Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Lint and format lua files + Fix luacheck warnings and errors + Update pre-commit-config hooks

Browse source
This commit is contained in:
Théophile Diot 2024-01-05 11:46:27 +00:00
parent 4cb896cfc3
commit c4bcaba03f
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
20 changed files with 198 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.pre-commit-config.yaml
View file

@ -1,6 +1,6 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
exclude: (^LICENSE.md$|^src/VERSION$|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js))|\.(svg|drawio|patch\d?|ascii|tf|tftpl)$)
exclude: (^LICENSE.md$|^src/VERSION$|^env/|^src/(bw/misc/root-ca.pem$|deps/src/|common/core/modsecurity/files|ui/static/js/(editor/|utils/purify/|tsparticles\.bundle\.min\.js))|\.(svg|drawio|patch\d?|ascii|tf|tftpl|key)$)
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: c4a0b883114b00d8d76b479c820ce7950211c99b # frozen: v4.5.0
@ -16,15 +16,15 @@ repos:
args: ["--allow-multiple-documents"]
- id: check-case-conflict
- repo: https://github.com/ambv/black
rev: 2a1c67e0b2f81df602ec1f6e7aeb030b9709dc7c # frozen: 23.11.0
- repo: https://github.com/psf/black
rev: ec91a2be3c44d88e1a3960a4937ad6ed3b63464e # frozen: 23.12.1
hooks:
- id: black
name: Black Python Formatter
language_version: python3.9
- repo: https://github.com/pre-commit/mirrors-prettier
rev: ffb6a759a979008c0e6dff86e39f4745a2d9eac4 # frozen: v3.1.0
rev: f12edd9c7be1c20cfa42420fd0e6df71e42b51ea # frozen: v4.0.0-alpha.8
hooks:
- id: prettier
name: Prettier Code Formatter
@ -36,21 +36,21 @@ repos:
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
- repo: https://github.com/lunarmodules/luacheck
rev: ababb6d403d634eb74d2c541035e9ede966e710d # frozen: v1.1.1
rev: 418f48976c73be697fe64b0eba9ea9821ac9bca8 # frozen: v1.1.2
hooks:
- id: luacheck
exclude: ^src/(bw/lua/middleclass.lua|common/core/antibot/captcha.lua)$
args: ["--std", "min", "--codes", "--ranges", "--no-cache"]
- repo: https://github.com/pycqa/flake8
rev: 10f4af6dbcf93456ba7df762278ae61ba3120dc6 # frozen: 6.1.0
rev: 7d37d9032d0d161634be4554273c30efd4dea0b3 # frozen: 7.0.0
hooks:
- id: flake8
name: Flake8 Python Linter
args: ["--max-line-length=250", "--ignore=E266,E402,E722,W503"]
- repo: https://github.com/dosisod/refurb
rev: a25b5d6087bba1509f96654c583efcd7796452cd # frozen: v1.24.0
rev: a7c461fcfaa2ca3248d489cdf7fed8e2d4fd8520 # frozen: v1.26.0
hooks:
- id: refurb
name: Refurb Python Refactoring Tool

9
src/bw/lua/bunkerweb/api.lua
View file

@ -1,14 +1,14 @@
local ngx = ngx
local ngx_req = ngx.req
local cdatastore = require "bunkerweb.datastore"
local cjson = require "cjson"
local class = require "middleclass"
local cdatastore = require "bunkerweb.datastore"
local clogger = require "bunkerweb.logger"
local helpers = require "bunkerweb.helpers"
local process = require "ngx.process"
local rsignal = require "resty.signal"
local upload = require "resty.upload"
local utils = require "bunkerweb.utils"
local helpers = require "bunkerweb.helpers"
local api = class("api")
@ -287,13 +287,14 @@ function api:do_api_call()
return false, resp["msg"], HTTP_INTERNAL_SERVER_ERROR, encode(resp)
end
for _, plugin in ipairs(list) do
local plugin_lua, err = require_plugin(plugin.id)
local plugin_lua, _ = require_plugin(plugin.id)
if plugin_lua and plugin_lua.api ~= nil then
local ok, plugin_obj = new_plugin(plugin_lua, self.ctx)
if not ok then
logger:log(ERR, "can't instantiate " .. plugin.id .. " : " .. plugin_obj)
else
local ok, ret = call_plugin(plugin_obj, "api")
local ret
ok, ret = call_plugin(plugin_obj, "api")
if not ok then
logger:log(ERR, "error while executing " .. plugin.id .. ":api() : " .. ret)
else

