add cert query API for tests

Author: timzaak

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "spa-client"
-version = "2.2.3"
+version = "2.2.4"
 edition = "2021"
 authors = ["timzaak"]
 license = "MIT"

client/Cargo.toml

@@ -5,7 +5,7 @@ use spa_server::admin_server::request::{
     DeleteDomainVersionOption, DomainWithOptVersionOption, GetDomainOption,
     UpdateUploadingStatusOption,
 };
-use spa_server::domain_storage::{DomainInfo, ShortMetaData, UploadDomainPosition};
+use spa_server::domain_storage::{CertInfo, DomainInfo, ShortMetaData, UploadDomainPosition};
 use std::borrow::Cow;
 use std::path::PathBuf;
 
@@ -185,6 +185,12 @@ impl API {
             .await?;
         json_resp!(resp, UploadDomainPosition)
     }
+    
+    pub async fn get_acme_cert_info(&self, domain: Option<String>) -> anyhow::Result<Vec<CertInfo>> {
+        let resp = self.async_client.get(self.url("cert/acme"))
+            .query(&GetDomainOption{domain}).send().await?;
+        json_resp!(resp, Vec<CertInfo>)         
+    }
 }
 #[cfg(test)]
 mod test {

client/src/api.rs

@@ -28,7 +28,7 @@ file_dir = "/data"
 //    # directory to store account and certificate
 //    # optional, default is ${file_dir}/acme
 //    // dir = "/data/acme"
-//    # ci / stage / prod, default is prod
+//    # ci / stage / prod, default is prod, ci is just for CI test with Pebble, don't use it.
 //    //type = prod
 //  }
 

config.release.conf

@@ -1,4 +1,7 @@
 # Change Log
+
+### Version 2.2.4
+- feat: add cert query API (no doc, no client SDK support)
 ### Version 2.2.3
 - fix: sub_path '' => '/', like GitHub pages
 - fix: redirect with no querystring

docs/develop/change-log.md

@@ -40,7 +40,7 @@ file_dir = "/data"
 //    # directory to store account and certificate
 //    # optional, default is ${file_dir}/acme
 //    // dir = "/data/acme"
-//    # ci / stage / prod, default is prod
+//    # ci / stage / prod, default is prod, ci is just for CI test with Pebble, don't use it.
 //    //type = prod
 //  }
 

docs/guide/spa-server-configuration.md

@@ -1,6 +1,6 @@
 {
   "name": "spa-server-doc",
-  "version": "2.2.3",
+  "version": "2.2.4",
   "description": "This is for docs powered by VitePress",
   "private": true,
   "type": "module",

package.json

@@ -1,6 +1,6 @@
 [package]
 name = "spa-server"
-version = "2.2.3"
+version = "2.2.4"
 edition = "2021"
 authors = ["timzaak"]
 license = "MIT"
@@ -78,6 +78,6 @@ anyhow = { version = "1.0", features = ["backtrace"] }
 # solve dir walk without recursion
 walkdir = "2.5"
 # time
-chrono = "0.4"
+chrono = { version = "0.4", features = ["serde"] }
 #make if let more easy
 if_chain = "1"

server/Cargo.toml

@@ -8,7 +8,7 @@ use std::time::Duration;
 
 use anyhow::{anyhow, bail, Context};
 use base64::prelude::*;
-use chrono::{TimeZone, Utc};
+use chrono::{DateTime, TimeZone, Utc};
 use dashmap::DashMap;
 use delay_timer::prelude::{DelayTimer, Task, TaskBuilder};
 use if_chain::if_chain;
@@ -27,7 +27,7 @@ use tracing::{debug, error, info, warn};
 use walkdir::WalkDir;
 
 use crate::config::{get_host_path_from_domain, ACMEConfig, ACMEType, Config};
-use crate::domain_storage::DomainStorage;
+use crate::domain_storage::{CertInfo, DomainStorage};
 use crate::tls::load_ssl_file;
 
