From 4dbf110edc76d09e912c430f0a241db672bab326 Mon Sep 17 00:00:00 2001
From: sickjuicy <engeldingermichel@gmail.com>
Date: Sat, 30 Nov 2024 04:20:39 +0100
Subject: [PATCH] more Cleanup

---
 src/mod/acme/acme.go      | 30 +++++++++++++++++++++---------
 src/mod/acme/autorenew.go |  8 ++++++++
 src/web/snippet/acme.html | 34 +++++++++++++++++++++-------------
 3 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/src/mod/acme/acme.go b/src/mod/acme/acme.go
index 12c178d..a099050 100644
--- a/src/mod/acme/acme.go
+++ b/src/mod/acme/acme.go
@@ -116,6 +116,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	config := lego.NewConfig(&adminUser)
 
 	// skip TLS verify if need
+	// Ref: https://github.com/go-acme/lego/blob/6af2c756ac73a9cb401621afca722d0f4112b1b8/lego/client_config.go#L74
 	if skipTLS {
 		a.Logf("Ignoring TLS/SSL Verification Error for ACME Server", nil)
 		config.HTTPClient.Transport = &http.Transport{
@@ -151,6 +152,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 			config.CADirURL = caLinkOverwrite
 			a.Logf("Using "+caLinkOverwrite+" for CA Directory URL", nil)
 		} else {
+			// (caName == "" || caUrl == "") will use default acme
 			config.CADirURL = a.DefaultAcmeServer
 			a.Logf("Using Default ACME "+a.DefaultAcmeServer+" for CA Directory URL", nil)
 		}
@@ -168,11 +170,11 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	if useDNS {
 		if !a.Database.TableExists("acme") {
 			a.Database.NewTable("acme")
-			return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -1)")
+			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -1)")
 		}
 
 		if !a.Database.KeyExists("acme", certificateName+"_dns_provider") || !a.Database.KeyExists("acme", certificateName+"_dns_credentials") {
-			return false, errors.New("DNS Provider and DNS Credential configuration required for ACME Provider (Error -2)")
+			return false, errors.New("DNS Provider and DNS Credenital configuration required for ACME Provider (Error -2)")
 		}
 
 		var dnsCredentials string
@@ -218,9 +220,19 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 	}
 
 	// New users will need to register
+	/*
+		reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			log.Println(err)
+			return false, err
+		}
+	*/
 	var reg *registration.Resource
+	// New users will need to register
 	if client.GetExternalAccountRequired() {
 		a.Logf("External Account Required for this ACME Provider", nil)
+		// IF KID and HmacEncoded is overidden
+
 		if !a.Database.TableExists("acme") {
 			a.Database.NewTable("acme")
 			return false, errors.New("kid and HmacEncoded configuration required for ACME Provider (Error -1)")
@@ -256,6 +268,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 			a.Logf("Register with external account binder failed", err)
 			return false, err
 		}
+		//return false, errors.New("External Account Required for this ACME Provider.")
 	} else {
 		reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 		if err != nil {
@@ -296,7 +309,6 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 		SkipTLS:     skipTLS,
 		UseDNS:      useDNS,
 		PropTimeout: propagationTimeout,
-		DNSServers:  dnsServers,
 	}
 
 	certInfoBytes, err := json.Marshal(certInfo)
@@ -478,6 +490,12 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
 		}
 	}
 
+	//Clean spaces in front or behind each domain
+	cleanedDomains := []string{}
+	for _, domain := range domains {
+		cleanedDomains = append(cleanedDomains, strings.TrimSpace(domain))
+	}
+
 	// Extract DNS servers from the request
 	var dnsServers []string
 	dnsServersPara, err := utils.PostPara(r, "dnsServers")
@@ -488,12 +506,6 @@ func (a *ACMEHandler) HandleRenewCertificate(w http.ResponseWriter, r *http.Requ
 		}
 	}
 
-	//Clean spaces in front or behind each domain
-	cleanedDomains := []string{}
-	for _, domain := range domains {
-		cleanedDomains = append(cleanedDomains, strings.TrimSpace(domain))
-	}
-
 	// Convert DNS servers slice to a single string
 	dnsServersString := strings.Join(dnsServers, ",")
 
diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go
index 29ee43c..3a4d7e3 100644
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@@ -26,6 +26,7 @@ type AutoRenewConfig struct {
 	Email        string   //Email for acme
 	RenewAll     bool     //Renew all or selective renew with the slice below
 	FilesToRenew []string //If RenewAll is false, renew these certificate files
+	DNSServers   string   // DNS servers
 }
 
 type AutoRenewer struct {
@@ -354,6 +355,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
 	return a.renewExpiredDomains(expiredCertList)
 }
 