4
src/bw/lua/bunkerweb/cachestore.lua
View file

@ -1,7 +1,7 @@
local ngx = ngx
local class = require "middleclass"
local clusterstore = require "bunkerweb.clusterstore"
local clogger = require "bunkerweb.logger"
local clusterstore = require "bunkerweb.clusterstore"
local mlcache = require "resty.mlcache"
local utils = require "bunkerweb.utils"
local cachestore = class("cachestore")
@ -184,10 +184,12 @@ function cachestore:del_redis(key)
return true
end
-- luacheck: ignore 212
function cachestore:purge()
return cache:purge(true)
end
-- luacheck: ignore 212
function cachestore:update()
return cache:update()
end

16
src/bw/lua/bunkerweb/clusterstore.lua
View file

@ -33,7 +33,7 @@ function clusterstore:initialize(pool)
["REDIS_SENTINEL_HOSTS"] = "",
["REDIS_SENTINEL_USERNAME"] = "",
["REDIS_SENTINEL_PASSWORD"] = "",
["REDIS_SENTINEL_MASTER"] = ""
["REDIS_SENTINEL_MASTER"] = "",
}
-- Set them for later use
self.variables = {}
@ -57,7 +57,6 @@ function clusterstore:initialize(pool)
keepalive_poolsize = tonumber(self.variables["REDIS_KEEPALIVE_POOL"]),
connection_options = {
ssl = self.variables["REDIS_SSL"] == "yes",
},
host = self.variables["REDIS_HOST"],
port = tonumber(self.variables["REDIS_PORT"]),
@ -68,7 +67,7 @@ function clusterstore:initialize(pool)
sentinel_password = self.variables["REDIS_SENTINEL_PASSWORD"],
master_name = self.variables["REDIS_SENTINEL_MASTER"],
role = "master",
sentinels = {}
sentinels = {},
}
self.pool = pool == nil or pool
if self.pool then
@ -83,7 +82,7 @@ function clusterstore:initialize(pool)
else
sport = tonumber(sport)
end
table.insert(options.sentinel, {host = shost, port = sport})
table.insert(options.sentinel, { host = shost, port = sport })
end
end
self.options = options
@ -110,12 +109,13 @@ function clusterstore:connect(readonly)
-- Connect to sentinels if needed
local redis_client, err
if #self.options.sentinels > 0 then
local redis_sentinel, err = self.redis_connector:connect()
local redis_sentinel
redis_sentinel, err = self.redis_connector:connect()
if not redis_sentinel then
return false, "error while connecting to sentinels : " .. err
end
if readonly then
local redis_clients, err = rs.get_slaves(redis_sentinel, self.options.master_name)
local redis_clients, _ = rs.get_slaves(redis_sentinel, self.options.master_name)
if redis_clients then
redis_client = redis_clients[random(#redis_clients)]
else
@ -124,7 +124,7 @@ function clusterstore:connect(readonly)
else
redis_client, err = rs.get_master(redis_sentinel, self.options.master_name)
end
-- Classic connection
-- Classic connection
else
redis_client, err = self.redis_connector:connect()
end
@ -155,7 +155,7 @@ function clusterstore:close()
local ok, err
if self.pool then
ok, err = self.redis_connector:set_keepalive(self.redis_client)
-- No pool
-- No pool
else
ok, err = self.redis_client:close()
end

