Deps update (#289)

* Dependency version bumps and according fixes & touchups * Change to async to avoid interactive dialogs * Move the Let's Encrypt environment selection to proper place

Deps update (#289)
a33c09ac · Joona Hoikkala · GitHub · 68bb6ab6 · a33c09ac · a33c09ac
Unverified Commit a33c09ac authored 3 years ago by Joona Hoikkala Committed by GitHub 3 years ago
--- a/Dockerfile
+++ b/Dockerfile
-FROM golang:1.13-alpine AS builder
+FROM golang:alpine AS builder
 LABEL maintainer="joona@kuori.org"
 RUN apk add --update gcc musl-dev git

--- a/challengeprovider.go
+++ b/challengeprovider.go
 package main
-import "github.com/go-acme/lego/challenge/dns01"
+import (
+	"context"
+	"github.com/mholt/acmez/acme"
+)
 // ChallengeProvider implements go-acme/lego Provider interface which is used for ACME DNS challenge handling
 type ChallengeProvider struct {
@@ -13,18 +16,22 @@ func NewChallengeProvider(servers []*DNSServer) ChallengeProvider {
 }
 // Present is used for making the ACME DNS challenge token available for DNS
-func (c *ChallengeProvider) Present(_, _, keyAuth string) error {
+func (c *ChallengeProvider) Present(ctx context.Context, challenge acme.Challenge) error {
-	_, token := dns01.GetRecord("whatever", keyAuth)
 	for _, s := range c.servers {
-		s.PersonalKeyAuth = token
+		s.PersonalKeyAuth = challenge.DNS01KeyAuthorization()
 	}
 	return nil
 }
 // CleanUp is called after the run to remove the ACME DNS challenge tokens from DNS records
-func (c *ChallengeProvider) CleanUp(_, _, _ string) error {
+func (c *ChallengeProvider) CleanUp(ctx context.Context, _ acme.Challenge) error {
 	for _, s := range c.servers {
 		s.PersonalKeyAuth = ""
 	}
 	return nil
 }
+// Wait is a dummy function as we are just going to be ready to answer the challenge from the get-go
+func (c *ChallengeProvider) Wait(_ context.Context, _ acme.Challenge) error {
+	return nil
+}
\ No newline at end of file
--- a/go.mod
+++ b/go.mod
 module github.com/joohoi/acme-dns
-go 1.13
+go 1.16
 require (
-	github.com/BurntSushi/toml v0.3.1
+	github.com/BurntSushi/toml v0.4.1
-	github.com/DATA-DOG/go-sqlmock v1.3.3
+	github.com/DATA-DOG/go-sqlmock v1.5.0
 	github.com/ajg/form v1.5.1 // indirect
-	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
+	github.com/caddyserver/certmagic v0.15.2
 	github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5
 	github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072 // indirect
 	github.com/gavv/httpexpect v2.0.0+incompatible
-	github.com/go-acme/lego v2.7.2+incompatible
+	github.com/go-acme/lego/v3 v3.9.0
-	github.com/go-acme/lego/v3 v3.1.0
+	github.com/google/uuid v1.3.0
-	github.com/google/uuid v1.1.1
+	github.com/gorilla/websocket v1.4.2 // indirect
-	github.com/gorilla/websocket v1.4.1 // indirect
 	github.com/imkira/go-interpol v1.1.0 // indirect
 	github.com/julienschmidt/httprouter v1.3.0
-	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
+	github.com/lib/pq v1.10.4
-	github.com/lib/pq v1.2.0
+	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mattn/go-sqlite3 v1.14.10
-	github.com/mattn/go-sqlite3 v1.11.0
+	github.com/mholt/acmez v1.0.1
-	github.com/mholt/certmagic v0.8.1-0.20191019173955-6f9f0e6dd0e8
+	github.com/miekg/dns v1.1.45
-	github.com/miekg/dns v1.1.22
 	github.com/moul/http2curl v1.0.0 // indirect
-	github.com/rs/cors v1.7.0
+	github.com/rs/cors v1.8.2
-	github.com/sergi/go-diff v1.0.0 // indirect
+	github.com/sergi/go-diff v1.2.0 // indirect
-	github.com/sirupsen/logrus v1.4.2
+	github.com/sirupsen/logrus v1.8.1
-	github.com/valyala/fasthttp v1.5.0 // indirect
+	github.com/valyala/fasthttp v1.31.0 // indirect
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect
 	github.com/yudai/gojsondiff v1.0.0 // indirect
