Merge pull request #36 from eranchetz/makeitSimpleAgain

Make sup3rS3cretMes5age simple again
algolia · Aug 19, 2020 · e04ea6d · e04ea6d
2 parents 0222006 + 337d90e
commit e04ea6d
Show file tree

Hide file tree

Showing 13 changed files with 132 additions and 404 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,5 @@ bin
 vendor/**/
 nginx/**/
 static/.well-known
+*.pem
+sup3rS3cretMes5age
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,13 @@
+FROM golang:latest AS builder
+
+WORKDIR /go/src/github.com/algolia/sup3rS3cretMes5age
+ADD . .
+
+RUN go get -v 
+RUN CGO_ENABLED=0 GOOS=linux go build  -o sup3rS3cretMes5age .
+
+RUN go run /usr/local/go/src/crypto/tls/generate_cert.go --host localhost
+
 FROM alpine:latest
 
 EXPOSE 1234
@@ -11,8 +21,8 @@ apk add --no-cache ca-certificates ;\
 mkdir -p /opt/supersecret/static
 
 WORKDIR /opt/supersecret
-
-COPY bin/sup3rs3cretMes5age /opt/supersecret
+COPY --from=builder /go/src/github.com/algolia/sup3rS3cretMes5age/*.pem ./
+COPY --from=builder /go/src/github.com/algolia/sup3rS3cretMes5age/sup3rS3cretMes5age .
 COPY static /opt/supersecret/static
 
-CMD [ "./sup3rs3cretMes5age" ]
+CMD [ "./sup3rS3cretMes5age" ]
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -26,7 +26,7 @@
 
 [[constraint]]
   name = "github.com/labstack/echo"
-  version = "3.2.6"
+  version = "4.1.15"
 
 [[constraint]]
   name = "gopkg.in/ory-am/dockertest.v3"

diff --git a/Makefile b/Makefile
@@ -2,50 +2,24 @@
 TARGET_OS ?= linux
 
 # When developing locally, change this to whatever fqdn you are using for 127.0.0.1
-VIRTUAL_HOST ?= localhost
+DOMAIN ?= localhost
 
-deps:
-	dep ensure -v
-
-bin/sup3rs3cretMes5age: deps
-	@CGO_ENABLED=0 GOOS=$(TARGET_OS) GOARCH=amd64 go build -o $@
-
-nginx/certs:
-	@mkdir -p $@
-
-nginx/certs/default.crt: nginx/certs
-	@openssl req \
-	-x509 \
-	-newkey rsa:4096 \
-	-days 365 \
-	-keyout nginx/certs/default.key \
-	-nodes \
-	-subj "/C=US/ST=Oregon/L=Portland/O=Localhost LLC/OU=Org/CN=$(VIRTUAL_HOST)" \
-	-out $@
 
 test:
 	go test ./... -v
 
-build: bin/sup3rs3cretMes5age
+build: 
+	@docker-compose build
 
 clean:
-	@rm -f bin/*
 	@docker-compose rm -fv
 
-run-local: clean build nginx/certs/default.crt
-	@NGINX_CONF_PATH=$(PWD)/nginx \
-	STATIC_FILES_PATH=$(PWD)/static \
-	VIRTUAL_HOST=$(VIRTUAL_HOST) \
-	CERT_NAME=default \
+run-local: clean
+	@DOMAIN=$(DOMAIN) \
 	docker-compose up --build -d
 
-run: clean build
-	@NGINX_CONF_PATH=$(PWD)/nginx \
-	STATIC_FILES_PATH=$(PWD)/static \
-	VIRTUAL_HOST=$(VIRTUAL_HOST) \
-        LETSENCRYPT_HOST=$(VIRTUAL_HOST) \
-        LETSENCRYPT_EMAIL=webmaster@$(VIRTUAL_HOST) \
-        CERT_NAME=$(VIRTUAL_HOST) \
+run: 
+	@DOMAIN=$(DOMAIN) \
 	docker-compose up --build -d
 
 logs:
@@ -54,4 +28,4 @@ logs:
 stop:
 	@docker-compose stop
 
-.PHONY: deps test build clean run-local run logs stop
+.PHONY: test build clean run-local run logs stop
diff --git a/README.md b/README.md
@@ -10,34 +10,33 @@ Now using Let's Encrypt for simple and free SSL certs!
 
 #### Prerequisites
 
-* [Go](https://golang.org/doc/install) (for development)
+* [Go](https://golang.org/doc/install) (just for development)
 * [Docker](https://docs.docker.com/engine/installation/)
 * [Docker-Compose](https://docs.docker.com/compose/install/)
 * Make
 
 #### Running Locally
 
-Running locally will use a self-signed SSL certificate for whatever your local dev domain is. The default is `localhost`, to change it just pass an argument to `make`. For example, if you set `127.0.0.1 secret.test` in your `/etc/hosts` you would run locally as:
+Running locally will use a self-signed SSL certificate for `localhost` only. 
 
 ```shell
-$ make run-local VIRTUAL_HOST=secret.test
+$ make run-local
 ```
 
 Try it! (you can ignore the safety warning since it's a self-signed cert)
 
 ```shell
-https://secret.test
+https://localhost
 ```
 
 #### Running with Let's Encrypt
 
-Using [lets-encrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) you can now get a free (and valid) SSL cert when running this project on a live server. Thanks to [evertramos](https://github.com/evertramos/)'s [docker-compose-letsencrypt-nginx-proxy-companion](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) for a great working example.
 
