letsencrypt_heroku 0.1.3 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2cac0b25f72c3190be77975f3a93dec7041cc3a0
-  data.tar.gz: c02456232fa21321e1b6edda57f4ecd49e2e7973
+  metadata.gz: 84cc20b0f946f057dbb97dbc47775fb65e34841a
+  data.tar.gz: da5efa37f2ae9edb0c937d8b3badb0eab32ed147
 SHA512:
-  metadata.gz: 1dbeb5d5b31f62654d02085d2e62423ea4b0c04c56a10514ffa2e6518ef3cd09f3279231825fe3b2c0a4101efa7fb7ab48a25c3d5bad298b327a0d76cb588186
-  data.tar.gz: 07fe6c940ecb08a24937c8e34b18c720a16b28fe0151664a6832328b26db4580c47df48cace4a4c662d3f0fea5398a9820592e8013e57c74884aeeca7316f81b
+  metadata.gz: ee3808965a511242b527a62118c2d8f06a2b1b5bf6368aeb439973871d1b365dc751b7e27e2073315eda3ca30082728c484d24aa6eb3268d58cce9f511d582b8
+  data.tar.gz: 1ffcd1a23790403c2a372b2f36c8e80d7d3f121635093200b68feaad6d88dcbb61b18a524fa9e3712b7a36464597309e275464ea3803983579297e71ffe2e59d

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/log/

data/README.md

@@ -19,13 +19,19 @@ You'll need a `config/letsencrypt_heroku.yml`
 
     - contact:    contact@foobar.dev
       domains:    foobar.dev www.foobar.dev
-      herokuapp:  foobar
+      heroku_app: foobar
 
 And finally execute
 
     $ letsencrypt_heroku
 
+Please note that your application needs to be restarted for every individual domain in your config. The restart happens
+automatically when the heroku challenge response gets set as environment variable.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/xijo/letsencrypt_heroku.
 
+## TODO
+
+- configurable config file location

data/bin/letsencrypt_heroku

@@ -2,5 +2,39 @@
 
 require 'bundler/setup'
 require 'letsencrypt_heroku'
+require 'optparse'
+
+class Parser
+  def self.parse(options)
+    args = {}
+
+    opt_parser = OptionParser.new do |opts|
+      opts.banner = "Usage: letsencrypt_heroku [options]"
+
+      # opts.on("-rNAME", "--restriction=NAME", "Restrict process to config entries where at least one domain matches the given value") do |restriction|
+      #   args[:restriction] = restriction
+      # end
+
+      # opts.on("-s", "--setup", "Generate config and put it into config/letsencrypt_heroku.yml") do |n|
+      #   LetsencryptHeroku::ConfigBuilder.new.perform
+      #   exit
+      # end
+
+      # opts.on("-c", "--check", "Parse config and print problems") do |n|
+      #   puts "perform check"
+      #   exit
+      # end
+
+      opts.on("-h", "--help", "Prints this help") do
+        puts opts
+        exit
+      end
+    end
+
+    opt_parser.parse!(options)
+    return args
+  end
+end
+options = Parser.parse ARGV
 
 LetsencryptHeroku::CLI.run

data/lib/letsencrypt_heroku.rb

@@ -3,20 +3,36 @@ require 'tty-spinner'
 require 'yaml'
 require 'acme-client'
 require 'openssl'
+require 'logger'
+require 'ostruct'
 require 'letsencrypt_heroku/version'
-require 'letsencrypt_heroku/setup'
+require 'letsencrypt_heroku/tools'
+require 'letsencrypt_heroku/process'
+require 'letsencrypt_heroku/config_builder'
+require 'letsencrypt_heroku/process/prepare_config'
+require 'letsencrypt_heroku/process/check_preconditions'
+require 'letsencrypt_heroku/process/setup_client'
+require 'letsencrypt_heroku/process/authorize_domains'
+require 'letsencrypt_heroku/process/update_certificates'
 
 module LetsencryptHeroku
   class CLI
     CONFIG_FILE = 'config/letsencrypt_heroku.yml'
 
