moritz Marquardt	61f7a65855	Fix cached error when .domains is not readable (fixes https://codeberg.org/Codeberg/Community/issues/1512 ) Co-authored-by: @algernon	2024-04-02 21:06:05 +02:00
Moritz Marquardt	275c580706	Fix tests not running	2024-04-02 00:16:30 +02:00
Moritz Marquardt	e9085fe711	Cache empty files & fix #303 (missing content cache)	2024-04-01 21:59:09 +02:00
Moritz Marquardt	2c7ded7f71	Move redis config to CacheConfig struct, add cache prefixes & trace logging	2024-03-29 23:15:08 +01:00
Moritz Marquardt	7623b0e304	Make it possible to actually use redis for caching through the config flags	2024-03-26 22:53:32 +01:00
Moritz Marquardt	2dda49734c	Move to []byte for caching and make it compile	2024-03-26 22:53:32 +01:00
Moritz Marquardt	260f8dd8b0	Add redis for caching, first try during a train ride so expect it to not be working yet	2024-03-26 22:53:32 +01:00
Jean-Marie 'Histausse' Mineau	ec2a9e6f28	fix lint	2024-03-26 13:17:35 +01:00
Jean-Marie 'Histausse' Mineau	6fc224b359	simplify wildecard logic	2024-03-26 13:07:33 +01:00
6543	376d4e0b7c	Merge branch 'main' into main	2024-03-24 09:29:49 +00:00
Jean-Marie 'Histausse' Mineau	51d331d658	existance->existence	2024-02-19 23:26:38 +01:00
Jean-Marie 'Histausse' Mineau	75499672fd	rename ownerExistance->ownerExistanceKeyPrefix	2024-02-19 21:35:59 +01:00
Jean-Marie 'Histausse' Mineau	cccf733561	add doc for no-dns-01	2024-02-17 22:16:19 +01:00
Jean-Marie 'Histausse' Mineau	d7a8875a0d	lint	2024-02-17 21:03:13 +01:00
Jean-Marie 'Histausse' Mineau	8ba71e4d59	use self-signed cert instead of TLS-ALPN-01 when DNS not defined	2024-02-17 20:59:09 +01:00
Jean-Marie 'Histausse' Mineau	62bff5d1b7	limit generating non-wildcard cert to user and org that exists	2024-02-17 02:30:19 +01:00
Jean-Marie 'Histausse' Mineau	83b1c4f9e4	add option to avoid using dns wildcard cert	2024-02-17 00:37:26 +01:00