95
src/bw/lua/bunkerweb/ctx.lua
View file

@ -13,16 +13,13 @@
-- * allow passing of context
-- * updated to work with new 1.19.x apis
local ffi = require "ffi"
local base = require "resty.core.base"
local ffi = require "ffi"
require "resty.core.ctx"
local C = ffi.C
local ngx = ngx
local var = ngx.var
local ngx_log = ngx.log
local ngx_WARN = ngx.WARN
local tonumber = tonumber
local registry = debug.getregistry()
local subsystem = ngx.config.subsystem
@ -34,75 +31,69 @@ local ngx_ERR = ngx.ERR
local ngx_lua_ffi_get_ctx_ref
if subsystem == "http" then
ngx_lua_ffi_get_ctx_ref = C.ngx_http_lua_ffi_get_ctx_ref
ngx_lua_ffi_get_ctx_ref = C.ngx_http_lua_ffi_get_ctx_ref
elseif subsystem == "stream" then
ngx_lua_ffi_get_ctx_ref = C.ngx_stream_lua_ffi_get_ctx_ref
ngx_lua_ffi_get_ctx_ref = C.ngx_stream_lua_ffi_get_ctx_ref
end
local in_ssl_phase = ffi.new("int[1]")
local ssl_ctx_ref = ffi.new("int[1]")
local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX
local _M = {}
function _M.stash_ref(ctx)
local r = get_request()
if not r then
logger:log(ngx_ERR, "could not stash ngx.ctx ref: no request found")
return
end
local r = get_request()
if not r then
logger:log(ngx_ERR, "could not stash ngx.ctx ref: no request found")
return
end
do
local ctx_ref = var.ctx_ref
if not ctx_ref or ctx_ref ~= "" then
return
end
do
local ctx_ref = var.ctx_ref
if not ctx_ref or ctx_ref ~= "" then
return
end
if not ctx then
local _ = ngx.ctx -- load context if not previously loaded
end
end
local ctx_ref = ngx_lua_ffi_get_ctx_ref(r, in_ssl_phase, ssl_ctx_ref)
if ctx_ref == FFI_NO_REQ_CTX then
logger:log(ngx_ERR, "could not stash ngx.ctx ref: no ctx found")
return
end
if not ctx then
local _ = ngx.ctx -- load context if not previously loaded
end
end
local ctx_ref = ngx_lua_ffi_get_ctx_ref(r, in_ssl_phase, ssl_ctx_ref)
if ctx_ref == FFI_NO_REQ_CTX then
logger:log(ngx_ERR, "could not stash ngx.ctx ref: no ctx found")
return
end
var.ctx_ref = ctx_ref
var.ctx_ref = ctx_ref
end
function _M.apply_ref()
local r = get_request()
if not r then
logger:log(ngx_ERR, "could not apply ngx.ctx: no request found")
return
end
local r = get_request()
if not r then
logger:log(ngx_ERR, "could not apply ngx.ctx: no request found")
return
end
local ctx_ref = var.ctx_ref
if not ctx_ref or ctx_ref == "" then
return
end
local ctx_ref = var.ctx_ref
if not ctx_ref or ctx_ref == "" then
return
end
ctx_ref = tonumber(ctx_ref)
if not ctx_ref then
return
end
ctx_ref = tonumber(ctx_ref)
if not ctx_ref then
return
end
local orig_ctx = registry.ngx_lua_ctx_tables[ctx_ref]
if not orig_ctx then
logger:log(ngx_ERR, "could not apply ngx.ctx: no ctx found")
return
end
local orig_ctx = registry.ngx_lua_ctx_tables[ctx_ref]
if not orig_ctx then
logger:log(ngx_ERR, "could not apply ngx.ctx: no ctx found")
return
end
ngx.ctx = orig_ctx
var.ctx_ref = ""
ngx.ctx = orig_ctx
var.ctx_ref = ""
end
return _M

6
src/bw/lua/bunkerweb/helpers.lua
View file

@ -1,8 +1,8 @@
local ngx = ngx
local ngx = ngx
local base = require "resty.core.base"
local bwctx = require "bunkerweb.ctx"
local cjson = require "cjson"
local utils = require "bunkerweb.utils"
local bwctx = require "bunkerweb.ctx"
local base = require "resty.core.base"
local open = io.open
local decode = cjson.decode