+    # generate config?
+
+    # limit to domain, skip other configs
+
     def self.run
       if File.exist?(CONFIG_FILE)
         configs = Array(YAML.load(File.read(CONFIG_FILE))).map { |c| OpenStruct.new(c) }
-        configs.each { |config| Setup.new(config).perform }
+        configs.each { |config| Process.new(config).perform }
       else
         puts Rainbow("Missing config: #{CONFIG_FILE}").red
       end
     end
   end
+
+  class TaskError < StandardError
+  end
 end

data/lib/letsencrypt_heroku/config_builder.rb

@@ -0,0 +1,14 @@
+class LetsencryptHeroku::ConfigBuilder
+  include LetsencryptHeroku::Tools
+
+  # Create a letsencrypt_heroku config file under the given path.
+  #
+  def perform(path = 'config/letsencrypt_heroku.yml')
+    banner 'Generate:', "#{Dir.pwd}/#{path}"
+
+    output("write file") do
+      error('already exists') if File.exists?(path)
+
+    end
+  end
+end

data/lib/letsencrypt_heroku/process.rb

@@ -0,0 +1,15 @@
+module LetsencryptHeroku
+  class Process
+    attr_accessor :context
+
+    def initialize(config)
+      @context = OpenStruct.new(config: config)
+    end
+
+    def perform
+      [PrepareConfig, CheckPreconditions, SetupClient, AuthorizeDomains, UpdateCertificates].each do |klass|
+        klass.new.perform(context)
+      end
+    end
+  end
+end

data/lib/letsencrypt_heroku/process/authorize_domains.rb

@@ -0,0 +1,38 @@
+class LetsencryptHeroku::Process
+  class AuthorizeDomains
+    include LetsencryptHeroku::Tools
+
+    def perform(context)
+      context.config.domains.each do |domain|
+        output "Authorize #{domain}" do
+          authorize(domain: domain, context: context)
+        end
+      end
+    end
+
+    def authorize(domain:, context:)
+      challenge = context.client.authorize(domain: domain).http01
+
+      execute "heroku config:set LETSENCRYPT_RESPONSE=#{challenge.file_content} --app #{context.config.heroku_challenge_app}"
+
+      test_response(domain: domain, challenge: challenge)
+
+      challenge.request_verification
+      sleep(1) while 'pending' == challenge.verify_status
+      challenge.verify_status == 'valid' or error('failed authorization')
+    end
+
+    def test_response(domain:, challenge:)
+      url        = "http://#{domain}/#{challenge.filename}"
+      fail_count = 0
+      answer     = nil
+
+      while answer != challenge.file_content
+        error('failed test response') if fail_count > 30
+        fail_count += 1
+        sleep(1)
+        answer = `curl -sL #{url}`
+      end
+    end
+  end
+end

data/lib/letsencrypt_heroku/process/check_preconditions.rb

@@ -0,0 +1,15 @@
+class LetsencryptHeroku::Process
+  class CheckPreconditions
+    include LetsencryptHeroku::Tools
+
+    def perform(context)
+      banner 'Running for:', context.config.domains.join(', ')
+      output 'Prepare SSL endpoint' do
+        execute "heroku labs:enable http-sni --app #{context.config.heroku_certificate_app}"
+        execute 'heroku plugins:install heroku-certs'
+      end
+    end
+  end
+end
+
+

data/lib/letsencrypt_heroku/process/prepare_config.rb

@@ -0,0 +1,25 @@
+class LetsencryptHeroku::Process
+  class PrepareConfig
+    include LetsencryptHeroku::Tools
+
+    def perform(context)
+      config = context.config
+      config.domains = config.domains.to_s.split
+      config.heroku_certificate_app ||= config.heroku_app
+      config.heroku_challenge_app   ||= config.heroku_app
+
+      validate_config(config)
+      context
+    end
+
+    def validate_config(config)
+      if config.domains.empty?
+        error('Please provide `domains`')
+      end
+
+      unless config.heroku_certificate_app && config.heroku_challenge_app
+        error('Please provide `heroku_app`')
+      end
+    end
+  end
+end

