Major Refactoring, Client can now be used as a library

app/client/certs.go

@@ -0,0 +1,93 @@
+package client
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"git.nevets.tech/Keys/certman/app/shared"
+	"git.nevets.tech/Keys/certman/client"
+	"git.nevets.tech/Keys/certman/common"
+	"github.com/go-git/go-billy/v5/memfs"
+	"github.com/go-git/go-git/v5/storage/memory"
+	"github.com/spf13/cobra"
+)
+
+var (
+	renewCertSubCmd = &cobra.Command{
+		Use:   "renew",
+		Short: "Renews a domains certificate",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return renewCert(args[0])
+		},
+	}
+
+	updateCertLinkSubCmd = &cobra.Command{
+		Use:   "update-link",
+		Short: "Update linked certificates",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return updateLinks(args[0])
+		},
+	}
+
+	decryptCertsSubCmd = &cobra.Command{
+		Use:   "decrypt [certPath] [cryptoKey]",
+		Short: "Decrypt certificates",
+		Args:  cobra.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return client.DecryptCertificates(args[0], args[1])
+		},
+	}
+)
+
+func init() {
+	renewCertSubCmd.AddCommand(updateCertLinkSubCmd, decryptCertsSubCmd)
+	shared.CertCmd.AddCommand(renewCertSubCmd)
+}
+
+func renewCert(domain string) error {
+	gitWorkspace := &common.GitWorkspace{
+		Domain:  domain,
+		Storage: memory.NewStorage(),
+		FS:      memfs.New(),
+	}
+	config := shared.Config()
+	domainConfig, exists := shared.DomainStore().Get(domain)
+	if !exists {
+		return shared.ErrConfigNotFound
+	}
+	if err := client.PullCerts(config, domainConfig, gitWorkspace); err != nil {
+		return err
+	}
+	certsDir := common.CertsDir(config, domainConfig)
+	return client.DecryptAndWriteCertificates(certsDir, config, domainConfig, gitWorkspace)
+}
+
+func updateLinks(domain string) error {
+	domainConfig, exists := shared.DomainStore().Get(domain)
+	if !exists {
+		return fmt.Errorf("domain %s does not exist", domain)
+	}
+
+	certsDir := shared.DomainCertsDirWConf(domain, domainConfig)
+
+	certLinks := domainConfig.Certificates.CertSymlinks
+	for _, certLink := range certLinks {
+		err := common.LinkFile(filepath.Join(certsDir, domain+".crt"), certLink, domain, ".crt")
+		if err != nil {
+			fmt.Printf("Error linking cert %s to %s: %v", certLink, domain, err)
+			continue
+		}
+	}
+
+	keyLinks := domainConfig.Certificates.KeySymlinks
+	for _, keyLink := range keyLinks {
+		err := common.LinkFile(filepath.Join(certsDir, domain+".crt"), keyLink, domain, ".key")
+		if err != nil {
+			fmt.Printf("Error linking cert %s to %s: %v", keyLink, domain, err)
+			continue
+		}
+	}
+	return nil
+}

