bullion 0.3.0 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +0 -1
- data/Dockerfile +6 -16
- data/Gemfile.lock +39 -7
- data/README.md +1 -1
- data/Rakefile +20 -5
- data/bullion.gemspec +1 -0
- data/lib/bullion/challenge_client.rb +1 -1
- data/lib/bullion/challenge_clients/dns.rb +10 -13
- data/lib/bullion/models/account.rb +2 -2
- data/lib/bullion/models/authorization.rb +1 -1
- data/lib/bullion/models/certificate.rb +1 -1
- data/lib/bullion/models/challenge.rb +7 -0
- data/lib/bullion/models/order.rb +1 -1
- data/lib/bullion/service.rb +10 -1
- data/lib/bullion/version.rb +1 -1
- metadata +16 -3
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eeb140b2f96dc4b7a1b90dd67def6ea51aa6cafe95d539802ff08d5051215944
|
4
|
+
data.tar.gz: ebadc84892a2cd895d1d5c89491df517b2a5e71a59aa245211a0e603d43a3fb5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 37844c15c8c40d311f1dd8bbc31661b8810af1af7641ff799509a27b9bf325780a7c8c15f307efc59de9065c9c430e674f198bd67b5a8cf54e0a2a096ac4cb4f
|
7
|
+
data.tar.gz: 88bb5cb35c0cdf2c857538a631fa8ac681a70b56df56ec7d6bf6843597c778ddc07fa3cae54dc90a6585727b87a32bc76bad3942b850f2544b86feff03d1b91e
|
data/.rspec
CHANGED
data/Dockerfile
CHANGED
@@ -1,34 +1,25 @@
|
|
1
|
-
FROM ruby:3.1
|
1
|
+
FROM ruby:3.1 AS build
|
2
2
|
|
3
3
|
ENV RACK_ENV=development
|
4
4
|
|
5
5
|
COPY . /build
|
6
6
|
|
7
|
-
RUN
|
8
|
-
&& apk --no-cache add git mariadb-client mariadb-connector-c \
|
9
|
-
runit sqlite-dev \
|
10
|
-
&& apk --no-cache add --virtual build-dependencies \
|
11
|
-
build-base mariadb-dev
|
7
|
+
RUN apt-get update && apt-get upgrade -y && apt-get install -y libsqlite3-dev sqlite3 curl libsodium-dev
|
12
8
|
|
13
|
-
RUN
|
14
|
-
&& cd /build \
|
9
|
+
RUN cd /build \
|
15
10
|
&& gem build bullion.gemspec \
|
16
11
|
&& mv bullion*.gem /bullion.gem
|
17
12
|
|
18
13
|
WORKDIR /build
|
19
14
|
|
20
|
-
FROM ruby:3.1
|
15
|
+
FROM ruby:3.1
|
21
16
|
LABEL maintainer="Jonathan Gnagy <jonathan.gnagy@gmail.com>"
|
22
17
|
|
23
18
|
ENV BULLION_PORT=9292
|
24
19
|
ENV BULLION_ENVIRONMENT=development
|
25
20
|
ENV DATABASE_URL=sqlite3:///tmp/bullion.db
|
26
21
|
|
27
|
-
RUN
|
28
|
-
&& apk --no-cache add git mariadb-client mariadb-connector-c \
|
29
|
-
runit sqlite-dev \
|
30
|
-
&& apk --no-cache add --virtual build-dependencies \
|
31
|
-
build-base mariadb-dev
|
22
|
+
RUN apt-get update && apt-get upgrade -y && apt-get -y install libsqlite3-dev sqlite3 curl libsodium-dev
|
32
23
|
|
33
24
|
RUN mkdir /app
|
34
25
|
|
@@ -47,8 +38,7 @@ RUN chmod +x /entrypoint.sh \
|
|
47
38
|
|
48
39
|
WORKDIR /app
|
49
40
|
|
50
|
-
RUN gem install bullion.gem
|
51
|
-
&& apk del build-dependencies
|
41
|
+
RUN gem install bullion.gem
|
52
42
|
|
53
43
|
USER nobody
|
54
44
|
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bullion (0.3.