5
src/bw/lua/bunkerweb/plugin.lua
View file

@ -26,7 +26,7 @@ function plugin:initialize(id, ctx)
"header_filter",
"body_filter",
"log",
"preread"
"preread",
} do
if current_phase == check_phase then
is_request = true
@ -44,8 +44,7 @@ function plugin:initialize(id, ctx)
if self.is_request then
self.ctx = ctx or ngx.ctx
self.datastore = get_ctx_obj("datastore", self.ctx) or datastore:new()
self.cachestore = get_ctx_obj("cachestore", self.ctx)
or cachestore:new(use_redis == "yes", self.ctx)
self.cachestore = get_ctx_obj("cachestore", self.ctx) or cachestore:new(use_redis == "yes", self.ctx)
self.clusterstore = get_ctx_obj("clusterstore", self.ctx) or clusterstore:new()
self.cachestore_local = get_ctx_obj("cachestore_local", self.ctx) or cachestore:new(false, self.ctx)
else

17
src/bw/lua/bunkerweb/utils.lua
View file

@ -769,7 +769,7 @@ utils.get_phases = function()
"log",
"preread",
"log_stream",
"log_default"
"log_default",
}
end
@ -780,7 +780,7 @@ utils.is_cosocket_available = function()
"access",
"content",
"ssl_certificate",
"preread"
"preread",
}
local current_phase = get_phase()
for _, phase in ipairs(phases) do
@ -808,4 +808,17 @@ utils.get_ctx_obj = function(obj, ctx)
return nil
end
utils.read_files = function(files)
local data = {}
for _, file in ipairs(files) do
local f, err = open(file, "r")
if not f then
return false, file .. " = " .. err
end
table.insert(data, f:read("*a"))
f:close()
end
return true, data
end
return utils

2
src/common/core/antibot/antibot.lua
View file

@ -26,7 +26,7 @@ local to_hex = str.to_hex
local http_new = http.new
local decode = cjson.decode
local template = nil
local template
local render = nil
if subsystem == "http" then
template = require "resty.template"

2
src/common/core/badbehavior/badbehavior.lua
View file

@ -65,7 +65,7 @@ function badbehavior.increase(premature, ip, count_time, ban_time, threshold, us
-- Instantiate objects
local logger = require "bunkerweb.logger":new("badbehavior")
local datastore = require "bunkerweb.datastore":new()
-- Declare counter
local counter = false
-- Redis case

1
src/common/core/blacklist/blacklist.lua
View file

@ -348,6 +348,7 @@ function blacklist:is_blacklisted_ua()
return false, "ok"
end
-- luacheck: ignore 212
function blacklist:get_data(blacklisted)
local data = {}
if blacklisted == "ip" then

4
src/common/core/bunkernet/bunkernet.lua
View file

@ -199,9 +199,11 @@ function bunkernet:log(bypass_checks)
elseif data then
return self:ret(true, "already reported recently")
end
local ok, err
-- luacheck: ignore 212 431
local function report_callback(premature, obj, ip, reason, reason_data, method, url, headers, use_redis)
local ok, err, status, _ = obj:report(ip, reason, reason_data, method, url, headers)
local status, _
ok, err, status, _ = obj:report(ip, reason, reason_data, method, url, headers)
if status == 429 then
obj.logger:log(WARN, "bunkernet API is rate limiting us")
elseif not ok then

2
src/common/core/cors/cors.lua
View file

@ -106,7 +106,7 @@ function cors:access()
nil,
{
id = "origin",
origin = self.ctx.bw.http_origin
origin = self.ctx.bw.http_origin,
}
)
end

7
src/common/core/country/country.lua
View file

@ -5,7 +5,6 @@ local utils = require "bunkerweb.utils"
local country = class("country", plugin)
local ngx = ngx
local get_country = utils.get_country
local get_deny_status = utils.get_deny_status
local decode = cjson.decode
@ -46,7 +45,7 @@ function country:access()
nil,
{
id = "country",
country = data.country
country = data.country,
}
)
end
@ -93,7 +92,7 @@ function country:access()
nil,
{
id = "country",
country = country_data
country = country_data,
}
)
end
@ -113,7 +112,7 @@ function country:access()
nil,
{
id = "country",
country = country_data
country = country_data,
}
)
end