app/client/client.go

@@ -0,0 +1 @@
+package client

app/client/daemon.go

@@ -0,0 +1,168 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"path/filepath"
+	"strings"
+
+	appShared "git.nevets.tech/Keys/certman/app/shared"
+	"git.nevets.tech/Keys/certman/client"
+	"git.nevets.tech/Keys/certman/common"
+	"github.com/go-git/go-billy/v5/memfs"
+	"github.com/go-git/go-git/v5/storage/memory"
+)
+
+type Daemon struct{}
+
+func (d *Daemon) Init() {
+	fmt.Println("Starting CertManager in client mode...")
+	err := appShared.LoadDomainConfigs()
+	if err != nil {
+		log.Fatalf("Error loading domain configs: %v", err)
+	}
+
+	d.Tick()
+}
+
+func (d *Daemon) Tick() {
+	fmt.Println("tick!")
+
+	// Get local copy of configs
+	config := appShared.Config()
+	localDomainConfigs := appShared.DomainStore().Snapshot()
+
+	// Loop over all domain configs (domains)
+	for domainStr, domainConfig := range localDomainConfigs {
+		// Skip non-enabled domains
+		if !domainConfig.Domain.Enabled {
+			continue
+		}
+
+		// Skip domains with up-to-date commit hashes
+		// If the repo doesn't exist, we can't check for a remote commit, so stop the rest of the check
+		repoExists := domainConfig.Internal.RepoExists
+		if repoExists {
+			var dataRoot string
+			if domainConfig.Certificates.DataRoot == "" {
+				config.Certificates.DataRoot = domainStr
+			} else {
+				dataRoot = domainConfig.Certificates.DataRoot
+			}
+			localHash, err := client.LocalCommitHash(domainStr, dataRoot)
+			if err != nil {
+				fmt.Printf("No local commit hash found for domain %s\n", domainStr)
+			}
+			gitSource, err := common.StrToGitSource(appShared.Config().Git.Host)
+			if err != nil {
+				fmt.Printf("Error getting git source for domain %s: %v\n", domainStr, err)
+				continue
+			}
+			remoteHash, err := client.RemoteCommitHash(domainStr, gitSource, config, domainConfig)
+			if err != nil {
+				fmt.Printf("Error getting remote commit hash for domain %s: %v\n", domainStr, err)
+			}
+			// If both hashes are blank (errored), break
+			// If localHash equals remoteHash (local is up-to-date), skip
+			if !(localHash == "" && remoteHash == "") && localHash == remoteHash {
+				fmt.Printf("Domain %s is up to date. Skipping...\n", domainStr)
+				continue
+			}
+		}
+
+		gitWorkspace := &common.GitWorkspace{
+			Storage: memory.NewStorage(),
+			FS:      memfs.New(),
+		}
+		// Ex: https://git.example.com/Org/Repo-suffix.git
+		// Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?)
+		repoUrl := appShared.Config().Git.Server + "/" + config.Git.OrgName + "/" + domainStr + domainConfig.Repo.RepoSuffix + ".git"
+		err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config)
+		if err != nil {
+			fmt.Printf("Error cloning domain repo %s: %v\n", domainStr, err)
+			continue
+		}
+
+		certsDir := appShared.DomainCertsDirWConf(domainStr, domainConfig)
+
+		// Get files in repo
+		fileInfos, err := gitWorkspace.FS.ReadDir("/")
+		if err != nil {
+			fmt.Printf("Error reading directory in memFS on domain %s: %v\n", domainStr, err)
+			continue
+		}
+		// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
+		for _, fileInfo := range fileInfos {
+			if strings.HasSuffix(fileInfo.Name(), ".crpt") {
+				filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
+				file, err := gitWorkspace.FS.Open(fileInfo.Name())
+				if err != nil {
+					fmt.Printf("Error opening file in memFS on domain %s: %v\n", domainStr, err)
+					continue
+				}
+				fileBytes, err := io.ReadAll(file)
+				if err != nil {
+					fmt.Printf("Error reading file in memFS on domain %s: %v\n", domainStr, err)
+					file.Close()
+					continue
+				}
+				err = file.Close()
+				if err != nil {
+					fmt.Printf("Error closing file on domain %s: %v\n", domainStr, err)
+					continue
+				}
+
+				err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil)
+				if err != nil {
+					fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, domainStr, err)
+					continue
+				}
+
+				headRef, err := gitWorkspace.Repo.Head()
+				if err != nil {
+					fmt.Printf("Error getting head reference for domain %s: %v\n", domainStr, err)
+					continue
+				}
+
+				err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig)
+				if err != nil {
+					fmt.Printf("Error writing commit hash: %v\n", err)
+					continue
+				}
+
+				certLinks := domainConfig.Certificates.CertSymlinks
+				for _, certLink := range certLinks {
+					err = common.LinkFile(filepath.Join(certsDir, domainStr+".crt"), certLink, domainStr, ".crt")
+					if err != nil {
+						fmt.Printf("Error linking cert %s to %s: %v\n", certLink, domainStr, err)
+						continue
+					}
+				}
+
+				keyLinks := domainConfig.Certificates.KeySymlinks
+				for _, keyLink := range keyLinks {
+					err = common.LinkFile(filepath.Join(certsDir, domainStr+".key"), keyLink, domainStr, ".key")
+					if err != nil {
+						fmt.Printf("Error linking cert %s to %s: %v\n", keyLink, domainStr, err)
+						continue
+					}
+				}
+			}
+		}
+	}
+}
+
+func (d *Daemon) Reload() {
+	fmt.Println("Reloading configs...")
+
+	err := appShared.LoadDomainConfigs()
+	if err != nil {
+		fmt.Printf("Error loading domain configs: %v\n", err)
+		return
+	}
+}
+
+func (d *Daemon) Stop() {
+	fmt.Println("Shutting down client")
+}

app/client/grpc.go

@@ -0,0 +1,49 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"git.nevets.tech/Keys/certman/app/shared"
+	pb "git.nevets.tech/Keys/certman/proto/v1"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+func SendHook(domain string) {
+	conn, err := grpc.NewClient(
+		"unix:///run/certman.sock",
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	if err != nil {
+		log.Fatalf("fail to dial: %v", err)
+	}
+	defer conn.Close()
+	client := pb.NewHookServiceClient(conn)
+
+	hooks, err := shared.PostPullHooks(domain)
+	if err != nil {
+		fmt.Printf("Error getting hooks: %v\n", err)
+		return
+	}
+
+	for _, hook := range hooks {
+		sendHook(client, hook)
+	}
+}
+
+func sendHook(client pb.HookServiceClient, hook *pb.Hook) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	res, err := client.ExecuteHook(ctx, &pb.ExecuteHookRequest{Hook: hook})
+	if err != nil {
+		fmt.Printf("Error executing hook: %v\n", err)
+		return
+	}
+
+	if res.GetError() != "" {
+		fmt.Printf("Error executing hook: %s\n", res.GetError())
+	}
+}