Steven Tracey
18f414e474
All checks were successful
Build (artifact) / build (push) Has been skipped
169 lines
5.1 KiB
Go
169 lines
5.1 KiB
Go
package client
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
appShared "git.nevets.tech/Steven/certman/app/shared"
|
|
"git.nevets.tech/Steven/certman/client"
|
|
"git.nevets.tech/Steven/certman/common"
|
|
"github.com/go-git/go-billy/v5/memfs"
|
|
"github.com/go-git/go-git/v5/storage/memory"
|
|
)
|
|
|
|
type Daemon struct{}
|
|
|
|
func (d *Daemon) Init() {
|
|
fmt.Println("Starting CertManager in client mode...")
|
|
err := appShared.LoadDomainConfigs()
|
|
if err != nil {
|
|
log.Fatalf("Error loading domain configs: %v", err)
|
|
}
|
|
|
|
d.Tick()
|
|
}
|
|
|
|
func (d *Daemon) Tick() {
|
|
fmt.Println("tick!")
|
|
|
|
// Get local copy of configs
|
|
config := appShared.Config()
|
|
localDomainConfigs := appShared.DomainStore().Snapshot()
|
|
|
|
// Loop over all domain configs (domains)
|
|
for domainStr, domainConfig := range localDomainConfigs {
|
|
// Skip non-enabled domains
|
|
if !domainConfig.Domain.Enabled {
|
|
continue
|
|
}
|
|
|
|
// Skip domains with up-to-date commit hashes
|
|
// If the repo doesn't exist, we can't check for a remote commit, so stop the rest of the check
|
|
repoExists := domainConfig.Internal.RepoExists
|
|
if repoExists {
|
|
var dataRoot string
|
|
if domainConfig.Certificates.DataRoot == "" {
|
|
config.Certificates.DataRoot = domainStr
|
|
} else {
|
|
dataRoot = domainConfig.Certificates.DataRoot
|
|
}
|
|
localHash, err := client.LocalCommitHash(domainStr, dataRoot)
|
|
if err != nil {
|
|
fmt.Printf("No local commit hash found for domain %s\n", domainStr)
|
|
}
|
|
gitSource, err := common.StrToGitSource(appShared.Config().Git.Host)
|
|
if err != nil {
|
|
fmt.Printf("Error getting git source for domain %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
remoteHash, err := client.RemoteCommitHash(domainStr, gitSource, config, domainConfig)
|
|
if err != nil {
|
|
fmt.Printf("Error getting remote commit hash for domain %s: %v\n", domainStr, err)
|
|
}
|
|
// If both hashes are blank (errored), break
|
|
// If localHash equals remoteHash (local is up-to-date), skip
|
|
if !(localHash == "" && remoteHash == "") && localHash == remoteHash {
|
|
fmt.Printf("Domain %s is up to date. Skipping...\n", domainStr)
|
|
continue
|
|
}
|
|
}
|
|
|
|
gitWorkspace := &common.GitWorkspace{
|
|
Storage: memory.NewStorage(),
|
|
FS: memfs.New(),
|
|
}
|
|
// Ex: https://git.example.com/Org/Repo-suffix.git
|
|
// Clones repo and stores in gitWorkspace, skip if clone fails (doesn't exist?)
|
|
repoUrl := appShared.Config().Git.Server + "/" + config.Git.OrgName + "/" + domainStr + domainConfig.Repo.RepoSuffix + ".git"
|
|
err := common.CloneRepo(repoUrl, gitWorkspace, common.Client, config)
|
|
if err != nil {
|
|
fmt.Printf("Error cloning domain repo %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
|
|
certsDir := appShared.DomainCertsDirWConf(domainStr, domainConfig)
|
|
|
|
// Get files in repo
|
|
fileInfos, err := gitWorkspace.FS.ReadDir("/")
|
|
if err != nil {
|
|
fmt.Printf("Error reading directory in memFS on domain %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
// Iterate over files, filtering by .crpt (encrypted) files in case other files were accidentally added
|
|
for _, fileInfo := range fileInfos {
|
|
if strings.HasSuffix(fileInfo.Name(), ".crpt") {
|
|
filename, _ := strings.CutSuffix(fileInfo.Name(), ".crpt")
|
|
file, err := gitWorkspace.FS.Open(fileInfo.Name())
|
|
if err != nil {
|
|
fmt.Printf("Error opening file in memFS on domain %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
fileBytes, err := io.ReadAll(file)
|
|
if err != nil {
|
|
fmt.Printf("Error reading file in memFS on domain %s: %v\n", domainStr, err)
|
|
file.Close()
|
|
continue
|
|
}
|
|
err = file.Close()
|
|
if err != nil {
|
|
fmt.Printf("Error closing file on domain %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
|
|
err = common.DecryptFileFromBytes(domainConfig.Certificates.CryptoKey, fileBytes, filepath.Join(certsDir, filename), nil)
|
|
if err != nil {
|
|
fmt.Printf("Error decrypting file %s in domain %s: %v\n", filename, domainStr, err)
|
|
continue
|
|
}
|
|
|
|
headRef, err := gitWorkspace.Repo.Head()
|
|
if err != nil {
|
|
fmt.Printf("Error getting head reference for domain %s: %v\n", domainStr, err)
|
|
continue
|
|
}
|
|
|
|
err = common.WriteCommitHash(headRef.Hash().String(), config, domainConfig)
|
|
if err != nil {
|
|
fmt.Printf("Error writing commit hash: %v\n", err)
|
|
continue
|
|
}
|
|
|
|
certLinks := domainConfig.Certificates.CertSymlinks
|
|
for _, certLink := range certLinks {
|
|
err = common.LinkFile(filepath.Join(certsDir, domainStr+".crt"), certLink, domainStr, ".crt")
|
|
if err != nil {
|
|
fmt.Printf("Error linking cert %s to %s: %v\n", certLink, domainStr, err)
|
|
continue
|
|
}
|
|
}
|
|
|
|
keyLinks := domainConfig.Certificates.KeySymlinks
|
|
for _, keyLink := range keyLinks {
|
|
err = common.LinkFile(filepath.Join(certsDir, domainStr+".key"), keyLink, domainStr, ".key")
|
|
if err != nil {
|
|
fmt.Printf("Error linking cert %s to %s: %v\n", keyLink, domainStr, err)
|
|
continue
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func (d *Daemon) Reload() {
|
|
fmt.Println("Reloading configs...")
|
|
|
|
err := appShared.LoadDomainConfigs()
|
|
if err != nil {
|
|
fmt.Printf("Error loading domain configs: %v\n", err)
|
|
return
|
|
}
|
|
}
|
|
|
|
func (d *Daemon) Stop() {
|
|
fmt.Println("Shutting down client")
|
|
}
|