feat: renew command

2026-04-12 23:22:33 +02:00
parent 9cf3b4e83c
commit 7f7fdc2d2a
5 changed files with 40 additions and 34 deletions
@@ -181,7 +181,7 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler):
        self.logger.debug(fmt, *args)

    def __check_update_request(self) -> str | None:
-        if self.headers["X-Token"] != self.token:
+        if len(self.token) and self.headers["X-Token"] != self.token:
            self.send_error(http.HTTPStatus.UNAUTHORIZED, "Invalid token")
            return None
        if (sub_path := self.__get_subpath_full(self.path)) is None:
@@ -1,6 +1,7 @@
 import argparse
 import dataclasses
 import os
+import typing

 from . import project

@@ -21,7 +22,7 @@ class Parameters:
    with_certbot: bool
    with_certificates: bool
    https: bool
-    command: str
+    command: typing.Literal["run", "renew"]
    debug: bool

    @classmethod
@@ -95,7 +96,6 @@ def parse_parameters() -> Parameters:
        epilog=__EPILOG,
        suggest_on_error=True,
    )
-    subparsers = parser.add_subparsers(dest="command", required=True, metavar="COMMAND")
    parser.add_argument("--debug", action=argparse.BooleanOptionalAction)
    __add_arg_str(
        parser,
@@ -140,56 +140,53 @@ def parse_parameters() -> Parameters:
        default="./data/.certbot",
        help_txt="Certbot www dir",
    )
-
-    run_parser = subparsers.add_parser(
-        "run",
-        help="Run Stapler server",
-        description="Run Stapler server",
-        epilog=__EPILOG,
-    )
    __add_arg_str(
-        run_parser,
+        parser,
        "--host",
        env_var="HOST",
        default="localhost:8080",
        help_txt="server default host",
    )
    __add_arg_int(
-        run_parser,
+        parser,
        "-p",
        "--port",
        env_var="PORT",
        default=8080,
        help_txt="server port",
    )
-    run_parser.add_argument(
+    parser.add_argument(
        "--https",
        action=argparse.BooleanOptionalAction,
        help="Use https (implies --certificates) (default: true)",
        default=True,
    )
-    __add_arg_str_required(
-        run_parser,
+    __add_arg_str(
+        parser,
        "-t",
        "--token",
        env_var="TOKEN",
+        default="",
        help_txt="secret token for update requests",
    )
    __add_arg_int(
-        run_parser,
+        parser,
        "--max-size-bytes",
        env_var="MAX_SIZE",
        default=2_000_000,
        help_txt="max size of accepted archives (in bytes)",
    )
    __add_arg_str(
-        run_parser,
+        parser,
        "-b",
        "--bind",
        env_var="BIND",
        default="0.0.0.0",
        help_txt="server bind address",
    )
+    subparsers = parser.add_subparsers(dest="command", required=True, metavar="COMMAND")
+    subparsers.add_parser("run", help="Run Stapler server")
+    subparsers.add_parser("renew", help="Renew certificates")
    args = parser.parse_args()
    if args.https:
        args.with_certificates = True
@@ -20,11 +20,16 @@ class StaplerServer:
    def request_handler(self, *args: typing.Any) -> http.server.BaseHTTPRequestHandler:
        return handler.RequestHandler(*args, params=self.params, registry=self.registry)

+    def __get_all_hosts(self) -> list[str]:
+        return [self.default_host, *self.registry.get_hosts()]
+
    def __startup(self) -> None:
        self.logger.info("Starting up...")
        self.registry.load_pages()
        if self.params.with_certificates:
-            self.cert_manager.init([self.default_host, *self.registry.get_hosts()])
+            self.cert_manager.init(self.__get_all_hosts())
+        if not len(self.params.token):
+            self.logger.warning("No token provided update requests will fail")

    def __create_https_context(self, server: http.server.HTTPServer) -> bool:
        https = False
@@ -35,7 +40,7 @@ class StaplerServer:
            server.socket = context.wrap_socket(server.socket, server_side=True)
        return https

-    def start(self) -> None:
+    def run(self) -> int:
        self.logger.info("Version %s", project.get_version())
        self.__startup()
        server = http.server.ThreadingHTTPServer(
@@ -55,3 +60,14 @@ class StaplerServer:
        )
        with contextlib.suppress(KeyboardInterrupt):
            server.serve_forever()
+        return 0
+
+    def renew(self) -> int:
+        self.logger.info("Starting up...")
+        if not self.params.with_certificates:
+            self.logger.warning("Cannot renew without certificates")
+            return 1
+        self.registry.load_pages()
+        for host in self.__get_all_hosts():
+            self.cert_manager.create_or_update(host)
+        return 0