+// Close the auto renewer
 func (a *AutoRenewer) Close() {
 	if a.TickerstopChan != nil {
 		a.TickerstopChan <- true
@@ -464,12 +466,18 @@ func (a *AutoRenewer) HandleSetDNS(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	dnsServers, err := utils.PostPara(r, "dnsServers")
+	if err != nil {
+		dnsServers = ""
+	}
+
 	if !a.AcmeHandler.Database.TableExists("acme") {
 		a.AcmeHandler.Database.NewTable("acme")
 	}
 
 	a.AcmeHandler.Database.Write("acme", filename+"_dns_provider", dnsProvider)
 	a.AcmeHandler.Database.Write("acme", filename+"_dns_credentials", dnsCredentials)
+	a.AcmeHandler.Database.Write("acme", filename+"_dns_servers", dnsServers)
 
 	utils.SendOK(w)
 
diff --git a/src/web/snippet/acme.html b/src/web/snippet/acme.html
index a070b3b..74865a1 100644
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@@ -25,6 +25,8 @@
       </style>
   </head>
   <body>
+    <link rel="stylesheet" href="../darktheme.css">
+    <script src="../script/darktheme.js"></script>
   <br>
   <div class="ui container">
     <div class="ui header">
@@ -50,7 +52,7 @@
       </div>
       <small>If you don't want to share your private email address, you can also fill in an email address that point to a mailbox not exists on your domain.</small>
     </div>
-    <div class="ui basic segment" style="background-color: #f7f7f7; border-radius: 1em;">
+    <div class="ui basic segment advanceoptions">
       <div class="ui accordion advanceSettings">
           <div class="title">
             <i class="dropdown icon"></i>
@@ -135,13 +137,6 @@
           <!-- Auto populate moved to acmedns module and initDNSProviderList() -->
         </div>
       </div>
-      <div class="ui form">
-        <div class="field">
-          <label>Domain Name Server (optional)</label>
-          <input id="dnsInput" type="text" placeholder="ns.example.com" onkeyup="handlePostInputAutomation();">
-          <small>If you have more than one DNS server, enter them separated by commas (e.g. ns1.example.com,ns2.example.com)
-          </small>
-        </div>
     </div>
     <div class="field dnsChallengeOnly" style="display:none;">
       <div class="ui divider"></div>
@@ -166,6 +161,11 @@
         </div>
       -->
     </div>
+    <div class="field dnsChallengeOnly" style="display:none;">
+      <label>Domain Name Server (optional)</label>
+      <input id="dnsInput" type="text" placeholder="ns.example.com">
+      <small>If you have more than one DNS server, enter them separated by commas (e.g. ns1.example.com,ns2.example.com)</small>
+    </div>
     <div class="field" id="caInput" style="display:none;">
       <label>ACME Server URL</label>
       <input id="caURL" type="text" placeholder="https://example.com/acme/dictionary">
@@ -444,11 +444,15 @@
         let optionalFieldsHTML = "";
         for (const [key, datatype] of Object.entries(data)) {
           if (datatype == "int"){
-            $("#dnsProviderAPIFields").append(`<div class="ui fluid labeled dnsConfigField input" key="${key}" style="margin-top: 0.2em;">
+            let defaultValue = 10;
+            if (key == "HTTPTimeout"){
+              defaultValue = 300;
+            }
+            $("#dnsProviderAPIFields").append(`<div class="ui fluid labeled dnsConfigField input typeint" key="${key}" style="margin-top: 0.2em;">
               <div class="ui basic blue label" style="font-weight: 300;">
                 ${key}
               </div>
-              <input type="number" value="300">
+              <input type="number" value="${defaultValue}">
             </div>`);
           }else if (datatype == "bool"){
              booleanFieldsHTML += (`<div class="ui checkbox dnsConfigField" key="${key}" style="margin-top: 1em !important; padding-left: 0.4em;">
@@ -607,8 +611,12 @@
           //Boolean option
           let checked = $(this).find("input")[0].checked;
           dnsCredentials[thisKey] = checked;
+        }else if ($(this).hasClass("typeint")){
+          //Int options
+          let value = $(this).find("input").val();
+          dnsCredentials[thisKey] = parseInt(value);
         }else{
-          //String or int options
+          //String options
           let value = $(this).find("input").val().trim();
           dnsCredentials[thisKey] = value;
         }
@@ -732,7 +740,7 @@
 
       var dns = $("#useDnsChallenge")[0].checked;
       var skipTLSValue = $("#skipTLSCheckbox")[0].checked;
-      var dnsServers = $("#dnsInput").val(); // New line: Read DNS servers from input field
+      var dnsServers = $("#dnsInput").val(); // Erfassen der DNS-Server
 
       $.ajax({
         url: "/api/acme/obtainCert",
@@ -745,7 +753,7 @@
           caURL: caURL,
           skipTLS: skipTLSValue,
           dns: dns,
-          dnsServers: dnsServers // New line: Include DNS servers in the request
+          dnsServers: dnsServers // DNS-Server in die Anfrage einfügen
         },
         success: function(response) {
           $("#obtainButton").removeClass("loading").removeClass("disabled");