62
src/common/core/customcert/customcert.lua
View file

@ -1,7 +1,7 @@
local class = require "middleclass"
local plugin = require "bunkerweb.plugin"
local utils = require "bunkerweb.utils"
local ssl = require "ngx.ssl"
local utils = require "bunkerweb.utils"
local customcert = class("customcert", plugin)
@ -13,7 +13,7 @@ local ssl_server_name = ssl.server_name
local get_variable = utils.get_variable
local get_multiple_variables = utils.get_multiple_variables
local has_variable = utils.has_variable
local open = io.open
local read_files = utils.read_files
function customcert:initialize(ctx)
-- Call parent initialize
@ -22,25 +22,29 @@ end
function customcert:init()
local ret_ok, ret_err = true, "success"
if has_variable("USE_CUSTOM_SSL", "yes") then
if has_variable("USE_CUSTOM_SSL", "yes") then
local multisite, err = get_variable("MULTISITE", false)
if not multisite then
return self:ret(false, "can't get MULTISITE variable : " .. err)
end
if multisite == "yes" then
local vars, err = get_multiple_variables({"USE_CUSTOM_SSL", "SERVER_NAME"})
local vars
vars, err = get_multiple_variables({ "USE_CUSTOM_SSL", "SERVER_NAME" })
if not vars then
return self:ret(false, "can't get USE_CUSTOM_SSL variables : " .. err)
end
for server_name, multisite_vars in pairs(vars) do
if multisite_vars["USE_CUSTOM_SSL"] == "yes" and server_name ~= "global" then
local check, data = self:read_files(server_name)
local check, data = read_files({
"/var/cache/bunkerweb/customcert/" .. server_name .. "/cert.pem",
"/var/cache/bunkerweb/customcert/" .. server_name .. "/key.pem",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -50,17 +54,21 @@ function customcert:init()
end
end
else
local server_name, err = get_variable("SERVER_NAME", false)
local server_name
server_name, err = get_variable("SERVER_NAME", false)
if not server_name then
return self:ret(false, "can't get SERVER_NAME variable : " .. err)
end
local check, data = self:read_files(server_name:match("%S+"))
local check, data = read_files({
"/var/cache/bunkerweb/customcert/" .. server_name:match("%S+") .. "/cert.pem",
"/var/cache/bunkerweb/customcert/" .. server_name:match("%S+") .. "/key.pem",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, server_name)
check, err = self:load_data(data, server_name)
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -70,7 +78,7 @@ function customcert:init()
end
else
ret_err = "custom cert is not used"
end
end
return self:ret(ret_ok, ret_err)
end
@ -79,31 +87,18 @@ function customcert:ssl_certificate()
if not server_name then
return self:ret(false, "can't get server_name : " .. err)
end
if self.variables["USE_CUSTOM_SSL"] == "yes" then
local data, err = self.datastore:get("plugin_customcert_" .. server_name, true)
if self.variables["USE_CUSTOM_SSL"] == "yes" then
local data
data, err = self.datastore:get("plugin_customcert_" .. server_name, true)
if not data then
return self:ret(false, "error while getting plugin_customcert_" .. server_name .. " from datastore : " .. err)
return self:ret(
false,
"error while getting plugin_customcert_" .. server_name .. " from datastore : " .. err
)
end
return self:ret(true, "certificate/key data found", data)
end
return self:ret(true, "custom certificate is not used")
end
function customcert:read_files(server_name)
local files = {
"/var/cache/bunkerweb/customcert/" .. server_name .. "/cert.pem",
"/var/cache/bunkerweb/customcert/" .. server_name .. "/key.pem"
}
local data = {}
for i, file in ipairs(files) do
local f, err = open(file, "r")
if not f then
return false, file .. " = " .. err
end
table.insert(data, f:read("*a"))
f:close()
return self:ret(true, "certificate/key data found", data)
end
return true, data
return self:ret(true, "custom certificate is not used")
end
function customcert:load_data(data, server_name)
@ -120,7 +115,8 @@ function customcert:load_data(data, server_name)
-- Cache data
for key in server_name:gmatch("%S+") do
local cache_key = "plugin_customcert_" .. key
local ok, err = self.datastore:set(cache_key, {cert_chain, priv_key}, nil, true)
local ok
ok, err = self.datastore:set(cache_key, { cert_chain, priv_key }, nil, true)
if not ok then
return false, "error while setting data into datastore : " .. err
end