|
4
|
+
bullion (0.3.3)
|
5
5
|
httparty (~> 0.18)
|
6
6
|
json (~> 2.6)
|
7
7
|
jwt (~> 2.4)
|
@@ -31,10 +31,13 @@ GEM
|
|
31
31
|
minitest (>= 5.1)
|
32
32
|
tzinfo (~> 2.0)
|
33
33
|
ast (2.4.2)
|
34
|
+
backport (1.2.0)
|
35
|
+
benchmark (0.2.0)
|
34
36
|
byebug (11.1.3)
|
35
37
|
concurrent-ruby (1.1.10)
|
36
38
|
diff-lcs (1.5.0)
|
37
39
|
docile (1.4.0)
|
40
|
+
e2mmap (0.1.0)
|
38
41
|
faraday (2.3.0)
|
39
42
|
faraday-net_http (~> 2.0)
|
40
43
|
ruby2_keywords (>= 0.0.4)
|
@@ -45,11 +48,17 @@ GEM
|
|
45
48
|
multi_xml (>= 0.5.2)
|
46
49
|
i18n (1.12.0)
|
47
50
|
concurrent-ruby (~> 1.0)
|
51
|
+
jaro_winkler (1.5.4)
|
48
52
|
json (2.6.2)
|
49
53
|
jwt (2.4.1)
|
54
|
+
kramdown (2.4.0)
|
55
|
+
rexml
|
56
|
+
kramdown-parser-gfm (1.1.0)
|
57
|
+
kramdown (~> 2.0)
|
50
58
|
mime-types (3.4.1)
|
51
59
|
mime-types-data (~> 3.2015)
|
52
60
|
mime-types-data (3.2022.0105)
|
61
|
+
mini_portile2 (2.8.0)
|
53
62
|
minitest (5.16.2)
|
54
63
|
multi_json (1.15.0)
|
55
64
|
multi_xml (0.6.0)
|
@@ -57,6 +66,9 @@ GEM
|
|
57
66
|
ruby2_keywords (~> 0.0.1)
|
58
67
|
mysql2 (0.5.4)
|
59
68
|
nio4r (2.5.8)
|
69
|
+
nokogiri (1.13.7)
|
70
|
+
mini_portile2 (~> 2.8.0)
|
71
|
+
racc (~> 1.4)
|
60
72
|
openssl (3.0.0)
|
61
73
|
parallel (1.22.1)
|
62
74
|
parser (3.1.2.0)
|
@@ -64,6 +76,7 @@ GEM
|
|
64
76
|
prometheus-client (4.0.0)
|
65
77
|
puma (5.6.4)
|
66
78
|
nio4r (~> 2.0)
|
79
|
+
racc (1.6.0)
|
67
80
|
rack (2.2.4)
|
68
81
|
rack-protection (2.2.1)
|
69
82
|
rack
|
@@ -72,6 +85,8 @@ GEM
|
|
72
85
|
rainbow (3.1.1)
|
73
86
|
rake (12.3.3)
|
74
87
|
regexp_parser (2.5.0)
|
88
|
+
reverse_markdown (2.1.1)
|
89
|
+
nokogiri
|
75
90
|
rexml (3.2.5)
|
76
91
|
rspec (3.11.0)
|
77
92
|
rspec-core (~> 3.11.0)
|
@@ -86,22 +101,22 @@ GEM
|
|
86
101
|
diff-lcs (>= 1.2.0, < 2.0)
|
87
102
|
rspec-support (~> 3.11.0)
|
88
103
|
rspec-support (3.11.0)
|
89
|
-
rubocop (1.
|
104
|
+
rubocop (1.32.0)
|
90
105
|
json (~> 2.3)
|
91
106
|
parallel (~> 1.10)
|
92
107
|
parser (>= 3.1.0.0)
|
93
108
|
rainbow (>= 2.2.2, < 4.0)
|
94
109
|
regexp_parser (>= 1.8, < 3.0)
|
95
110
|
rexml (>= 3.2.5, < 4.0)
|
96
|
-
rubocop-ast (>= 1.
|
111
|
+
rubocop-ast (>= 1.19.1, < 2.0)
|
97
112
|
ruby-progressbar (~> 1.7)
|
98
113
|
unicode-display_width (>= 1.4.0, < 3.0)
|
99
114
|
rubocop-ast (1.19.1)
|
100
115
|
parser (>= 3.1.1.0)
|
101
116
|
rubocop-rake (0.6.0)
|
102
117
|
rubocop (~> 1.0)
|
103
|
-
rubocop-rspec (2.
|
104
|
-
rubocop (~> 1.