 1. Clone this repo
 2. Ensure you have `docker` and `docker-compose` installed on server
-3. run `make run VIRTUAL_HOST=<YOUR_DOMAIN_HERE>
+3. run `DOMAIN=secret.example.com make run`
 4. Let's Encrypt may take a few minutes to validate your domain
-5. open `https://your-domain`
+5. open `https://secret.example.com`
 
 
 ### Security notice!

diff --git a/config.go b/config.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"log"
+	"os"
+)
+
+type conf struct {
+	Domain string
+	Local  bool
+}
+
+func getConfig() conf {
+	var local bool
+	domainName := os.Getenv("DOMAIN")
+	if domainName == "" || domainName == "localhost" {
+		domainName = "localhost"
+		local = true
+	}
+
+	log.Println("[INFO] using domain:", domainName)
+
+	return conf{
+		Domain: domainName,
+		Local:  local,
+	}
+}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -19,60 +19,10 @@ services:
     environment:
       VAULT_ADDR: http://vault:8200
       VAULT_TOKEN: supersecret
-      LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
-      LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
-      VIRTUAL_HOST: "${VIRTUAL_HOST}"
-      VIRTUAL_PROTO: "http"
-      VIRTUAL_PORT: 1234
-      CERT_NAME: "${CERT_NAME}"
-    expose:
-      - 1234
-    depends_on:
-      - vault
-
-  nginx:
-    image: nginx
-    labels:
-        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
-    container_name: nginx
-    restart: unless-stopped
+      DOMAIN: "${DOMAIN}"
     ports:
       - "80:80"
       - "443:443"
-    volumes:
-      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
-      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
-      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
-      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:ro
-
-  nginx-gen:
-    image: jwilder/docker-gen
-    command: >-
-      -notify-sighup nginx
-      -watch
-      -wait 5s:30s
-      /etc/docker-gen/templates/nginx.tmpl
-      /etc/nginx/conf.d/default.conf
-    container_name: nginx-gen
-    restart: unless-stopped
-    volumes:
-      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
-      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
-      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
-      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:ro
-      - /var/run/docker.sock:/tmp/docker.sock:ro
-      - ./nginx/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+    depends_on:
+      - vault
 
-  nginx-letsencrypt:
-    image: jrcs/letsencrypt-nginx-proxy-companion
-    container_name: nginx-letsencrypt
-    restart: unless-stopped
-    volumes:
-      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
-      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
-      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
-      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:rw
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    environment:
-      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
-      NGINX_PROXY_CONTAINER: "nginx"
diff --git a/handlers.go b/handlers.go
@@ -29,6 +29,9 @@ func NewSecretHandlers(s SecretMsgStorer) *SecretHandlers {
 func (s SecretHandlers) CreateMsgHandler(ctx echo.Context) error {
 	var tr TokenResponse
 
+	//Get TTL (if any)
+	ttl := ctx.FormValue("ttl")
+
 	// Upload file if any
 	file, err := ctx.FormFile("file")
 	if err == nil {
@@ -47,7 +50,7 @@ func (s SecretHandlers) CreateMsgHandler(ctx echo.Context) error {
 			tr.FileName = file.Filename
 			encodedFile := base64.StdEncoding.EncodeToString(b)
 
-			filetoken, err := s.store.Store(encodedFile)
+			filetoken, err := s.store.Store(encodedFile, ttl)
 			if err != nil {
 				return echo.NewHTTPError(http.StatusInternalServerError, err)
 			}
@@ -57,7 +60,7 @@ func (s SecretHandlers) CreateMsgHandler(ctx echo.Context) error {
 
 	// Handle the secret message
 	msg := ctx.FormValue("msg")
-	tr.Token, err = s.store.Store(msg)
+	tr.Token, err = s.store.Store(msg, ttl)
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, err)
 	}

diff --git a/main.go b/main.go
@@ -3,11 +3,24 @@ package main
 import (
 	"github.com/labstack/echo"
 	"github.com/labstack/echo/middleware"
+	"golang.org/x/crypto/acme/autocert"
 )
 
 func main() {
-	handlers := NewSecretHandlers(NewVault("", ""))
+
+	conf := getConfig()
+
+	handlers := NewSecretHandlers(newVault("", ""))
 	e := echo.New()
+
+	e.Pre(middleware.HTTPSRedirect())
+
+	//AutoTLS
+	e.AutoTLSManager.HostPolicy = autocert.HostWhitelist(conf.Domain)
+
+	// Cache certificates
+	e.AutoTLSManager.Cache = autocert.DirCache("/var/www/.cache")
+
 	e.Use(middleware.Logger())
 	e.Use(middleware.BodyLimit("50M"))
 
@@ -21,5 +34,13 @@ func main() {
 	e.File("/getmsg", "static/getmsg.html")
 	e.Static("/static", "static")
 
-	e.Logger.Fatal(e.Start(":1234"))
+
+	go func(c *echo.Echo){
+		e.Logger.Fatal(e.Start(":80"))
+    }(e)	
+	if !conf.Local {
+		e.Logger.Fatal(e.StartAutoTLS(":443"))
+	} else {
+		e.Logger.Fatal(e.StartTLS(":443", "cert.pem", "key.pem"))
+	}
 }