10
src/common/core/dnsbl/dnsbl.lua
View file

@ -98,7 +98,7 @@ function dnsbl:access()
nil,
{
id = "dnsbl",
dnsbl = cached
dnsbl = cached,
}
)
end
@ -161,7 +161,13 @@ function dnsbl:access()
if not ok then
return self:ret(false, "error while adding element to cache : " .. err)
end
return self:ret(true, "IP is blacklisted by " .. ret_server, get_deny_status(), nil, {id = "dnsbl", dnsbl = ret_server})
return self:ret(
true,
"IP is blacklisted by " .. ret_server,
get_deny_status(),
nil,
{ id = "dnsbl", dnsbl = ret_server }
)
end
-- Error case
return self:ret(false, ret_err)

2
src/common/core/errors/errors.lua
View file

@ -4,7 +4,7 @@ local plugin = require "bunkerweb.plugin"
local ngx = ngx
local subsystem = ngx.config.subsystem
local template = nil
local template
local render = nil
if subsystem == "http" then
template = require "resty.template"

66
src/common/core/letsencrypt/letsencrypt.lua
View file

@ -1,8 +1,8 @@
local cjson = require "cjson"
local class = require "middleclass"
local plugin = require "bunkerweb.plugin"
local utils = require "bunkerweb.utils"
local ssl = require "ngx.ssl"
local utils = require "bunkerweb.utils"
local letsencrypt = class("letsencrypt", plugin)
@ -20,6 +20,7 @@ local ssl_server_name = ssl.server_name
local get_variable = utils.get_variable
local get_multiple_variables = utils.get_multiple_variables
local has_variable = utils.has_variable
local read_files = utils.read_files
local open = io.open
local sub = string.sub
local match = string.match
@ -34,25 +35,29 @@ end
function letsencrypt:init()
local ret_ok, ret_err = true, "success"
if has_variable("AUTO_LETS_ENCRYPT", "yes") then
if has_variable("AUTO_LETS_ENCRYPT", "yes") then
local multisite, err = get_variable("MULTISITE", false)
if not multisite then
return self:ret(false, "can't get MULTISITE variable : " .. err)
end
if multisite == "yes" then
local vars, err = get_multiple_variables({"AUTO_LETS_ENCRYPT", "SERVER_NAME"})
local vars
vars, err = get_multiple_variables({ "AUTO_LETS_ENCRYPT", "SERVER_NAME" })
if not vars then
return self:ret(false, "can't get AUTO_LETS_ENCRYPT variables : " .. err)
end
for server_name, multisite_vars in pairs(vars) do
if multisite_vars["AUTO_LETS_ENCRYPT"] == "yes" and server_name ~= "global" then
local check, data = self:read_files(server_name)
local check, data = read_files({
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name .. "/fullchain.pem",
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name .. "/privkey.pem",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -62,17 +67,21 @@ function letsencrypt:init()
end
end
else
local server_name, err = get_variable("SERVER_NAME", false)
local server_name
server_name, err = get_variable("SERVER_NAME", false)
if not server_name then
return self:ret(false, "can't get SERVER_NAME variable : " .. err)
end
local check, data = self:read_files(server_name:match("%S+"))
local check, data = read_files({