data/lib/letsencrypt_heroku/process/setup_client.rb

@@ -0,0 +1,24 @@
+class LetsencryptHeroku::Process
+  class SetupClient
+    include LetsencryptHeroku::Tools
+
+    PRODUCTION = 'https://acme-v01.api.letsencrypt.org/'
+    STAGING    = 'https://acme-staging.api.letsencrypt.org/'
+
+    def perform(context)
+      output 'Contact letsencrypt server' do
+        context.client = build_client
+        context.client.register(contact: "mailto:#{context.config.contact}").agree_terms or error('registration failed')
+      end
+    end
+
+    def build_client
+      Acme::Client.new(private_key: private_key, endpoint: PRODUCTION)
+    end
+
+    def private_key
+      OpenSSL::PKey::RSA.new(4096)
+    end
+  end
+end
+

data/lib/letsencrypt_heroku/process/update_certificates.rb

@@ -0,0 +1,30 @@
+class LetsencryptHeroku::Process
+  class UpdateCertificates
+    include LetsencryptHeroku::Tools
+
+    def perform(context)
+      herokuapp = context.config.heroku_certificate_app
+
+      output 'Update certificates' do
+        csr = Acme::Client::CertificateRequest.new(names: context.config.domains)
+        certificate = context.client.new_certificate(csr)
+        File.write('privkey.pem', certificate.request.private_key.to_pem)
+        File.write('fullchain.pem', certificate.fullchain_to_pem)
+
+        if has_already_cert(herokuapp)
+          execute "heroku _certs:update fullchain.pem privkey.pem --confirm #{herokuapp} --app #{herokuapp}"
+        else
+          execute "heroku _certs:add fullchain.pem privkey.pem --app #{herokuapp}"
+        end
+        FileUtils.rm %w(privkey.pem fullchain.pem)
+      end
+      puts # finish the output with a nice newline ;)
+    end
+
+    def has_already_cert(herokuapp)
+      Open3.popen3("heroku _certs:info --app #{herokuapp}") do |stdin, stdout, stderr, wait_thr|
+        return wait_thr.value.success?
+      end
+    end
+  end
+end

data/lib/letsencrypt_heroku/tools.rb

@@ -0,0 +1,54 @@
+module LetsencryptHeroku
+  module Tools
+    def banner(msg, values = nil)
+      puts "\n #{Rainbow(msg).blue} #{values.to_s}\n\n"
+    end
+
+    def output(name)
+      log name
+      @_spinner = build_spinner(name)
+      @_spinner.start
+      yield
+      @_spinner.success
+    rescue LetsencryptHeroku::TaskError
+      exit
+    end
+
+    def log(message, level: :info)
+      message.to_s.empty? and return
+      level == :info ? logger.info(message) : logger.error(message)
+    end
+
+    def error(reason = nil)
+      log reason, level: :error
+      @_spinner && @_spinner.error("(#{reason.strip})")
+      raise LetsencryptHeroku::TaskError, reason
+    end
+
+    def execute(command)
+      log command
+      Open3.popen3(command) do |stdin, stdout, stderr, wait_thr|
+        out, err = stdout.read, stderr.read
+        log out
+        log err
+        wait_thr.value.success? or error(err.force_encoding('utf-8').sub(' ▸    ', 'heroku: '))
+      end
+    end
+
+    private
+
+    def logger
+      @logger ||= Logger.new(File.open('log/letsencrypt_heroku.log', File::WRONLY | File::APPEND | File::CREAT))
+    end
+
+    def build_spinner(name)
+      TTY::Spinner.new(" :spinner #{name}",
+        format:       :dots,
+        interval:     20,
+        frames:       [ "⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏" ].map { |s| Rainbow(s).yellow.bright },
+        success_mark: Rainbow('✔').green,
+        error_mark:   Rainbow('✘').red
+      )
+    end
+  end
+end

