removed the `acme` property from the `tls` config

This commit is contained in:
tigerbot 2017-10-12 11:57:43 -06:00
parent 503da9efd0
commit 0406d0cd93
3 changed files with 51 additions and 45 deletions

View File

@ -30,6 +30,8 @@ function mergeSettings(orig, changes) {
function fixRawConfig(config) {
var updated = false;
// First converge all of the `bind` properties for protocols that are on top
// of TCP to `tcp.bind`.
if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
config.tcp.bind = [ config.tcp.bind ];
updated = true;
@ -47,12 +49,47 @@ function fixRawConfig(config) {
updated = true;
}
// Then we rename dns to udp since the only thing we currently do with those
// modules is proxy the packets without inspecting them at all.
if (config.dns) {
config.udp = config.dns;
delete config.dns;
updated = true;
}
// This we take the old way of defining ACME options and put them into a tls module.
if (config.tls) {
var oldPropMap = {
email: 'email'
, acme_directory_url: 'server'
, challenge_type: 'challenge_type'
, servernames: 'approved_domains'
};
if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) {
updated = true;
if (config.tls.acme) {
console.warn('TLS config has `acme` field and old style definitions');
} else {
config.tls.acme = {};
Object.keys(oldPropMap).forEach(function (oldKey) {
if (config.tls[oldKey]) {
config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey];
}
});
}
}
if (config.tls.acme) {
updated = true;
config.tls.acme.domains = config.tls.acme.approved_domains;
delete config.tls.acme.approved_domains;
config.tls.modules = config.tls.modules || [];
config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'}));
delete config.tls.acme;
}
}
// Then we make sure all modules have an ID and type, and makes sure all domains
// are in the right spot and also have an ID.
function updateModules(list) {
if (!Array.isArray(list)) {
return;
@ -100,9 +137,9 @@ function fixRawConfig(config) {
}
var newDom = {
id: crypto.randomBytes(4).toString('hex'),
names: dom.names,
modules: {}
id: crypto.randomBytes(4).toString('hex')
, names: dom.names
, modules: {}
};
newDom.modules[name] = dom.modules;
config.domains.push(newDom);

View File

@ -45,7 +45,7 @@ var moduleSchemas = {
, properties: {
email: { type: 'string' }
, server: { type: 'string' }
, challengeType: { type: 'string' }
, challenge_type: { type: 'string' }
}
}
};
@ -120,22 +120,11 @@ var tlsSchema = {
, properties: {
modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
, acme: {
type: 'object'
// These properties should be snake_case to match the API and config format
, required: [ 'email', 'approved_domains' ]
, properties: {
email: { type: 'string' }
, server: { type: 'string' }
, challenge_type: { type: 'string' }
, approved_domains: { type: 'array', items: { type: 'string' }, minLength: 1}
// these are forbidden deprecated settings.
, acme: { not: {} }
, bind: { not: {} }
, domains: { not: {} }
}
}
}
};
var tcpSchema = {
@ -273,8 +262,8 @@ class DomainList extends IdList {
this._itemName = 'domain';
this.forEach(function (dom) {
dom.modules = {
http: new ModuleList((dom.modules || {}).http),
tls: new ModuleList((dom.modules || {}).tls),
http: new ModuleList((dom.modules || {}).http)
, tls: new ModuleList((dom.modules || {}).tls)
};
});
}
@ -288,8 +277,8 @@ class DomainList extends IdList {
}
var modLists = {
http: new ModuleList(),
tls: new ModuleList()
http: new ModuleList()
, tls: new ModuleList()
};
if (dom.modules && Array.isArray(dom.modules.http)) {
dom.modules.http.forEach(modLists.http.add, modLists.http);

View File

@ -174,26 +174,6 @@ module.exports.create = function (deps, config, netHandler) {
return;
}
var defAcmeConf;
if (config.tls.acme) {
defAcmeConf = config.tls.acme;
} else {
defAcmeConf = {
email: config.tls.email
, server: config.tls.acmeDirectoryUrl || le.server
, challengeType: config.tls.challengeType || le.challengeType
, approvedDomains: config.tls.servernames
};
}
// Check config for domain name
// TODO: if `approvedDomains` isn't defined check all other modules to see if they can
// handle this domain (and what other domains it's grouped with).
if (-1 !== (defAcmeConf.approvedDomains || []).indexOf(opts.domain)) {
complete(defAcmeConf, defAcmeConf.approvedDomains);
return;
}
cb(new Error('domain is not allowed'));
}
});