|
118
|
+
rubocop-rspec (2.12.1)
|
119
|
+
rubocop (~> 1.31)
|
105
120
|
ruby-progressbar (1.11.0)
|
106
121
|
ruby2_keywords (0.0.5)
|
107
122
|
simplecov (0.21.2)
|
@@ -127,9 +142,25 @@ GEM
|
|
127
142
|
rack-protection (= 2.2.1)
|
128
143
|
sinatra (= 2.2.1)
|
129
144
|
tilt (~> 2.0)
|
145
|
+
solargraph (0.45.0)
|
146
|
+
backport (~> 1.2)
|
147
|
+
benchmark
|
148
|
+
bundler (>= 1.17.2)
|
149
|
+
diff-lcs (~> 1.4)
|
150
|
+
e2mmap
|
151
|
+
jaro_winkler (~> 1.5)
|
152
|
+
kramdown (~> 2.3)
|
153
|
+
kramdown-parser-gfm (~> 1.1)
|
154
|
+
parser (~> 3.0)
|
155
|
+
reverse_markdown (>= 1.0.5, < 3)
|
156
|
+
rubocop (>= 0.52)
|
157
|
+
thor (~> 1.0)
|
158
|
+
tilt (~> 2.0)
|
159
|
+
yard (~> 0.9, >= 0.9.24)
|
130
160
|
sqlite3 (1.4.4)
|
131
|
-
|
132
|
-
|
161
|
+
thor (1.2.1)
|
162
|
+
tilt (2.0.11)
|
163
|
+
tzinfo (2.0.5)
|
133
164
|
concurrent-ruby (~> 1.0)
|
134
165
|
unicode-display_width (2.2.0)
|
135
166
|
webrick (1.7.0)
|
@@ -152,6 +183,7 @@ DEPENDENCIES
|
|
152
183
|
rubocop-rspec (~> 2.11)
|
153
184
|
simplecov (~> 0.21)
|
154
185
|
simplecov-cobertura (~> 2.1)
|
186
|
+
solargraph (~> 0.45)
|
155
187
|
yard (~> 0.9)
|
156
188
|
|
157
189
|
BUNDLED WITH
|
data/README.md
CHANGED
@@ -36,7 +36,7 @@ Whether run locally or via Docker, the following environment variables configure
|
|
36
36
|
| `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
|
37
37
|
| `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
|
38
38
|
| `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
|
39
|
-
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either
|
39
|
+
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either begin with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
40
40
|
| `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
|
41
41
|
| `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
|
42
42
|
| `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
|
data/Rakefile
CHANGED
@@ -20,7 +20,14 @@ namespace :db do
|
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
|
-
RSpec::Core::RakeTask.new(:spec)
|
23
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
24
|
+
t.exclude_pattern = "spec/integration/**{,/*/**}/*_spec.rb"
|
25
|
+
t.rspec_opts = "--require spec_helper"
|
26
|
+
end
|
27
|
+
RSpec::Core::RakeTask.new(:integration_testing) do |t|
|
28
|
+
t.pattern = "spec/integration/**{,/*/**}/*_spec.rb"
|
29
|
+
t.rspec_opts = "--require integration_helper"
|
30
|
+
end
|
24
31
|
RuboCop::RakeTask.new(:rubocop)
|
25
32
|
YARD::Rake::YardocTask.new
|
26
33
|
|
@@ -64,7 +71,14 @@ task :prep do
|
|
64
71
|
end
|
65
72
|
|
66
73
|
task :demo do
|
67
|
-
|
74
|
+
rack_env = "test"
|
75
|
+
database_url = "sqlite3:#{File.expand_path(".")}/tmp/db/#{rack_env}.sqlite3"
|
76
|
+
system("RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" bundle exec rake db:migrate")
|
77
|
+
system(
|
78
|
+
"RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" " \
|
79
|
+
"LOG_LEVEL='#{ENV.fetch("LOG_LEVEL", "info")}' " \
|
80
|
+
"rackup -D -P #{File.expand_path(".")}/tmp/daemon.pid"
|
81
|
+
)
|
68
82
|
end
|
69
83
|
|
70
84
|
task :foreground_demo do
|
@@ -85,10 +99,11 @@ task :cleanup do
|
|
85
99
|
end
|
86
100
|
end
|
87
