aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--cmd/cashierd/main.go3
-rw-r--r--server/helpers/vault/vault.go7
-rw-r--r--server/wkfs/vaultfs/vault.go4
-rw-r--r--vendor/github.com/nsheridan/autocert-wkfs-cache/cache.go85
-rw-r--r--vendor/github.com/nsheridan/wkfs/s3/s3.go23
-rw-r--r--vendor/go4.org/wkfs/gcs/gcs.go8
-rw-r--r--vendor/go4.org/wkfs/wkfs.go3
-rw-r--r--vendor/vendor.json28
9 files changed, 149 insertions, 14 deletions
diff --git a/README.md b/README.md
index b4f356d..bf2e5fc 100644
--- a/README.md
+++ b/README.md
@@ -104,7 +104,7 @@ For any option that takes a file path as a parameter (e.g. SSH signing key, TLS
- `tls_key` : string. Path to the TLS key. See the [note](#a-note-on-files) on files above.
- `tls_cert` : string. Path to the TLS cert. See the [note](#a-note-on-files) on files above.
- `letsencrypt_servername`: string. If set will request a certificate from LetsEncrypt. This should match the expected FQDN of the server.
-- `letsencrypt_cachedir`: string. Directory to cache the LetsEncrypt certificate.
+- `letsencrypt_cachedir`: string. Directory to cache the LetsEncrypt certificate. See the [note](#a-note-on-files) on files above.
- `address` : string. IP address to listen on. If unset the server listens on all addresses.
- `port` : int. Port to listen on.
- `user` : string. User to which the server drops privileges to.
diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index fb67a36..83627ad 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -25,6 +25,7 @@ import (
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
+ wkfscache "github.com/nsheridan/autocert-wkfs-cache"
"github.com/nsheridan/cashier/lib"
"github.com/nsheridan/cashier/server/auth"
"github.com/nsheridan/cashier/server/auth/github"
@@ -352,7 +353,7 @@ func main() {
if conf.Server.LetsEncryptServername != "" {
m := autocert.Manager{
Prompt: autocert.AcceptTOS,
- Cache: autocert.DirCache(conf.Server.LetsEncryptCache),
+ Cache: wkfscache.Cache(conf.Server.LetsEncryptCache),
HostPolicy: autocert.HostWhitelist(conf.Server.LetsEncryptServername),
}
tlsConfig.GetCertificate = m.GetCertificate
diff --git a/server/helpers/vault/vault.go b/server/helpers/vault/vault.go
index bec18b9..e522d51 100644
--- a/server/helpers/vault/vault.go
+++ b/server/helpers/vault/vault.go
@@ -53,3 +53,10 @@ func (c *Client) Read(value string) (string, error) {
}
return secret.(string), nil
}
+
+// Delete deletes the secret from vault.
+func (c *Client) Delete(value string) error {
+ p, _ := parseName(value)
+ _, err := c.vault.Logical().Delete(p)
+ return err
+}
diff --git a/server/wkfs/vaultfs/vault.go b/server/wkfs/vaultfs/vault.go
index f7c1360..dcefd54 100644
--- a/server/wkfs/vaultfs/vault.go
+++ b/server/wkfs/vaultfs/vault.go
@@ -69,6 +69,10 @@ func (fs *vaultFS) OpenFile(name string, flag int, perm os.FileMode) (wkfs.FileW
return nil, errors.New("not implemented")
}
+func (fs *vaultFS) Remove(path string) error {
+ return fs.client.Delete(path)
+}
+
type statInfo struct {
name string
size int64
diff --git a/vendor/github.com/nsheridan/autocert-wkfs-cache/cache.go b/vendor/github.com/nsheridan/autocert-wkfs-cache/cache.go
new file mode 100644
index 0000000..e829ef2
--- /dev/null
+++ b/vendor/github.com/nsheridan/autocert-wkfs-cache/cache.go
@@ -0,0 +1,85 @@
+package wkfscache
+
+import (
+ "os"
+ "path/filepath"
+
+ "go4.org/wkfs"
+
+ "golang.org/x/crypto/acme/autocert"
+ "golang.org/x/net/context"
+)
+
+type Cache string
+
+// Get reads a certificate data from the specified file name.