 const ACME_DIR: &str = "acme";
@@ -494,21 +494,58 @@ impl ACMEManager {
             .set_maximum_parallel_runnable_num(1)
             .spawn_routine(task)?)
     }
-    //TODO: add it.
     pub async fn add_new_domain(&self, host: &str) {
         let _ = self
             .sender
             .send(RefreshDomainMessage(vec![host.to_string()]))
             .await;
     }
+
+    pub async fn get_cert_data(&self, host:Option<&String>) ->anyhow::Result<Vec<CertInfo>>{
+        let result = match host {
+            Some(host) => {
+                match self.certificate_map.get(host) {
+                    Some(value) => {
+                        let [begin, end] = get_cert_validate_time(&value)?;
+                        vec![CertInfo {
+                            begin,
+                            end,
+                            host: host.to_owned(),
+                        }]
+
+                    },
+                    None => vec![]
+                }
+            }
+            None => {
+                self.certificate_map.iter().filter_map(|item| {
+                    match get_cert_validate_time(&item)  {
+                        Ok([begin, end]) => Some(CertInfo {
+                            begin, end, host:item.key().to_string()
+                        }),
+                        Err(error) => {
+                            warn!("get {} cert fail:{error}", item.key());
+                            None
+                        }
+                    }
+                }).collect()
+            }
+        };
+        Ok(result)
+    }
+
 }
 
-fn cert_need_refresh(certified_key: &CertifiedKey) -> anyhow::Result<bool> {
+fn get_cert_validate_time(certified_key: &CertifiedKey) -> anyhow::Result<[DateTime<Utc>;2]> {
     let cert = certified_key.end_entity_cert()?;
     let (_, cert) = x509_parser::parse_x509_certificate(cert.as_ref())?;
     let validity = cert.validity();
-    let [begin, end] = [validity.not_before, validity.not_after]
-        .map(|t| Utc.timestamp_opt(t.timestamp(), 0).unwrap());
+    Ok([validity.not_before, validity.not_after]
+        .map(|t| Utc.timestamp_opt(t.timestamp(), 0).unwrap()))
+}
+
+fn cert_need_refresh(certified_key: &CertifiedKey) -> anyhow::Result<bool> {
+    let [begin, end] = get_cert_validate_time(certified_key)?;
     let now = Utc::now();
     Ok(now < begin || now > end || end - now < chrono::Duration::days(9))
 }

server/src/acme.rs

@@ -1,4 +1,4 @@
-use crate::acme::ACMEManager;
+ use crate::acme::ACMEManager;
 use crate::admin_server::request::{
     DeleteDomainVersionOption, DomainWithOptVersionOption, DomainWithVersionOption,
     GetDomainOption, GetDomainPositionOption, UpdateUploadingStatusOption, UploadFileOption,
@@ -44,17 +44,18 @@ impl AdminServer {
 
     fn routes(&self) -> impl Filter<Extract = impl warp::Reply, Error = warp::Rejection> + Clone {
         self.auth().and(
-            (warp::get().and(
+            warp::get().and(
                 self.get_domain_info()
                     .or(self.get_domain_upload_path())
-                    .or(self.get_files_metadata()),
-            ))
+                    .or(self.get_files_metadata())
+                    .or(self.get_acme_cert_info())
+            )
             .or(warp::post().and(
                 self.update_domain_version()
                     .or(self.reload_server())
                     .or(self.change_upload_status())
                     .or(self.upload_file())
-                    .or(self.remove_domain_version()),
+                    .or(self.remove_domain_version())                 
             )),
         )
     }
@@ -180,6 +181,13 @@ impl AdminServer {
             .and(warp::query::<DeleteDomainVersionOption>())
             .map(service::remove_domain_version)
     }
+
+    fn get_acme_cert_info(&self) -> impl Filter<Extract = (impl warp::Reply,), Error = Rejection> + Clone  {
+        warp::path!("cert" / "acme")
+            .and(with(self.acme_manager.clone()))
+            .and(warp::query::<GetDomainOption>())
+            .and_then(service::get_acme_cert_info)
+    }
 }
 
 pub mod service {
@@ -324,7 +332,7 @@ pub mod service {
             storage.save_file(query.domain, query.version, query.path, file)?;
             return Ok(Response::default());
         }
-        return Err(anyhow!("bad params, please check the api doc: https://github.com/fornetcode/spa-server/blob/master/docs/guide/sap-server-api.md"));
+        Err(anyhow!("bad params, please check the api doc: https://github.com/fornetcode/spa-server/blob/master/docs/guide/sap-server-api.md"))
     }
 