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name:match("%S+") .. "/fullchain.pem",
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name:match("%S+") .. "/privkey.pem",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, server_name)
check, err = self:load_data(data, server_name)
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -82,7 +91,7 @@ function letsencrypt:init()
end
else
ret_err = "let's encrypt is not used"
end
end
return self:ret(ret_ok, ret_err)
end
@ -91,31 +100,18 @@ function letsencrypt:ssl_certificate()
if not server_name then
return self:ret(false, "can't get server_name : " .. err)
end
if self.variables["AUTO_LETS_ENCRYPT"] == "yes" then
local data, err = self.datastore:get("plugin_letsencrypt_" .. server_name, true)
if self.variables["AUTO_LETS_ENCRYPT"] == "yes" then
local data
data, err = self.datastore:get("plugin_letsencrypt_" .. server_name, true)
if not data then
return self:ret(false, "error while getting plugin_letsencrypt_" .. server_name .. " from datastore : " .. err)
return self:ret(
false,
"error while getting plugin_letsencrypt_" .. server_name .. " from datastore : " .. err
)
end
return self:ret(true, "certificate/key data found", data)
end
return self:ret(true, "let's encrypt is not used")
end
function letsencrypt:read_files(server_name)
local files = {
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name .. "/fullchain.pem",
"/var/cache/bunkerweb/letsencrypt/etc/live/" .. server_name .. "/privkey.pem"
}
local data = {}
for i, file in ipairs(files) do
local f, err = open(file, "r")
if not f then
return false, file .. " = " .. err
end
table.insert(data, f:read("*a"))
f:close()
return self:ret(true, "certificate/key data found", data)
end
return true, data
return self:ret(true, "let's encrypt is not used")
end
function letsencrypt:load_data(data, server_name)
@ -125,14 +121,16 @@ function letsencrypt:load_data(data, server_name)
return false, "error while parsing pem cert : " .. err
end
-- Load key
local priv_key, err = parse_pem_priv_key(data[2])
local priv_key
priv_key, err = parse_pem_priv_key(data[2])
if not priv_key then
return false, "error while parsing pem priv key : " .. err
end
-- Cache data
for key in server_name:gmatch("%S+") do
local cache_key = "plugin_letsencrypt_" .. key
local ok, err = self.datastore:set(cache_key, {cert_chain, priv_key}, nil, true)
local ok
ok, err = self.datastore:set(cache_key, { cert_chain, priv_key }, nil, true)
if not ok then
return false, "error while setting data into datastore : " .. err
end
@ -172,7 +170,7 @@ function letsencrypt:api()
file:write(data.validation)
file:close()
return self:ret(true, "validation token written", HTTP_OK)
elseif ctx.bw.request_method == "DELETE" then
elseif self.ctx.bw.request_method == "DELETE" then
local ok, err = remove(acme_folder .. data.token)
if not ok then
return self:ret(true, "can't remove validation token : " .. err, HTTP_INTERNAL_SERVER_ERROR)

