feat: wip - configuration design

2024-07-12 23:50:37 +09:00 · 2024-07-12 23:50:37 +09:00 · 887e6b64b0
commit 887e6b64b0
parent 63ee953912
13 changed files with 173 additions and 11 deletions
--- a/rpxy-bin/src/config/parse.rs
+++ b/rpxy-bin/src/config/parse.rs
@ -6,6 +6,9 @@ use rpxy_certs::{build_cert_reloader, CryptoFileSourceBuilder, CryptoReloader, S
 use rpxy_lib::{AppConfig, AppConfigList, ProxyConfig};
 use rustc_hash::FxHashMap as HashMap;

+#[cfg(feature = "acme")]
+use rpxy_acme::{AcmeTargets, ACME_CERTIFICATE_FILE_NAME, ACME_PRIVATE_KEY_FILE_NAME, ACME_REGISTRY_PATH};
+
 /// Parsed options
 pub struct Opts {
  pub config_file_path: String,
@ -103,11 +106,34 @@ pub async fn build_cert_manager(
  if config.listen_port_tls.is_none() {
    return Ok(None);
  }
+
+  #[cfg(feature = "acme")]
+  let acme_option = config.experimental.as_ref().and_then(|v| v.acme.clone());
+  #[cfg(feature = "acme")]
+  let registry_path = acme_option
+    .as_ref()
+    .and_then(|v| v.registry_path.as_deref())
+    .unwrap_or(ACME_REGISTRY_PATH);
+
  let mut crypto_source_map = HashMap::default();
  for app in apps.0.values() {
    if let Some(tls) = app.tls.as_ref() {
-      ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
      let server_name = app.server_name.as_ref().ok_or(anyhow!("No server name"))?;
+
+      #[cfg(not(feature = "acme"))]
+      ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
+
+      #[cfg(feature = "acme")]
+      let tls = {
+        let mut tls = tls.clone();
+        if let Some(true) = tls.acme {
+          ensure!(acme_option.is_some() && tls.tls_cert_key_path.is_none() && tls.tls_cert_path.is_none());
+          tls.tls_cert_key_path = Some(format!("{registry_path}/{server_name}/{ACME_CERTIFICATE_FILE_NAME}"));
+          tls.tls_cert_path = Some(format!("{registry_path}/{server_name}/{ACME_PRIVATE_KEY_FILE_NAME}"));
+        }
+        tls
+      };
+
      let crypto_file_source = CryptoFileSourceBuilder::default()
        .tls_cert_path(tls.tls_cert_path.as_ref().unwrap())
        .tls_cert_key_path(tls.tls_cert_key_path.as_ref().unwrap())
@ -119,3 +145,33 @@ pub async fn build_cert_manager(
  let res = build_cert_reloader(&crypto_source_map, None).await?;
  Ok(Some(res))
 }
+
+/* ----------------------- */
+#[cfg(feature = "acme")]
+/// Build acme manager and dummy cert and key as initial states if not exists
+/// TODO: CURRENTLY NOT IMPLEMENTED, UNDER DESIGNING
+pub async fn build_acme_manager(config: &ConfigToml) -> Result<(), anyhow::Error> {
+  let acme_option = config.experimental.as_ref().and_then(|v| v.acme.clone());
+  if acme_option.is_none() {
+    return Ok(());
+  }
+  let acme_option = acme_option.unwrap();
+  let mut acme_targets = AcmeTargets::try_new(
+    acme_option.email.as_ref(),
+    acme_option.dir_url.as_deref(),
+    acme_option.registry_path.as_deref(),
+  )
+  .map_err(|e| anyhow!("Invalid acme configuration: {e}"))?;
+
+  let apps = config.apps.as_ref().unwrap();
+  for app in apps.0.values() {
+    if let Some(tls) = app.tls.as_ref() {
+      if tls.acme.unwrap_or(false) {
+        acme_targets.add_target(app.server_name.as_ref().unwrap())?;
+      }
+    }
+  }
+  // TODO: remove later
+  println!("ACME targets: {:#?}", acme_targets);
+  Ok(())
+}