Added experimental acme renew from Let's Encrypt

src/acme.go

@@ -1,10 +1,18 @@
 package main
 
 import (
+	"fmt"
+	"io/ioutil"
 	"log"
+	"math/rand"
 	"net/http"
+	"regexp"
+	"strconv"
+	"time"
 
+	"imuslab.com/zoraxy/mod/acme"
 	"imuslab.com/zoraxy/mod/dynamicproxy"
+	"imuslab.com/zoraxy/mod/utils"
 )
 
 /*
@@ -13,18 +21,53 @@ import (
 	This script handle special routing required for acme auto cert renew functions
 */
 
+// Helper function to generate a random port above a specified value
+func getRandomPort(minPort int) int {
+	return rand.Intn(65535-minPort) + minPort
+}
+
+// init the new ACME instance
+func initACME() *acme.ACMEHandler {
+	log.Println("Starting ACME handler")
+	rand.Seed(time.Now().UnixNano())
+	// Generate a random port above 30000
+	port := getRandomPort(30000)
+
+	// Check if the port is already in use
+	for acme.IsPortInUse(port) {
+		port = getRandomPort(30000)
+	}
+
+	return acme.NewACME("https://acme-staging-v02.api.letsencrypt.org/directory", strconv.Itoa(port))
+}
+
+// create the special routing rule for ACME
 func acmeRegisterSpecialRoutingRule() {
+	log.Println("Assigned temporary port:" + acmeHandler.Getport())
+
 	err := dynamicProxyRouter.AddRoutingRules(&dynamicproxy.RoutingRule{
 		ID: "acme-autorenew",
 		MatchRule: func(r *http.Request) bool {
-			if r.RequestURI == "/.well-known/" {
-				return true
-			}
-
-			return false
+			found, _ := regexp.MatchString("/.well-known/*", r.RequestURI)
+			return found
 		},
 		RoutingHandler: func(w http.ResponseWriter, r *http.Request) {
-			w.Write([]byte("HELLO WORLD, THIS IS ACME REQUEST HANDLER"))
+
+			req, err := http.NewRequest(http.MethodGet, "http://localhost:"+acmeHandler.Getport()+r.RequestURI, nil)
+			req.Host = r.Host
+			if err != nil {
+				fmt.Printf("client: could not create request: %s\n", err)
+			}
+			res, err := http.DefaultClient.Do(req)
+			if err != nil {
+				fmt.Printf("client: error making http request: %s\n", err)
+			}
+
+			resBody, err := ioutil.ReadAll(res.Body)
+			if err != nil {
+				fmt.Printf("error reading: %s\n", err)
+			}
+			w.Write(resBody)
 		},
 		Enabled: true,
 	})
@@ -33,3 +76,36 @@ func acmeRegisterSpecialRoutingRule() {
 		log.Println("[Err] " + err.Error())
 	}
 }
+
+// This function check if the renew setup is satisfied. If not, toggle them automatically
+func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request) {
+	isForceHttpsRedirectEnabledOriginally := false
+	if dynamicProxyRouter.Option.Port == 443 {
+		//Enable port 80 to 443 redirect
+		if !dynamicProxyRouter.Option.ForceHttpsRedirect {
+			log.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
+			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(true)
+		} else {
+			//Set this to true, so after renew, do not turn it off
+			isForceHttpsRedirectEnabledOriginally = true
+		}
+
+	} else if dynamicProxyRouter.Option.Port == 80 {
+		//Go ahead
+
+	} else {
+		//This port do not support ACME
+		utils.SendErrorResponse(w, "ACME renew only support web server listening on port 80 (http) or 443 (https)")
+	}
+
+	// Pass over to the acmeHandler to deal with the communication
+	acmeHandler.HandleRenewCertificate(w, r)
+
+	if dynamicProxyRouter.Option.Port == 443 {
+		if !isForceHttpsRedirectEnabledOriginally {
+			//Default is off. Turn the redirection off
+			log.Println("Restoring HTTP to HTTPS redirect settings")
+			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
+		}
+	}
+}