101
|
|
88
|
-
Rake::Task["
|
102
|
+
Rake::Task["integration_testing"].enhance(["cleanup"])
|
89
103
|
|
90
|
-
task
|
104
|
+
task test: %i[prep db:migrate spec demo integration_testing]
|
105
|
+
task unit: %i[prep db:migrate spec]
|
91
106
|
|
92
|
-
task
|
107
|
+
task default: %i[test rubocop yard]
|
93
108
|
|
94
109
|
task local_demo: %i[prep db:migrate foreground_demo]
|
data/bullion.gemspec
CHANGED
@@ -49,5 +49,6 @@ Gem::Specification.new do |spec|
|
|
49
49
|
spec.add_development_dependency "rubocop-rspec", "~> 2.11"
|
50
50
|
spec.add_development_dependency "simplecov", "~> 0.21"
|
51
51
|
spec.add_development_dependency "simplecov-cobertura", "~> 2.1"
|
52
|
+
spec.add_development_dependency "solargraph", "~> 0.45"
|
52
53
|
spec.add_development_dependency "yard", "~> 0.9"
|
53
54
|
end
|
@@ -23,29 +23,26 @@ module Bullion
|
|
23
23
|
Base64.urlsafe_encode64(digest).sub(/[\s=]*\z/, "")
|
24
24
|
end
|
25
25
|
|
26
|
-
def
|
27
|
-
|
26
|
+
def dns_name
|
27
|
+
"_acme-challenge.#{identifier}"
|
28
|
+
end
|
28
29
|
|
30
|
+
def dns_value
|
29
31
|
# Randomly select a nameserver to pull the TXT record
|
30
32
|
nameserver = NAMESERVERS.sample
|
31
33
|
|
32
|
-
LOGGER.debug "Looking up #{
|
33
|
-
records = records_for(
|
34
|
-
raise "Failed to find records for #{
|
34
|
+
LOGGER.debug "Looking up #{dns_name}"
|
35
|
+
records = records_for(dns_name, nameserver)
|
36
|
+
raise "Failed to find records for #{dns_name}" unless records
|
35
37
|
|
36
38
|
record = records.map(&:strings).flatten.first
|
37
|
-
LOGGER.debug "Resolved #{
|
39
|
+
LOGGER.debug "Resolved #{dns_name} to value #{record}"
|
38
40
|
record
|
39
|
-
rescue
|
40
|
-
msg = ["Resolution error for #{
|
41
|
+
rescue StandardError => e
|
42
|
+
msg = ["Resolution error '#{e.message}' for #{dns_name}"]
|
41
43
|
msg << "via #{nameserver}" if nameserver
|
42
44
|
LOGGER.info msg.join(" ")
|
43
45
|
false
|
44
|
-
rescue StandardError => e
|
45
|
-
msg = ["Error '#{e.message}' for #{name}"]
|
46
|
-
msg << "with #{nameserver}" if nameserver
|
47
|
-
LOGGER.warn msg.join(" ")
|
48
|
-
false
|
49
46
|
end
|
50
47
|
|
51
48
|
def records_for(name, nameserver = nil)
|
@@ -11,6 +11,13 @@ module Bullion
|
|
11
11
|
validates :acme_type, inclusion: { in: %w[http-01 dns-01] }
|
12
12
|
validates :status, inclusion: { in: %w[invalid pending processing valid] }
|
13
13
|
|
14
|
+
scope :dns01, -> { where(acme_type: "dns-01") }
|
15
|
+
scope :http01, -> { where(acme_type: "http-01") }
|
16
|
+
|
17
|
+
def identifier
|
18
|
+
authorization.identifier["value"]
|
19
|
+
end
|
20
|
+
|
14
21
|
def init_values
|
15
22
|
self.expires ||= Time.now + (60 * 60)
|
16
23
|
self.token ||= SecureRandom.alphanumeric(48)
|
data/lib/bullion/models/order.rb
CHANGED
data/lib/bullion/service.rb
CHANGED
@@ -11,17 +11,26 @@ module Bullion
|
|
11
11
|
set :logging, true
|
12
12
|
set :logger, Bullion::LOGGER
|
13
13
|
set :database, DB_CONNECTION_SETTINGS
|
14
|
+
set :show_exceptions, false
|
14
15
|
end
|
15
16
|
|
16
17
|
before do
|
17
18
|
# Sets up a useful variable (@json_body) for accessing a parsed request body
|
18
19
|
if request.content_type&.include?("json") && !request.body.read.empty?