 	github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
 	github.com/yudai/pp v2.0.1+incompatible // indirect
-	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
-	golang.org/x/sys v0.0.0-20191010194322-b09406accb47 // indirect
+	go.uber.org/zap v1.20.0 // indirect
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+	golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	golang.org/x/tools v0.1.8 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/main.go
+++ b/main.go
+//go:build !test
 // +build !test
 package main
 import (
+	"context"
 	"crypto/tls"
 	"flag"
 	stdlog "log"
@@ -11,10 +13,9 @@ import (
 	"strings"
 	"syscall"
-	"github.com/go-acme/lego/v3/challenge/dns01"
+	"github.com/caddyserver/certmagic"
 	legolog "github.com/go-acme/lego/v3/log"
 	"github.com/julienschmidt/httprouter"
-	"github.com/mholt/certmagic"
 	"github.com/rs/cors"
 	log "github.com/sirupsen/logrus"
 )
@@ -134,41 +135,39 @@ func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer)
 	cfg := &tls.Config{
 		MinVersion: tls.VersionTLS12,
 	}
 	provider := NewChallengeProvider(dnsservers)
-	// Override the validation options to mitigate issues with (lack of) 1:1 nat reflection
-	// for some network setups.
-	dnsopts := dns01.WrapPreCheck(func(_, _, _ string, _ dns01.PreCheckFunc) (bool, error) {
-		return true, nil
-	})
 	storage := certmagic.FileStorage{Path: Config.API.ACMECacheDir}
-	magicconf := certmagic.Config{
-		Agreed:             true,
+	// Set up certmagic for getting certificate for acme-dns api
-		CA:                 certmagic.LetsEncryptStagingCA,
+	certmagic.DefaultACME.DNS01Solver = &provider
-		DNSProvider:        &provider,
+	certmagic.DefaultACME.Agreed = true
-		DNSChallengeOption: dnsopts,
+	if Config.API.TLS == "letsencrypt" {
-		DefaultServerName:  Config.General.Domain,
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
-		Email:              Config.API.NotificationEmail,
+	} else {
-		Storage:            &storage,
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
 	}
+	certmagic.DefaultACME.Email = Config.API.NotificationEmail
-	cache := certmagic.NewCache(certmagic.CacheOptions{
+	magicConf := certmagic.NewDefault()
-		GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) {
+	magicConf.Storage = &storage
-			return magicconf, nil
+	magicConf.DefaultServerName = Config.General.Domain
+	magicCache := certmagic.NewCache(certmagic.CacheOptions{
+		GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) {
+			return magicConf, nil
 		},
 	})
+	magic := certmagic.New(magicCache, *magicConf)
 	var err error
 	switch Config.API.TLS {
 	case "letsencryptstaging":
-		magicconf.CA = certmagic.LetsEncryptStagingCA
+		err = magic.ManageAsync(context.Background(), []string{Config.General.Domain})
-		certcfg := certmagic.New(cache, magicconf)
-		err = certcfg.ManageSync([]string{Config.General.Domain})
 		if err != nil {
 			errChan <- err
 			return
 		}
-		cfg.GetCertificate = certcfg.GetCertificate
+		cfg.GetCertificate = magic.GetCertificate
 		srv := &http.Server{
 			Addr:      host,
 			Handler:   c.Handler(api),
@@ -178,14 +177,12 @@ func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer)
 		log.WithFields(log.Fields{"host": host, "domain": Config.General.Domain}).Info("Listening HTTPS")
 		err = srv.ListenAndServeTLS("", "")
 	case "letsencrypt":
-		magicconf.CA = certmagic.LetsEncryptProductionCA
+		err = magic.ManageAsync(context.Background(), []string{Config.General.Domain})
-		certcfg := certmagic.New(cache, magicconf)
-		err = certcfg.ManageSync([]string{Config.General.Domain})
 		if err != nil {
 			errChan <- err
 			return
 		}
-		cfg.GetCertificate = certcfg.GetCertificate
+		cfg.GetCertificate = magic.GetCertificate
 		srv := &http.Server{
 			Addr:      host,
 			Handler:   c.Handler(api),