removed the `acme` property from the `tls` config

This commit is contained in:
tigerbot 2017-10-12 11:57:43 -06:00
parent 503da9efd0
commit 0406d0cd93
3 changed files with 51 additions and 45 deletions

View File

@ -30,6 +30,8 @@ function mergeSettings(orig, changes) {
function fixRawConfig(config) { function fixRawConfig(config) {
var updated = false; var updated = false;
// First converge all of the `bind` properties for protocols that are on top
// of TCP to `tcp.bind`.
if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) { if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
config.tcp.bind = [ config.tcp.bind ]; config.tcp.bind = [ config.tcp.bind ];
updated = true; updated = true;
@ -47,12 +49,47 @@ function fixRawConfig(config) {
updated = true; updated = true;
} }
// Then we rename dns to udp since the only thing we currently do with those
// modules is proxy the packets without inspecting them at all.
if (config.dns) { if (config.dns) {
config.udp = config.dns; config.udp = config.dns;
delete config.dns; delete config.dns;
updated = true; updated = true;
} }
// This we take the old way of defining ACME options and put them into a tls module.
if (config.tls) {
var oldPropMap = {
email: 'email'
, acme_directory_url: 'server'
, challenge_type: 'challenge_type'
, servernames: 'approved_domains'
};
if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) {
updated = true;
if (config.tls.acme) {
console.warn('TLS config has `acme` field and old style definitions');
} else {
config.tls.acme = {};
Object.keys(oldPropMap).forEach(function (oldKey) {
if (config.tls[oldKey]) {
config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey];
}
});
}
}
if (config.tls.acme) {
updated = true;
config.tls.acme.domains = config.tls.acme.approved_domains;
delete config.tls.acme.approved_domains;
config.tls.modules = config.tls.modules || [];
config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'}));
delete config.tls.acme;
}
}
// Then we make sure all modules have an ID and type, and makes sure all domains
// are in the right spot and also have an ID.
function updateModules(list) { function updateModules(list) {
if (!Array.isArray(list)) { if (!Array.isArray(list)) {
return; return;
@ -100,9 +137,9 @@ function fixRawConfig(config) {
} }
var newDom = { var newDom = {
id: crypto.randomBytes(4).toString('hex'), id: crypto.randomBytes(4).toString('hex')
names: dom.names, , names: dom.names
modules: {} , modules: {}
}; };
newDom.modules[name] = dom.modules; newDom.modules[name] = dom.modules;
config.domains.push(newDom); config.domains.push(newDom);

View File

@ -45,7 +45,7 @@ var moduleSchemas = {
, properties: { , properties: {
email: { type: 'string' } email: { type: 'string' }
, server: { type: 'string' } , server: { type: 'string' }
, challengeType: { type: 'string' } , challenge_type: { type: 'string' }
} }
} }
}; };
@ -120,22 +120,11 @@ var tlsSchema = {
, properties: { , properties: {
modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) } modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
, acme: {
type: 'object'
// These properties should be snake_case to match the API and config format
, required: [ 'email', 'approved_domains' ]
, properties: {
email: { type: 'string' }
, server: { type: 'string' }
, challenge_type: { type: 'string' }
, approved_domains: { type: 'array', items: { type: 'string' }, minLength: 1}
// these are forbidden deprecated settings. // these are forbidden deprecated settings.
, acme: { not: {} }
, bind: { not: {} } , bind: { not: {} }
, domains: { not: {} } , domains: { not: {} }
} }
}
}
}; };
var tcpSchema = { var tcpSchema = {
@ -273,8 +262,8 @@ class DomainList extends IdList {
this._itemName = 'domain'; this._itemName = 'domain';
this.forEach(function (dom) { this.forEach(function (dom) {
dom.modules = { dom.modules = {
http: new ModuleList((dom.modules || {}).http), http: new ModuleList((dom.modules || {}).http)
tls: new ModuleList((dom.modules || {}).tls), , tls: new ModuleList((dom.modules || {}).tls)
}; };
}); });
} }
@ -288,8 +277,8 @@ class DomainList extends IdList {
} }
var modLists = { var modLists = {
http: new ModuleList(), http: new ModuleList()
tls: new ModuleList() , tls: new ModuleList()
}; };
if (dom.modules && Array.isArray(dom.modules.http)) { if (dom.modules && Array.isArray(dom.modules.http)) {
dom.modules.http.forEach(modLists.http.add, modLists.http); dom.modules.http.forEach(modLists.http.add, modLists.http);

View File

@ -174,26 +174,6 @@ module.exports.create = function (deps, config, netHandler) {
return; return;
} }
var defAcmeConf;
if (config.tls.acme) {
defAcmeConf = config.tls.acme;
} else {
defAcmeConf = {
email: config.tls.email
, server: config.tls.acmeDirectoryUrl || le.server
, challengeType: config.tls.challengeType || le.challengeType
, approvedDomains: config.tls.servernames
};
}
// Check config for domain name
// TODO: if `approvedDomains` isn't defined check all other modules to see if they can
// handle this domain (and what other domains it's grouped with).
if (-1 !== (defAcmeConf.approvedDomains || []).indexOf(opts.domain)) {
complete(defAcmeConf, defAcmeConf.approvedDomains);
return;
}
cb(new Error('domain is not allowed')); cb(new Error('domain is not allowed'));
} }
}); });