mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-22 07:30:25 +00:00
httpclient: add leaf certificates
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
4ad2a9c1fa
commit
a538255034
4 changed files with 21 additions and 16 deletions
6
go.mod
6
go.mod
|
@ -3,7 +3,7 @@ module github.com/drakkan/sftpgo/v2
|
|||
go 1.19
|
||||
|
||||
require (
|
||||
cloud.google.com/go/storage v1.26.0
|
||||
cloud.google.com/go/storage v1.27.0
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.3
|
||||
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
|
||||
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
|
||||
|
@ -20,7 +20,7 @@ require (
|
|||
github.com/cockroachdb/cockroach-go/v2 v2.2.16
|
||||
github.com/coreos/go-oidc/v3 v3.4.0
|
||||
github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001
|
||||
github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6
|
||||
github.com/fclairamb/ftpserverlib v0.20.0
|
||||
github.com/fclairamb/go-log v0.4.1
|
||||
github.com/go-acme/lego/v4 v4.8.0
|
||||
github.com/go-chi/chi/v5 v5.0.8-0.20220512131524-9e71a0d4b3d6
|
||||
|
@ -69,7 +69,7 @@ require (
|
|||
golang.org/x/net v0.0.0-20220909164309-bea034e7d591
|
||||
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
|
||||
golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8
|
||||
golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45
|
||||
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af
|
||||
google.golang.org/api v0.97.0
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0
|
||||
)
|
||||
|
|
12
go.sum
12
go.sum
|
@ -76,8 +76,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
|
|||
cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
|
||||
cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA=
|
||||
cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
|
||||
cloud.google.com/go/storage v1.26.0 h1:lYAGjknyDJirSzfwUlkv4Nsnj7od7foxQNH/fqZqles=
|
||||
cloud.google.com/go/storage v1.26.0/go.mod h1:mk/N7YwIKEWyTvXAWQCIeiCTdLoRH6Pd5xmSnolQLTI=
|
||||
cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ=
|
||||
cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
|
||||
cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A=
|
||||
cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM=
|
||||
contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA=
|
||||
|
@ -284,8 +284,8 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.
|
|||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
|
||||
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
|
||||
github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6 h1:WdhM0yDKdtSD+cqWHAMLMTwvUvmzy36eI3Ow8emZmn0=
|
||||
github.com/fclairamb/ftpserverlib v0.19.2-0.20220922051837-cde05ddf9fe6/go.mod h1:7pR5Ckeygw3T006z1ND6HYSbJz+fTvkFAXlF6snW4yI=
|
||||
github.com/fclairamb/ftpserverlib v0.20.0 h1:9NjQPxo3T0XQCyzSXZJ0XBH4mk4Qv4Lpw3GNVabvnpU=
|
||||
github.com/fclairamb/ftpserverlib v0.20.0/go.mod h1:7pR5Ckeygw3T006z1ND6HYSbJz+fTvkFAXlF6snW4yI=
|
||||
github.com/fclairamb/go-log v0.4.1 h1:rLtdSG9x2pK41AIAnE8WYpl05xBJfw1ZyYxZaXFcBsM=
|
||||
github.com/fclairamb/go-log v0.4.1/go.mod h1:sw1KvnkZ4wKCYkvy4SL3qVZcJSWFP8Ure4pM3z+KNn4=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
|
@ -1000,8 +1000,8 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb
|
|||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45 h1:yuLAip3bfURHClMG9VBdzPrQvCWjWiWUTBGV+/fCbUs=
|
||||
golang.org/x/time v0.0.0-20220920022843-2ce7c2934d45/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af h1:Yx9k8YCG3dvF87UAn2tu2HQLf2dt/eR1bXxpLMWeH+Y=
|
||||
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
|
|
|
@ -74,7 +74,6 @@ type Config struct {
|
|||
// Headers defines a list of http headers to add to each request
|
||||
Headers []Header `json:"headers" mapstructure:"headers"`
|
||||
customTransport *http.Transport
|
||||
tlsConfig *tls.Config
|
||||
}
|
||||
|
||||
const logSender = "httpclient"
|
||||
|
@ -83,6 +82,9 @@ var httpConfig Config
|
|||
|
||||
// Initialize configures HTTP clients
|
||||
func (c *Config) Initialize(configDir string) error {
|
||||
if c.Timeout <= 0 {
|
||||
return fmt.Errorf("invalid timeout: %v", c.Timeout)
|
||||
}
|
||||
rootCAs, err := c.loadCACerts(configDir)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -98,7 +100,6 @@ func (c *Config) Initialize(configDir string) error {
|
|||
}
|
||||
customTransport.TLSClientConfig.InsecureSkipVerify = c.SkipTLSVerify
|
||||
c.customTransport = customTransport
|
||||
c.tlsConfig = customTransport.TLSClientConfig
|
||||
|
||||
err = c.loadCertificates(configDir)
|
||||
if err != nil {
|
||||
|
@ -170,13 +171,18 @@ func (c *Config) loadCertificates(configDir string) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("unable to load key pair %#v, %#v: %v", cert, key, err)
|
||||
}
|
||||
x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0])
|
||||
if err == nil {
|
||||
logger.Debug(logSender, "", "adding leaf certificate for key pair %q, %q", cert, key)
|
||||
tlsCert.Leaf = x509Cert
|
||||
}
|
||||
logger.Debug(logSender, "", "client certificate %#v and key %#v successfully loaded", cert, key)
|
||||
c.tlsConfig.Certificates = append(c.tlsConfig.Certificates, tlsCert)
|
||||
c.customTransport.TLSClientConfig.Certificates = append(c.customTransport.TLSClientConfig.Certificates, tlsCert)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetHTTPClient returns an HTTP client with the configured parameters
|
||||
// GetHTTPClient returns a new HTTP client with the configured parameters
|
||||
func GetHTTPClient() *http.Client {
|
||||
return &http.Client{
|
||||
Timeout: time.Duration(httpConfig.Timeout * float64(time.Second)),
|
||||
|
@ -189,7 +195,7 @@ func GetHTTPClient() *http.Client {
|
|||
func GetRetraybleHTTPClient() *retryablehttp.Client {
|
||||
client := retryablehttp.NewClient()
|
||||
client.HTTPClient.Timeout = time.Duration(httpConfig.Timeout * float64(time.Second))
|
||||
client.HTTPClient.Transport.(*http.Transport).TLSClientConfig = httpConfig.tlsConfig
|
||||
client.HTTPClient.Transport.(*http.Transport).TLSClientConfig = httpConfig.customTransport.TLSClientConfig
|
||||
client.Logger = &logger.LeveledLogger{Sender: "RetryableHTTPClient"}
|
||||
client.RetryWaitMin = time.Duration(httpConfig.RetryWaitMin) * time.Second
|
||||
client.RetryWaitMax = time.Duration(httpConfig.RetryWaitMax) * time.Second
|
||||
|
|
|
@ -1039,9 +1039,8 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|||
case "bmp":
|
||||
case "svg":
|
||||
case "ico":
|
||||
var view_url = row['url']+"&inline=1";
|
||||
var title = escapeHTMLForceSafe(row["name"])
|
||||
return `<a href="${view_url}" data-lightbox="image-gallery" data-title="${title}"><i class="fas fa-eye"></i></a>`;
|
||||
return `<a href="${row['url']}" data-lightbox="image-gallery" data-title="${title}"><i class="fas fa-eye"></i></a>`;
|
||||
case "mp4":
|
||||
case "mov":
|
||||
var name = b64EncodeUnicode(row["name"]);
|
||||
|
|
Loading…
Reference in a new issue