|
19
|
-
p request.body
|
20
20
|
request.body.rewind
|
21
21
|
@json_body = JSON.parse(request.body.read, symbolize_names: true)
|
22
22
|
end
|
23
23
|
rescue StandardError => e
|
24
24
|
halt(400, { error: "Request must be JSON: #{e.message}}" }.to_json)
|
25
25
|
end
|
26
|
+
|
27
|
+
error do
|
28
|
+
content_type :json
|
29
|
+
|
30
|
+
e = env["sinatra.error"]
|
31
|
+
resp = { result: "error", message: e.message }
|
32
|
+
resp[:trace] = e.full_message if settings.environment.to_s != "production"
|
33
|
+
resp.to_json
|
34
|
+
end
|
26
35
|
end
|
27
36
|
end
|
data/lib/bullion/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bullion
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Gnagy
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-07
|
11
|
+
date: 2022-08-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: httparty
|
@@ -318,6 +318,20 @@ dependencies:
|
|
318
318
|
- - "~>"
|
319
319
|
- !ruby/object:Gem::Version
|
320
320
|
version: '2.1'
|
321
|
+
- !ruby/object:Gem::Dependency
|
322
|
+
name: solargraph
|
323
|
+
requirement: !ruby/object:Gem::Requirement
|
324
|
+
requirements:
|
325
|
+
- - "~>"
|
326
|
+
- !ruby/object:Gem::Version
|
327
|
+
version: '0.45'
|
328
|
+
type: :development
|
329
|
+
prerelease: false
|
330
|
+
version_requirements: !ruby/object:Gem::Requirement
|
331
|
+
requirements:
|
332
|
+
- - "~>"
|
333
|
+
- !ruby/object:Gem::Version
|
334
|
+
version: '0.45'
|
321
335
|
- !ruby/object:Gem::Dependency
|
322
336
|
name: yard
|
323
337
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,7 +359,6 @@ files:
|
|
345
359
|
- ".rspec"
|
346
360
|
- ".rubocop.yml"
|
347
361
|
- ".ruby-version"
|
348
|
-
- ".travis.yml"
|
349
362
|
- CODE_OF_CONDUCT.md
|
350
363
|
- Dockerfile
|
351
364
|
- Gemfile
|
data/.travis.yml
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
cache: bundler
|
3
|
-
rvm:
|
4
|
-
- 2.6
|
5
|
-
- 2.7
|
6
|
-
before_install: gem install bundler -v 2.1.4
|
7
|
-
deploy:
|
8
|
-
provider: rubygems
|
9
|
-
api_key:
|
10
|
-
secure: jCGp7gsBcWZhEXQfFkcJKh+6zsAbsAkzyf0rS/IYuJ/IltrZzVm8KXugYMAhL8ZgvKl7ecFhjOmXOMC4q+YPh0ax5ozzbwipR9JoMiACh24RDB302Ye66eyO8xMAQK/KYqyy5ym9mT6ZpP/kKwvIEYJOBjypQ4+Rk+OZJize6L0MAmAtwfRNo9ah7czCQ2wdl18Ss7nfCs9jFrL6aTdZTHi0uolfz2lXHE5kgxSaQoF+xRIYkb4WLrUwypMt9oYimp4LGP+a5BwWIEyz+Kw1i3XXl9cdusKrkGH1no+eNoiK1pAFy6DC6tR1Dtw95EoMCnRhgJ99f5pf2J/3FrJYyUFk0Fph3SWsO8x6EJ05YAnuql+jcuzsXYn3/TCDilS6kbP2NY4anTZLxOha2VesIqtWsT6skKac+zVa9YCG+DVSqaUig93fNxyw+c27giY4oDAOvRBo10m/r4QFJ1oiK+PTHf4phuUtjhVWAzRasSk2Q+nNIK8XHNgtp/GY8RYkxzANsotwg3aZ2FsCh3+9KwZYyEh+pD+n7Ev4d+Lqr5hw2VhIzaY/RbzGkADFuXxz5BVOE42iKdtO1MSycFDGmegQancyt1XDT0dVYhXI8gnw9BvixVmgPMVqTVdodLpjZFLyFbIB93l7zO07gSQ1sVmwhEUL0rbTEBfPPwNX78w=
|
11
|
-
gem: bullion
|
12
|
-
on:
|
13
|
-
tags: true
|
14
|
-
rvm: 2.6
|
15
|
-
repo: jgnagy/bullion
|
16
|
-
skip_cleanup: 'true'
|