From c5ca68868b8a3dc12f82335288ea9aea85fa6c09 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 28 Oct 2024 21:40:58 +0800
Subject: [PATCH] Optimized ACME logic

- Added automatic port 80 listener enable for those who don't read our wiki
- Reduced default interval for polling and propagation timeout
---
 src/acme.go               | 31 +++++++++++++++++++++++--------
 src/main.go               |  2 +-
 src/mod/acme/acme_dns.go  |  2 +-
 src/mod/acme/autorenew.go |  6 ++++++
 src/web/snippet/acme.html | 12 ++++++------
 5 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/src/acme.go b/src/acme.go
index 2a7a61b..65beeba 100644
--- a/src/acme.go
+++ b/src/acme.go
@@ -85,9 +85,20 @@ func acmeRegisterSpecialRoutingRule() {
 // This function check if the renew setup is satisfied. If not, toggle them automatically
 func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request) {
 	isForceHttpsRedirectEnabledOriginally := false
+	requireRestorePort80 := false
 	dnsPara, _ := utils.PostBool(r, "dns")
 	if !dnsPara {
+
 		if dynamicProxyRouter.Option.Port == 443 {
+			//Check if port 80 is enabled
+			if !dynamicProxyRouter.Option.ListenOnPort80 {
+				//Enable port 80 temporarily
+				SystemWideLogger.PrintAndLog("ACME", "Temporarily enabling port 80 listener to handle ACME request ", nil)
+				dynamicProxyRouter.UpdatePort80ListenerState(true)
+				requireRestorePort80 = true
+				time.Sleep(2 * time.Second)
+			}
+
 			//Enable port 80 to 443 redirect
 			if !dynamicProxyRouter.Option.ForceHttpsRedirect {
 				SystemWideLogger.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
@@ -107,8 +118,8 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 		}
 	}
 
-	//Add a 3 second delay to make sure everything is settle down
-	time.Sleep(3 * time.Second)
+	//Add a 2 second delay to make sure everything is settle down
+	time.Sleep(2 * time.Second)
 
 	// Pass over to the acmeHandler to deal with the communication
 	acmeHandler.HandleRenewCertificate(w, r)
@@ -117,13 +128,17 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 	tlsCertManager.UpdateLoadedCertList()
 
 	//Restore original settings
-	if dynamicProxyRouter.Option.Port == 443 && !dnsPara {
-		if !isForceHttpsRedirectEnabledOriginally {
-			//Default is off. Turn the redirection off
-			SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
-			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
-		}
+	if requireRestorePort80 {
+		//Restore port 80 listener
+		SystemWideLogger.PrintAndLog("ACME", "Restoring previous port 80 listener settings", nil)
+		dynamicProxyRouter.UpdatePort80ListenerState(false)
 	}
+	if !isForceHttpsRedirectEnabledOriginally {
+		//Default is off. Turn the redirection off
+		SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
+		dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
+	}
+
 }
 
 // HandleACMEPreferredCA return the user preferred / default CA for new subdomain auto creation
diff --git a/src/main.go b/src/main.go
index f4c4528..630cadf 100644
--- a/src/main.go
+++ b/src/main.go
@@ -62,7 +62,7 @@ var (
 	name        = "Zoraxy"
 	version     = "3.1.2"
 	nodeUUID    = "generic" //System uuid, in uuidv4 format
-	development = true      //Set this to false to use embedded web fs
+	development = false     //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()
 
 	/*
diff --git a/src/mod/acme/acme_dns.go b/src/mod/acme/acme_dns.go
index d9654d2..8a70d35 100644
--- a/src/mod/acme/acme_dns.go
+++ b/src/mod/acme/acme_dns.go
@@ -18,7 +18,7 @@ func GetDnsChallengeProviderByName(dnsProvider string, dnsCredentials string, pp
 	}
 
 	//Clear the PollingInterval and PropagationTimeout field and conert to int
-	userDefinedPollingInterval := 30
+	userDefinedPollingInterval := 2
 	if dnsCredentialsMap["PollingInterval"] != nil {
 		userDefinedPollingIntervalRaw := dnsCredentialsMap["PollingInterval"].(string)
 		delete(dnsCredentialsMap, "PollingInterval")
diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go
index 357352e..33a5fc1 100644
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@@ -384,6 +384,12 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
 			}
 		}
 
+		//For upgrading config from older version of Zoraxy which don't have timeout
+		if certInfo.PropTimeout == 0 {
+			//Set default timeout
+			certInfo.PropTimeout = 300
+		}
+
 		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS, certInfo.UseDNS, certInfo.PropTimeout)
 		if err != nil {
 			a.Logf("Renew "+fileName+"("+strings.Join(expiredCert.Domains, ",")+") failed", err)
diff --git a/src/web/snippet/acme.html b/src/web/snippet/acme.html
index a8c6de8..6dd80b7 100644
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@@ -449,14 +449,14 @@
               <label>${key}</label>
             </div>`);
           }else if (datatype == "time.Duration"){
-            let defaultIntValue = 300;
-            let defaultMinValue = 60;
+            let defaultIntValue = 120;
+            let defaultMinValue = 30;
             if (key == "PollingInterval"){
-              defaultIntValue = 30;
-              defaultMinValue = 10;
+              defaultIntValue = 2;
+              defaultMinValue = 1;
             }else if (key == "PropagationTimeout"){
-              defaultIntValue = 300;
-              defaultMinValue = 60;
+              defaultIntValue = 120;
+              defaultMinValue = 30;
             }
             optionalFieldsHTML += (`<div class="ui fluid labeled dnsConfigField small input" key="${key}" style="margin-top: 0.2em;">
               <div class="ui basic blue label" style="font-weight: 300;">