62
src/common/core/selfsigned/selfsigned.lua
View file

@ -1,7 +1,7 @@
local class = require "middleclass"
local plugin = require "bunkerweb.plugin"
local utils = require "bunkerweb.utils"
local ssl = require "ngx.ssl"
local utils = require "bunkerweb.utils"
local selfsigned = class("selfsigned", plugin)
@ -13,7 +13,7 @@ local ssl_server_name = ssl.server_name
local get_variable = utils.get_variable
local get_multiple_variables = utils.get_multiple_variables
local has_variable = utils.has_variable
local open = io.open
local read_files = utils.read_files
function selfsigned:initialize(ctx)
-- Call parent initialize
@ -22,25 +22,29 @@ end
function selfsigned:init()
local ret_ok, ret_err = true, "success"
if has_variable("GENERATE_SELF_SIGNED_SSL", "yes") then
if has_variable("GENERATE_SELF_SIGNED_SSL", "yes") then
local multisite, err = get_variable("MULTISITE", false)
if not multisite then
return self:ret(false, "can't get MULTISITE variable : " .. err)
end
if multisite == "yes" then
local vars, err = get_multiple_variables({"GENERATE_SELF_SIGNED_SSL", "SERVER_NAME"})
local vars
vars, err = get_multiple_variables({ "GENERATE_SELF_SIGNED_SSL", "SERVER_NAME" })
if not vars then
return self:ret(false, "can't get GENERATE_SELF_SIGNED_SSL variables : " .. err)
end
for server_name, multisite_vars in pairs(vars) do
if multisite_vars["GENERATE_SELF_SIGNED_SSL"] == "yes" and server_name ~= "global" then
local check, data = self:read_files(server_name)
local check, data = read_files({
"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".pem",
"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".key",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
check, err = self:load_data(data, multisite_vars["SERVER_NAME"])
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -50,17 +54,21 @@ function selfsigned:init()
end
end
else
local server_name, err = get_variable("SERVER_NAME", false)
local server_name
server_name, err = get_variable("SERVER_NAME", false)
if not server_name then
return self:ret(false, "can't get SERVER_NAME variable : " .. err)
end
local check, data = self:read_files(server_name:match("%S+"))
local check, data = read_files({
"/var/cache/bunkerweb/selfsigned/" .. server_name:match("%S+") .. ".pem",
"/var/cache/bunkerweb/selfsigned/" .. server_name:match("%S+") .. ".key",
})
if not check then
self.logger:log(ERR, "error while reading files : " .. data)
ret_ok = false
ret_err = "error reading files"
else
local check, err = self:load_data(data, server_name)
check, err = self:load_data(data, server_name)
if not check then
self.logger:log(ERR, "error while loading data : " .. err)
ret_ok = false
@ -70,7 +78,7 @@ function selfsigned:init()
end
else
ret_err = "self signed is not used"
end
end
return self:ret(ret_ok, ret_err)
end
@ -79,31 +87,18 @@ function selfsigned:ssl_certificate()
if not server_name then
return self:ret(false, "can't get server_name : " .. err)
end
if self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes" then
local data, err = self.datastore:get("plugin_selfsigned_" .. server_name, true)
if self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes" then
local data
data, err = self.datastore:get("plugin_selfsigned_" .. server_name, true)
if not data then
return self:ret(false, "error while getting plugin_selfsigned_" .. server_name .. " from datastore : " .. err)
return self:ret(
false,
"error while getting plugin_selfsigned_" .. server_name .. " from datastore : " .. err
)
end
return self:ret(true, "certificate/key data found", data)
end
return self:ret(true, "selfsigned is not used")
end
function selfsigned:read_files(server_name)
local files = {
"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".pem",
"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".key"
}
local data = {}
for i, file in ipairs(files) do
local f, err = open(file, "r")
if not f then
return false, file .. " = " .. err
end
table.insert(data, f:read("*a"))
f:close()
return self:ret(true, "certificate/key data found", data)
end
return true, data
return self:ret(true, "selfsigned is not used")
end
function selfsigned:load_data(data, server_name)
@ -120,7 +115,8 @@ function selfsigned:load_data(data, server_name)
-- Cache data
for key in server_name:gmatch("%S+") do
local cache_key = "plugin_selfsigned_" .. key
local ok, err = self.datastore:set(cache_key, {cert_chain, priv_key}, nil, true)
local ok
ok, err = self.datastore:set(cache_key, { cert_chain, priv_key }, nil, true)
if not ok then
return false, "error while setting data into datastore : " .. err
end

6
src/common/core/sessions/sessions.lua
View file

@ -66,7 +66,7 @@ function sessions:init()
["REDIS_SENTINEL_HOSTS"] = "",
["REDIS_SENTINEL_USERNAME"] = "",
["REDIS_SENTINEL_PASSWORD"] = "",
["REDIS_SENTINEL_MASTER"] = ""
["REDIS_SENTINEL_MASTER"] = "",
}
for k, _ in pairs(redis_vars) do
local value, err = get_variable(k, false)
@ -124,7 +124,7 @@ function sessions:init()
pool = "bw-redis",
pool_size = tonumber(redis_vars["REDIS_KEEPALIVE_POOL"]),
ssl = redis_vars["REDIS_SSL"] == "yes",
database = tonumber(redis_vars["REDIS_DATABASE"])
database = tonumber(redis_vars["REDIS_DATABASE"]),
}
if redis_vars["REDIS_SENTINEL_HOSTS"] ~= nil then
config.redis.master = redis_vars["REDIS_SENTINEL_MASTER"]
@ -139,7 +139,7 @@ function sessions:init()
else
sport = tonumber(sport)
end
table.insert(config.redis.sentinels, {host = shost, port = sport})
table.insert(config.redis.sentinels, { host = shost, port = sport })
end
else
config.redis.host = redis_vars["REDIS_HOST"]