traefik/pkg/provider/acme/challenge_http.go

package acme

import (
	"context"
	"net"
	"net/http"
	"time"

	"github.com/cenkalti/backoff/v4"
	"github.com/go-acme/lego/v4/challenge"
	"github.com/go-acme/lego/v4/challenge/http01"
	"github.com/gorilla/mux"
	"github.com/traefik/traefik/v2/pkg/log"
	"github.com/traefik/traefik/v2/pkg/safe"
)

var _ challenge.ProviderTimeout = (*challengeHTTP)(nil)

type challengeHTTP struct {
	Store ChallengeStore
}

// Present presents a challenge to obtain new ACME certificate.
func (c *challengeHTTP) Present(domain, token, keyAuth string) error {
	return c.Store.SetHTTPChallengeToken(token, domain, []byte(keyAuth))
}

// CleanUp cleans the challenges when certificate is obtained.
func (c *challengeHTTP) CleanUp(domain, token, keyAuth string) error {
	return c.Store.RemoveHTTPChallengeToken(token, domain)
}

// Timeout calculates the maximum of time allowed to resolved an ACME challenge.
func (c *challengeHTTP) Timeout() (timeout, interval time.Duration) {
	return 60 * time.Second, 5 * time.Second
}

// CreateHandler creates a HTTP handler to expose the token for the HTTP challenge.
func (p *Provider) CreateHandler(notFoundHandler http.Handler) http.Handler {
	router := mux.NewRouter().SkipClean(true)
	router.NotFoundHandler = notFoundHandler

	router.Methods(http.MethodGet).
		Path(http01.ChallengePath("{token}")).
		Handler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
			vars := mux.Vars(req)

			ctx := log.With(context.Background(), log.Str(log.ProviderName, p.ResolverName+".acme"))
			logger := log.FromContext(ctx)

			if token, ok := vars["token"]; ok {
				domain, _, err := net.SplitHostPort(req.Host)
				if err != nil {
					logger.Debugf("Unable to split host and port: %v. Fallback to request host.", err)
					domain = req.Host
				}

				tokenValue := getTokenValue(ctx, token, domain, p.ChallengeStore)
				if len(tokenValue) > 0 {
					rw.WriteHeader(http.StatusOK)
					_, err = rw.Write(tokenValue)
					if err != nil {
						logger.Errorf("Unable to write token: %v", err)
					}
					return
				}
			}
			rw.WriteHeader(http.StatusNotFound)
		}))

	return router
}

func getTokenValue(ctx context.Context, token, domain string, store ChallengeStore) []byte {
	logger := log.FromContext(ctx)
	logger.Debugf("Retrieving the ACME challenge for token %v...", token)

	var result []byte

	operation := func() error {
		var err error
		result, err = store.GetHTTPChallengeToken(token, domain)
		return err
	}

	notify := func(err error, time time.Duration) {
		logger.Errorf("Error getting challenge for token retrying in %s", time)
	}

	ebo := backoff.NewExponentialBackOff()
	ebo.MaxElapsedTime = 60 * time.Second
	err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
	if err != nil {
		logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err)
		return []byte{}
	}

	return result
}
Create ACME Provider 2018-03-05 19:54:04 +00:00			`package acme`

			`import (`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`"context"`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`"net"`
			`"net/http"`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`"time"`

Update go-acme/lego to v3.4.0 2020-02-26 09:36:05 +00:00			`"github.com/cenkalti/backoff/v4"`
Update go-acme/lego to v4.0.1 2020-09-04 08:52:03 +00:00			`"github.com/go-acme/lego/v4/challenge"`
			`"github.com/go-acme/lego/v4/challenge/http01"`
chore: go module 2019-08-03 01:58:23 +00:00			`"github.com/gorilla/mux"`
chore: move to Traefik organization. Co-authored-by: Romain <rtribotte@users.noreply.github.com> 2020-09-16 13:46:04 +00:00			`"github.com/traefik/traefik/v2/pkg/log"`
			`"github.com/traefik/traefik/v2/pkg/safe"`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`)`