+func (d Cache) Get(ctx context.Context, name string) ([]byte, error) {
+ name = filepath.Join(string(d), name)
+ var (
+ data []byte
+ err error
+ done = make(chan struct{})
+ )
+ go func() {
+ data, err = wkfs.ReadFile(name)
+ close(done)
+ }()
+ select {
+ case <-ctx.Done():
+ return nil, ctx.Err()
+ case <-done:
+ }
+ if os.IsNotExist(err) {
+ return nil, autocert.ErrCacheMiss
+ }
+ return data, err
+}
+
+// Put writes the certificate data to the specified file name.
+// The file will be created with 0600 permissions.
+func (d Cache) Put(ctx context.Context, name string, data []byte) error {
+ if err := wkfs.MkdirAll(string(d), 0700); err != nil {
+ return err
+ }
+
+ done := make(chan struct{})
+ var err error
+ go func() {
+ defer close(done)
+ if err := wkfs.WriteFile(filepath.Join(string(d), name), data, 0600); err != nil {
+ return
+ }
+ // prevent overwriting the file if the context was cancelled
+ if ctx.Err() != nil {
+ return // no need to set err
+ }
+ }()
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case <-done:
+ }
+ return err
+}
+
+// Delete removes the specified file name.
+func (d Cache) Delete(ctx context.Context, name string) error {
+ name = filepath.Join(string(d), name)
+ var (
+ err error
+ done = make(chan struct{})
+ )
+ go func() {
+ err = wkfs.Remove(name)
+ close(done)
+ }()
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case <-done:
+ }
+ if err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ return nil
+}
diff --git a/vendor/github.com/nsheridan/wkfs/s3/s3.go b/vendor/github.com/nsheridan/wkfs/s3/s3.go
index 19e72a9..de44f93 100644
--- a/vendor/github.com/nsheridan/wkfs/s3/s3.go
+++ b/vendor/github.com/nsheridan/wkfs/s3/s3.go
@@ -28,6 +28,8 @@ type Options struct {
SecretKey string
}
+var _ wkfs.FileSystem = (*s3FS)(nil)
+
// Register the /s3/ filesystem as a well-known filesystem.
func Register(opts *Options) {
if opts == nil {
@@ -91,6 +93,12 @@ func (fs *s3FS) Open(name string) (wkfs.File, error) {
Key: &fileName,
})
if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case "NoSuchKey", "NoSuchBucket":
+ return nil, os.ErrNotExist
+ }
+ }
return nil, err
}
defer obj.Body.Close()
@@ -131,7 +139,7 @@ func (fs *s3FS) Lstat(name string) (os.FileInfo, error) {
}
func (fs *s3FS) MkdirAll(path string, perm os.FileMode) error {
- _, err := fs.OpenFile(fmt.Sprintf("%s/", filepath.Clean(path)), os.O_CREATE, perm)
+ _, err := fs.OpenFile(fmt.Sprintf("%s/", filepath.Clean(path)), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm)
return err
}
@@ -154,6 +162,19 @@ func (fs *s3FS) OpenFile(name string, flag int, perm os.FileMode) (wkfs.FileWrit
return NewS3file(bucket, filename, fs.sc)
}
+func (fs *s3FS) Remove(name string) error {
+ var err error
+ bucket, filename, err := fs.parseName(name)
+ if err != nil {
+ return err
+ }
+ _, err = fs.sc.DeleteObject(&s3.DeleteObjectInput{
+ Bucket: aws.String(bucket),
+ Key: aws.String(filename),
+ })
+ return err
+}
+
type statInfo struct {
name string
size int64
diff --git a/vendor/go4.org/wkfs/gcs/gcs.go b/vendor/go4.org/wkfs/gcs/gcs.go
index a970c75..d768824 100644
--- a/vendor/go4.org/wkfs/gcs/gcs.go
+++ b/vendor/go4.org/wkfs/gcs/gcs.go
@@ -165,6 +165,14 @@ func (fs *gcsFS) OpenFile(name string, flag int, perm os.FileMode) (wkfs.FileWri
return fs.sc.Bucket(bucket).Object(fileName).NewWriter(fs.ctx), nil
}
+func (fs *gcsFS) Remove(name string) error {
+ bucket, fileName, err := fs.parseName(name)
+ if err != nil {
+ return err
+ }
+ return fs.sc.Bucket(bucket).Object(fileName).Delete(fs.ctx)
+}
+
type statInfo struct {
name string
size int64
diff --git a/vendor/go4.org/wkfs/wkfs.go b/vendor/go4.org/wkfs/wkfs.go
index f4df062..08c8786 100644
--- a/vendor/go4.org/wkfs/wkfs.go
+++ b/vendor/go4.org/wkfs/wkfs.go
@@ -55,6 +55,7 @@ func MkdirAll(path string, perm os.FileMode) error { return fs(path).MkdirAll(pa
func OpenFile(name string, flag int, perm os.FileMode) (FileWriter, error) {
return fs(name).OpenFile(name, flag, perm)
}
+func Remove(name string) error { return fs(name).Remove(name) }
func Create(name string) (FileWriter, error) {
// like os.Create but WRONLY instead of RDWR because we don't
// expose a Reader here.