data/lib/letsencrypt_heroku/version.rb

@@ -1,3 +1,3 @@
 module LetsencryptHeroku
-  VERSION = "0.1.3"
+  VERSION = "0.2.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: letsencrypt_heroku
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.2.3
 platform: ruby
 authors:
 - Johannes Opper
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-17 00:00:00.000000000 Z
+date: 2016-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
@@ -128,7 +128,14 @@ files:
 - bin/setup
 - letsencrypt_heroku.gemspec
 - lib/letsencrypt_heroku.rb
-- lib/letsencrypt_heroku/setup.rb
+- lib/letsencrypt_heroku/config_builder.rb
+- lib/letsencrypt_heroku/process.rb
+- lib/letsencrypt_heroku/process/authorize_domains.rb
+- lib/letsencrypt_heroku/process/check_preconditions.rb
+- lib/letsencrypt_heroku/process/prepare_config.rb
+- lib/letsencrypt_heroku/process/setup_client.rb
+- lib/letsencrypt_heroku/process/update_certificates.rb
+- lib/letsencrypt_heroku/tools.rb
 - lib/letsencrypt_heroku/version.rb
 homepage: https://github.com/xijo/letsencrypt_heroku
 licenses: []

data/lib/letsencrypt_heroku/setup.rb

@@ -1,102 +0,0 @@
-require 'open3'
-
-module LetsencryptHeroku
-  class Setup
-    class SetupError < StandardError ; end
-
-    PRODUCTION = 'https://acme-v01.api.letsencrypt.org/'
-    STAGING    = 'https://acme-staging.api.letsencrypt.org/'
-
-    attr_accessor :config
-
-    def initialize(config)
-      @config = config
-      @config.endpoint ||= PRODUCTION
-      @config.domains = config.domains.split
-    end
-
-    def perform
-      run_task "preflight" do
-        # heroku labs:enable http-sni
-        # heroku plugins:install heroku-certs
-
-        # check that ssl endpoint is on
-        # check heroku is there
-        # check that certs are there
-      end
-
-      run_task 'register with letsencrypt server' do
-        @private_key = OpenSSL::PKey::RSA.new(4096)
-        @client = Acme::Client.new(private_key: @private_key, endpoint: config.endpoint)
-        @client.register(contact: "mailto:#{config.contact}").agree_terms or fail_task('failed resiger')
-      end
-
-      config.domains.each do |domain|
-        run_task "authorize #{domain}" do
-          @challenge = @client.authorize(domain: domain).http01
-
-          execute "heroku config:set LETSENCRYPT_RESPONSE=#{@challenge.file_content}"
-
-          test_response(domain: domain, challenge: @challenge)
-
-          @challenge.request_verification
-          sleep(1) while 'pending' == @challenge.verify_status
-          @challenge.verify_status == 'valid' or fail_task("failed authorization")
-        end
-      end
-
-      # if has cert: update cert, else add cert
-
-      run_task "update certificates" do
-        csr = Acme::Client::CertificateRequest.new(names: config.domains)
-        certificate = @client.new_certificate(csr)
-        File.write('privkey.pem', certificate.request.private_key.to_pem)
-        File.write('fullchain.pem', certificate.fullchain_to_pem)
-
-        execute "heroku _certs:update fullchain.pem privkey.pem --confirm #{config.herokuapp}"
-        FileUtils.rm %w(privkey.pem fullchain.pem)
-      end
-    rescue SetupError => e
-      exit
-    end
-
-    def test_response(domain:, challenge:)
-      url = "http://#{domain}/#{challenge.filename}"
-      fail_count = 0
-      while fail_count < 30
-        answer = `curl -sL #{url}`
-        if answer != challenge.file_content
-          fail_count += 1
-          sleep(1)
-        else
-          return
-        end
-      end
-      fail_task('failed test response')
-    end
-
-    def execute(command)
-      Open3.popen3(command) do |stdin, stdout, stderr, wait_thr|
-        wait_thr.value.success? or fail_task(stderr.read.force_encoding('utf-8').sub(' ▸    ', 'heroku: '))
-      end
-    end
-
-    def run_task(name)
-      @_spinner = TTY::Spinner.new(" :spinner #{name}",
-        format: :dots,
-        interval: 20,
-        frames: [ "⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏" ].map { |s| Rainbow(s).yellow.bright },
-        success_mark: Rainbow('✔').green,
-        error_mark: Rainbow('✘').red
-      )
-      @_spinner.start
-      yield
-      @_spinner.success
-    end
-
-    def fail_task(reason = nil)
-      @_spinner.error("(#{reason.strip})")
-      raise SetupError, reason
-    end
-  end
-end