mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-14 14:56:27 +03:00
caddytls: Save email with account if not already specified
I'm pretty sure this fixes a bug when the default email is used...
This commit is contained in:
parent
5ef76ff3e6
commit
51e3fdba77
3 changed files with 23 additions and 15 deletions
2
go.mod
2
go.mod
|
@ -6,7 +6,7 @@ require (
|
||||||
github.com/Masterminds/sprig/v3 v3.1.0
|
github.com/Masterminds/sprig/v3 v3.1.0
|
||||||
github.com/alecthomas/chroma v0.8.2
|
github.com/alecthomas/chroma v0.8.2
|
||||||
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a
|
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a
|
||||||
github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f
|
github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4
|
||||||
github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac
|
github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac
|
||||||
github.com/go-chi/chi v4.1.2+incompatible
|
github.com/go-chi/chi v4.1.2+incompatible
|
||||||
github.com/google/cel-go v0.6.0
|
github.com/google/cel-go v0.6.0
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK
|
||||||
github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
|
github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
|
||||||
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
|
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
|
||||||
github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
|
github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
|
||||||
github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f h1:uJoft/gLxPvKq+ojfq3k7w8deji/xt/1RSWN7OAk6Ng=
|
github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4 h1:YPHanayqEADEHFxGui7lqQ0tx4rypJaD2y4Y7Tip/ks=
|
||||||
github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws=
|
github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws=
|
||||||
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
|
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
|
||||||
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
|
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
|
||||||
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||||
|
|
|
@ -68,16 +68,20 @@ func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error {
|
||||||
return iss.ACMEIssuer.Provision(ctx)
|
return iss.ACMEIssuer.Provision(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, _ acme.Account) error {
|
// newAccountCallback generates EAB if not already provided. It also sets a valid default contact on the account if not set.
|
||||||
|
func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, acct acme.Account) (acme.Account, error) {
|
||||||
if am.ExternalAccount != nil {
|
if am.ExternalAccount != nil {
|
||||||
return nil
|
return acct, nil
|
||||||
}
|
}
|
||||||
var err error
|
var err error
|
||||||
am.ExternalAccount, err = iss.generateEABCredentials(ctx)
|
am.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct)
|
||||||
return err
|
return acct, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB, error) {
|
// generateEABCredentials generates EAB credentials using the API key if provided,
|
||||||
|
// otherwise using the primary contact email on the issuer. If an email is not set
|
||||||
|
// on the issuer, a default generic email is used.
|
||||||
|
func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme.Account) (*acme.EAB, acme.Account, error) {
|
||||||
var endpoint string
|
var endpoint string
|
||||||
var body io.Reader
|
var body io.Reader
|
||||||
|
|
||||||
|
@ -86,7 +90,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
if iss.APIKey != "" {
|
if iss.APIKey != "" {
|
||||||
apiKey := caddy.NewReplacer().ReplaceAll(iss.APIKey, "")
|
apiKey := caddy.NewReplacer().ReplaceAll(iss.APIKey, "")
|
||||||
if apiKey == "" {
|
if apiKey == "" {
|
||||||
return nil, fmt.Errorf("missing API key: '%v'", iss.APIKey)
|
return nil, acct, fmt.Errorf("missing API key: '%v'", iss.APIKey)
|
||||||
}
|
}
|
||||||
qs := url.Values{"access_key": []string{apiKey}}
|
qs := url.Values{"access_key": []string{apiKey}}
|
||||||
endpoint = fmt.Sprintf("%s/eab-credentials?%s", zerosslAPIBase, qs.Encode())
|
endpoint = fmt.Sprintf("%s/eab-credentials?%s", zerosslAPIBase, qs.Encode())
|
||||||
|
@ -96,6 +100,10 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
iss.logger.Warn("missing email address for ZeroSSL; it is strongly recommended to set one for next time")
|
iss.logger.Warn("missing email address for ZeroSSL; it is strongly recommended to set one for next time")
|
||||||
email = "caddy@zerossl.com" // special email address that preserves backwards-compat, but which black-holes dashboard features, oh well
|
email = "caddy@zerossl.com" // special email address that preserves backwards-compat, but which black-holes dashboard features, oh well
|
||||||
}
|
}
|
||||||
|
if len(acct.Contact) == 0 {
|
||||||
|
// we borrow the email from config or the default email, so ensure it's saved with the account
|
||||||
|
acct.Contact = []string{"mailto:" + email}
|
||||||
|
}
|
||||||
endpoint = zerosslAPIBase + "/eab-credentials-email"
|
endpoint = zerosslAPIBase + "/eab-credentials-email"
|
||||||
form := url.Values{"email": []string{email}}
|
form := url.Values{"email": []string{email}}
|
||||||
body = strings.NewReader(form.Encode())
|
body = strings.NewReader(form.Encode())
|
||||||
|
@ -103,7 +111,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
|
|
||||||
req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, body)
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("forming request: %v", err)
|
return nil, acct, fmt.Errorf("forming request: %v", err)
|
||||||
}
|
}
|
||||||
if body != nil {
|
if body != nil {
|
||||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
@ -112,7 +120,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
|
|
||||||
resp, err := http.DefaultClient.Do(req)
|
resp, err := http.DefaultClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("performing EAB credentials request: %v", err)
|
return nil, acct, fmt.Errorf("performing EAB credentials request: %v", err)
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
@ -127,14 +135,14 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
}
|
}
|
||||||
err = json.NewDecoder(resp.Body).Decode(&result)
|
err = json.NewDecoder(resp.Body).Decode(&result)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("decoding API response: %v", err)
|
return nil, acct, fmt.Errorf("decoding API response: %v", err)
|
||||||
}
|
}
|
||||||
if result.Error.Code != 0 {
|
if result.Error.Code != 0 {
|
||||||
return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d: %s (code %d)",
|
return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d: %s (code %d)",
|
||||||
resp.StatusCode, result.Error.Type, result.Error.Code)
|
resp.StatusCode, result.Error.Type, result.Error.Code)
|
||||||
}
|
}
|
||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode)
|
return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID))
|
iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID))
|
||||||
|
@ -142,7 +150,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB
|
||||||
return &acme.EAB{
|
return &acme.EAB{
|
||||||
KeyID: result.EABKID,
|
KeyID: result.EABKID,
|
||||||
MACKey: result.EABHMACKey,
|
MACKey: result.EABHMACKey,
|
||||||
}, nil
|
}, acct, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// initialize modifies the template for the underlying ACMEManager
|
// initialize modifies the template for the underlying ACMEManager
|
||||||
|
|
Loading…
Reference in a new issue