Update Lego 2019-01-07 17:30:06 +00:00			`var _ challenge.ProviderTimeout = (*challengeHTTP)(nil)`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00
			`type challengeHTTP struct {`
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> 2019-07-19 09:52:04 +00:00			`Store ChallengeStore`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`}`

Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`// Present presents a challenge to obtain new ACME certificate.`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`func (c *challengeHTTP) Present(domain, token, keyAuth string) error {`
Merge branch 'v1.6' into 'v1.7' 2018-07-09 23:24:14 +00:00			`return c.Store.SetHTTPChallengeToken(token, domain, []byte(keyAuth))`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`}`
Create ACME Provider 2018-03-05 19:54:04 +00:00
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`// CleanUp cleans the challenges when certificate is obtained.`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`func (c *challengeHTTP) CleanUp(domain, token, keyAuth string) error {`
Merge branch 'v1.6' into 'v1.7' 2018-07-09 23:24:14 +00:00			`return c.Store.RemoveHTTPChallengeToken(token, domain)`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}`

Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`// Timeout calculates the maximum of time allowed to resolved an ACME challenge.`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`func (c *challengeHTTP) Timeout() (timeout, interval time.Duration) {`
			`return 60 * time.Second, 5 * time.Second`
			`}`

Add internal provider Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> 2019-11-14 15:40:05 +00:00			`// CreateHandler creates a HTTP handler to expose the token for the HTTP challenge.`
			`func (p *Provider) CreateHandler(notFoundHandler http.Handler) http.Handler {`
			`router := mux.NewRouter().SkipClean(true)`
			`router.NotFoundHandler = notFoundHandler`

ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`router.Methods(http.MethodGet).`
Update Lego 2019-01-07 17:30:06 +00:00			`Path(http01.ChallengePath("{token}")).`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`Handler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {`
			`vars := mux.Vars(req)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
Improve acme logs. 2019-07-22 08:16:04 +00:00			`ctx := log.With(context.Background(), log.Str(log.ProviderName, p.ResolverName+".acme"))`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`logger := log.FromContext(ctx)`

ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`if token, ok := vars["token"]; ok {`
			`domain, _, err := net.SplitHostPort(req.Host)`
			`if err != nil {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`logger.Debugf("Unable to split host and port: %v. Fallback to request host.", err)`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`domain = req.Host`
			`}`

Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> 2019-07-19 09:52:04 +00:00			`tokenValue := getTokenValue(ctx, token, domain, p.ChallengeStore)`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`if len(tokenValue) > 0 {`
			`rw.WriteHeader(http.StatusOK)`
			`_, err = rw.Write(tokenValue)`
			`if err != nil {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`logger.Errorf("Unable to write token: %v", err)`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`}`
			`return`
			`}`
			`}`
			`rw.WriteHeader(http.StatusNotFound)`
			`}))`
Add internal provider Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> 2019-11-14 15:40:05 +00:00
			`return router`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
Certificate resolvers. Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com> Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> 2019-07-19 09:52:04 +00:00			`func getTokenValue(ctx context.Context, token, domain string, store ChallengeStore) []byte {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`logger := log.FromContext(ctx)`
			`logger.Debugf("Retrieving the ACME challenge for token %v...", token)`

			`var result []byte`

			`operation := func() error {`
			`var err error`
			`result, err = store.GetHTTPChallengeToken(token, domain)`
			`return err`
			`}`

			`notify := func(err error, time time.Duration) {`
			`logger.Errorf("Error getting challenge for token retrying in %s", time)`
			`}`

			`ebo := backoff.NewExponentialBackOff()`
			`ebo.MaxElapsedTime = 60 * time.Second`
			`err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)`
			`if err != nil {`
			`logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err)`
			`return []byte{}`
			`}`

			`return result`
			`}`