Skip to content

Commit

Permalink
Merge pull request #99 from algolia/revert/tlspr
Browse files Browse the repository at this point in the history
Revert old tls PR
  • Loading branch information
jjacque authored May 10, 2024
2 parents 5ee3da4 + 839fece commit e5d0216
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 68 deletions.
12 changes: 6 additions & 6 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ import (
)

type conf struct {
HttpBindingAddress string
HttpsBindingAddress string
HttpBindingAddress string
HttpsBindingAddress string
HttpsRedirectEnabled bool
TLSAutoDomain string
TLSCertFilepath string
TLSCertKeyFilepath string
VaultPrefix string
TLSAutoDomain string
TLSCertFilepath string
TLSCertKeyFilepath string
VaultPrefix string
}

const HttpBindingAddressVarenv = "SUPERSECRETMESSAGE_HTTP_BINDING_ADDRESS"
Expand Down
61 changes: 26 additions & 35 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,6 @@ import (
"crypto/tls"
"net/http"

"crypto/tls"
"net/http"

"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"golang.org/x/crypto/acme"
Expand All @@ -23,12 +20,9 @@ func main() {
e.Pre(middleware.HTTPSRedirect())
}

//AutoTLS
autoTLSManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
// Cache certificates to avoid issues with rate limits (https://letsencrypt.org/docs/rate-limits)
Cache: autocert.DirCache("/var/www/.cache"),
HostPolicy: autocert.HostWhitelist(conf.Domain),
if conf.TLSAutoDomain != "" {
e.AutoTLSManager.HostPolicy = autocert.HostWhitelist(conf.TLSAutoDomain)
e.AutoTLSManager.Cache = autocert.DirCache("/var/www/.cache")
}

e.Use(middleware.Logger())
Expand All @@ -45,36 +39,33 @@ func main() {
e.File("/getmsg", "static/getmsg.html")
e.Static("/static", "static")

cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
},
//Certificates: nil, // <-- s.ListenAndServeTLS will populate this field
GetCertificate: autoTLSManager.GetCertificate,
NextProtos: []string{acme.ALPNProto},
if conf.HttpBindingAddress != "" {
if conf.HttpsBindingAddress != "" {
go func(c *echo.Echo) {
e.Logger.Fatal(e.Start(conf.HttpBindingAddress))
}(e)
} else {
e.Logger.Fatal(e.Start(conf.HttpBindingAddress))
}
}

autoTLSManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
// Cache certificates to avoid issues with rate limits (https://letsencrypt.org/docs/rate-limits)
Cache: autocert.DirCache("/var/www/.cache"),
//HostPolicy: autocert.HostWhitelist("<DOMAIN>"),
}
s := http.Server{
Addr: ":443",
Handler: e, // set Echo as handler
TLSConfig: cfg,
Addr: ":443",
Handler: e, // set Echo as handler
TLSConfig: &tls.Config{
//Certificates: nil, // <-- s.ListenAndServeTLS will populate this field
GetCertificate: autoTLSManager.GetCertificate,
NextProtos: []string{acme.ALPNProto},
},
//ReadTimeout: 30 * time.Second, // use custom timeouts
}

go func(c *echo.Echo) {
e.Logger.Fatal(e.Start(":80"))
}(e)
if !conf.Local {
e.Logger.Fatal(s.ListenAndServeTLS("", ""))
} else {
e.Logger.Fatal(s.ListenAndServeTLS("cert.pem", "key.pem"))
if err := s.ListenAndServeTLS("", ""); err != http.ErrServerClosed {
e.Logger.Fatal(err)
}
}
31 changes: 4 additions & 27 deletions vault_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,33 +53,10 @@ func TestMain(m *testing.M) {
os.Exit(code)
}

func TestStore(t *testing.T) {
v := newVault(c.Address(), c.Token())

var storeParams = []struct {
secret string
ttl string
}{
// don't allow infinte ttl
{"my secret", "0h"},
// don't allow more than a week ttl
{"my secret", "169h"},
}

for _, tt := range storeParams {
_, err := v.Store(tt.secret, tt.ttl)

if err == nil {
t.Fatalf("expected error, got: nil")
}
}

}

func TestStoreAndGet(t *testing.T) {
v := newVault(c.Address(), c.Token())
v := newVault(c.Address(), "test/", c.Token())
secret := "my secret"
token, err := v.Store(secret, "24h")
token, err := v.Store(secret, "")
if err != nil {
t.Fatalf("no error expected, got %v", err)
}
Expand All @@ -95,9 +72,9 @@ func TestStoreAndGet(t *testing.T) {
}

func TestMsgCanOnlyBeAccessedOnce(t *testing.T) {
v := newVault(c.Address(), c.Token())
v := newVault(c.Address(), "test/", c.Token())
secret := "my secret"
token, err := v.Store(secret, "24h")
token, err := v.Store(secret, "")
if err != nil {
t.Fatalf("no error expected, got %v", err)
}
Expand Down

0 comments on commit e5d0216

Please sign in to comment.