     pub(super) fn get_files_metadata(
@@ -351,7 +359,7 @@ pub mod service {
             storage
                 .get_domain_info_by_domain(&domain)
                 .map(|v| vec![v])
-                .unwrap_or(vec![])
+                .unwrap_or_default()
         } else {
             storage.get_domain_info().unwrap_or_else(|_| vec![])
         };
@@ -362,7 +370,7 @@ pub mod service {
                         .or(info.versions.iter().max().map(|x| *x))
                 {
                     //TODO: fix it, get reserve versions by array index compare, rather than -.
-                    max_version = max_version - max_reserve;
+                    max_version -= max_reserve;
                     info.versions
                         .into_iter()
                         .filter(|v| *v < max_version)
@@ -384,6 +392,20 @@ pub mod service {
         }
         Response::default()
     }
+    pub(super) async fn get_acme_cert_info(
+        acme_manager: Arc<ACMEManager>,
+        query: GetDomainOption,
+    ) -> Result<Response, Infallible> {
+        let resp = match acme_manager.get_cert_data(query.domain.as_ref()).await {
+            Ok(data) => warp::reply::json(&data).into_response(),
+            Err(err) => {
+                let mut resp = Response::new(Body::from(err.to_string()));
+                *resp.status_mut() = StatusCode::BAD_REQUEST;
+                resp
+            }
+        };
+        Ok(resp)
+    }
 }
 
 pub mod request {
@@ -395,16 +417,12 @@ pub mod request {
         pub domain: Option<String>,
     }
 
-    #[derive(Deserialize, Serialize, Debug, Eq, PartialEq)]
+    #[derive(Deserialize, Serialize, Debug, Eq, PartialEq, Default)]
     pub enum GetDomainPositionFormat {
+        #[default]
         Path,
         Json,
     }
-    impl Default for GetDomainPositionFormat {
-        fn default() -> Self {
-            GetDomainPositionFormat::Path
-        }
-    }
 
     #[derive(Deserialize, Serialize, Debug)]
     pub struct GetDomainPositionOption {
@@ -492,7 +510,7 @@ mod test {
         assert!(task.is_valid());
         for _ in 0..10 {
             let time = task.get_next_exec_timestamp().unwrap() as i64;
-            let time = NaiveDateTime::from_timestamp(time, 0);
+            let time = NaiveDateTime::from_timestamp_opt(time, 0).unwrap();
             let time: DateTime<Utc> = DateTime::from_utc(time, Utc);
             println!("{}", time.format("%Y-%m-%d %H:%M:%S"));
         }

server/src/admin_server.rs

@@ -13,6 +13,7 @@ use std::io::{Read, Write};
 use std::ops::RangeInclusive;
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
+use chrono::{DateTime, Utc};
 use tracing::{debug, info};
 use walkdir::{DirEntry, WalkDir};
 use warp::fs::sanitize_path;
@@ -743,6 +744,14 @@ pub struct UploadDomainPosition {
     pub status: GetDomainPositionStatus,
 }
 
+#[derive(Deserialize, Serialize, Debug)]
+pub struct CertInfo {
+    pub begin: DateTime<Utc>,
+    pub end: DateTime<Utc>,
+    pub host: String,
+}
+
+
 #[cfg(test)]
 mod test {
     use crate::config::Config;

server/src/domain_storage.rs

@@ -3,6 +3,7 @@ use std::fs;
 use std::path::PathBuf;
 use std::time::Duration;
 use tokio::time::sleep;
+use spa_server::config::get_host_path_from_domain;
 
 mod common;
 
@@ -30,14 +31,35 @@ async fn simple_acme_test() {
     sleep(Duration::from_secs(2)).await;
     upload_file_and_check(domain, request_prefix, 1, vec![]).await;
 
-    sleep(Duration::from_secs(10)).await;
+    let (api, _) = get_client_api("client_config.conf");
+    let mut wait_count =0;
+    loop {
+        assert!(wait_count < 20, "20 seconds doest not have cert");
+        sleep(Duration::from_secs(1)).await;
+        let cert_info = api.get_acme_cert_info(Some(get_host_path_from_domain(domain).0.to_string())).await.unwrap();
+        if !cert_info.is_empty() {
+            break
+        }
+        wait_count +=1;
+    }
+
     assert_files(domain, request_prefix, 1, vec!["", "index.html"]).await;
-    // sometimes it output error. don't know why
     /*
+    wait_count = 0;
     server.abort();
-    sleep(Duration::from_secs(2)).await;
+    println!("begin to loop server close");
+    loop {
+        assert!(wait_count < 20, "10 seconds server does not stop");
+        sleep(Duration::from_secs(1)).await;
+        let cert_info = api.get_domain_info(Some(get_host_path_from_domain(domain).0.to_string())).await;
+        if cert_info.is_err() {
+            break
+        }
+        wait_count +=1;
+    }
+    // sometimes it output error. don't know why
     run_server_with_config("server_config_acme.conf");
     sleep(Duration::from_secs(2)).await;
-    assert_files(domain, request_prefix, 1, vec!["", "index.html"]).await;
+    assert_files(domain, request_prefix, 1, vec!["", "index.html"]).await;    
      */
 }