github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/le_helpers.go

github.com/Tyktechnologies/tyk@v2.9.5+incompatible/gateway/le_helpers.go (about)

     1  package gateway
     2  
     3  import (
     4  	"encoding/json"
     5  
     6  	"rsc.io/letsencrypt"
     7  
     8  	"github.com/sirupsen/logrus"
     9  
    10  	"github.com/TykTechnologies/tyk/config"
    11  	"github.com/TykTechnologies/tyk/storage"
    12  )
    13  
    14  const LEKeyPrefix = "le_ssl:"
    15  
    16  func StoreLEState(m *letsencrypt.Manager) {
    17  	log.Debug("Storing SSL backup")
    18  
    19  	log.Debug("[SSL] --> Connecting to DB")
    20  
    21  	store := storage.RedisCluster{KeyPrefix: LEKeyPrefix}
    22  	connected := store.Connect()
    23  
    24  	log.Debug("--> Connected to DB")
    25  
    26  	if !connected {
    27  		log.Error("[SSL] --> SSL Backup save failed: redis connection failed")
    28  		return
    29  	}
    30  
    31  	state := m.Marshal()
    32  	secret := rightPad2Len(config.Global().Secret, "=", 32)
    33  	cryptoText := encrypt([]byte(secret), state)
    34  
    35  	if err := store.SetKey("cache", cryptoText, -1); err != nil {
    36  		log.Error("[SSL] --> Failed to store SSL backup: ", err)
    37  		return
    38  	}
    39  }
    40  
    41  func GetLEState(m *letsencrypt.Manager) {
    42  	checkKey := "cache"
    43  
    44  	store := storage.RedisCluster{KeyPrefix: LEKeyPrefix}
    45  
    46  	connected := store.Connect()
    47  	log.Debug("[SSL] --> Connected to DB")
    48  
    49  	if !connected {
    50  		log.Error("[SSL] --> SSL Backup recovery failed: redis connection failed")
    51  		return
    52  	}
    53  
    54  	cryptoText, err := store.GetKey(checkKey)
    55  	if err != nil {
    56  		log.Warning("[SSL] --> No SSL backup: ", err)
    57  		return
    58  	}
    59  
    60  	secret := rightPad2Len(config.Global().Secret, "=", 32)
    61  	sslState := decrypt([]byte(secret), cryptoText)
    62  
    63  	m.Unmarshal(sslState)
    64  }
    65  
    66  type LE_ServerInfo struct {
    67  	HostName string
    68  	ID       string
    69  }
    70  
    71  func onLESSLStatusReceivedHandler(payload string) {
    72  	serverData := LE_ServerInfo{}
    73  	if err := json.Unmarshal([]byte(payload), &serverData); err != nil {
    74  		log.WithFields(logrus.Fields{
    75  			"prefix": "pub-sub",
    76  		}).Error("Failed unmarshal server data: ", err)
    77  		return
    78  	}
    79  
    80  	log.Debug("Received LE data: ", serverData)
    81  
    82  	// not great
    83  	if serverData.ID != GetNodeID() {
    84  		log.Info("Received Redis LE change notification!")
    85  		GetLEState(&LE_MANAGER)
    86  	}
    87  
    88  	log.Info("Received Redis LE change notification from myself, ignoring")
    89  
    90  }
    91  
    92  func StartPeriodicStateBackup(m *letsencrypt.Manager) {
    93  	for range m.Watch() {
    94  		// First run will call a cache save that overwrites with null data
    95  		if LE_FIRSTRUN {
    96  			log.Info("[SSL] State change detected, storing")
    97  			StoreLEState(m)
    98  		}
    99  
   100  		LE_FIRSTRUN = true
   101  	}
   102  }