@@ -79,6 +80,7 @@ func (osFS) MkdirAll(path string, perm os.FileMode) error { return os.MkdirAll(p
func (osFS) OpenFile(name string, flag int, perm os.FileMode) (FileWriter, error) {
return os.OpenFile(name, flag, perm)
}
+func (osFS) Remove(name string) error { return os.Remove(name) }
type FileSystem interface {
Open(name string) (File, error)
@@ -86,6 +88,7 @@ type FileSystem interface {
Stat(name string) (os.FileInfo, error)
Lstat(name string) (os.FileInfo, error)
MkdirAll(path string, perm os.FileMode) error
+ Remove(name string) error
}
// well-known filesystems
diff --git a/vendor/vendor.json b/vendor/vendor.json
index 27fa85e..48a6e98 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -393,10 +393,16 @@
"revisionTime": "2016-12-11T22:23:15Z"
},
{
- "checksumSHA1": "Ywe06VqOCpwDNjipGTMO0oOG/Yg=",
+ "checksumSHA1": "hTzdsWWDTWFpX1FcF77fKgR0tEM=",
+ "path": "github.com/nsheridan/autocert-wkfs-cache",
+ "revision": "fafece944e938451c2e901fdc355b75f675562f1",
+ "revisionTime": "2017-01-13T00:09:44Z"
+ },
+ {
+ "checksumSHA1": "4YKc2c3W7KOIkhSg/InVVbQjqDk=",
"path": "github.com/nsheridan/wkfs/s3",
- "revision": "60e6f1760f59568e4ce95080d08cd4a90c3c50c7",
- "revisionTime": "2016-12-29T20:48:42Z"
+ "revision": "7e8499ec8b00669d3a0a262273b9342d3c63cb1c",
+ "revisionTime": "2017-01-12T23:56:57Z"
},
{
"checksumSHA1": "8Y05Pz7onrQPcVWW6JStSsYRh6E=",
@@ -495,16 +501,16 @@
"revisionTime": "2016-07-21T22:16:07Z"
},
{
- "checksumSHA1": "BS9oue0y6JjMzz3spKlMTVmxZxo=",
+ "checksumSHA1": "RBe0HvUoZ1JL4XXPxslcvt+E6AI=",
"path": "go4.org/wkfs",
- "revision": "09d86de304dc27e636298361bbfee4ac6ab04f21",
- "revisionTime": "2016-11-18T21:00:15Z"
+ "revision": "0d03c2721aeea5277882f764f9ac7dd19fdfe4ac",
+ "revisionTime": "2017-01-01T02:01:48Z"
},
{
- "checksumSHA1": "VcZWSieqrSxETQY2EP97rg4kLAw=",
+ "checksumSHA1": "soMi4lOier3JilXADBSxqyNAg2g=",
"path": "go4.org/wkfs/gcs",
- "revision": "09d86de304dc27e636298361bbfee4ac6ab04f21",
- "revisionTime": "2016-11-18T21:00:15Z"
+ "revision": "0d03c2721aeea5277882f764f9ac7dd19fdfe4ac",
+ "revisionTime": "2017-01-01T02:01:48Z"
},
{
"checksumSHA1": "TK1Yr8BbwionaaAvM+77lwAAx/8=",
@@ -551,8 +557,8 @@
{
"checksumSHA1": "9jjO5GjLa0XF/nfWihF02RoH4qc=",
"path": "golang.org/x/net/context",
- "revision": "45e771701b814666a7eb299e6c7a57d0b1799e91",
- "revisionTime": "2016-12-15T19:42:18Z"
+ "revision": "60c41d1de8da134c05b7b40154a9a82bf5b7edb9",
+ "revisionTime": "2017-01-10T03:16:11Z"
},
{
"checksumSHA1": "WHc3uByvGaMcnSoI21fhzYgbOgg=",