traefik/acme/localStore.go

package acme

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"os"
	"sync"

	"github.com/containous/traefik/cluster"
	"github.com/containous/traefik/log"
)

var _ cluster.Store = (*LocalStore)(nil)

// LocalStore is a store using a file as storage
type LocalStore struct {
	file        string
	storageLock sync.RWMutex
	account     *Account
}

// NewLocalStore create a LocalStore
func NewLocalStore(file string) *LocalStore {
	return &LocalStore{
		file: file,
	}
}

// Get atomically a struct from the file storage
func (s *LocalStore) Get() cluster.Object {
	s.storageLock.RLock()
	defer s.storageLock.RUnlock()
	return s.account
}

// Load loads file into store
func (s *LocalStore) Load() (cluster.Object, error) {
	s.storageLock.Lock()
	defer s.storageLock.Unlock()
	account := &Account{}

	err := checkPermissions(s.file)
	if err != nil {
		return nil, err
	}
	f, err := os.Open(s.file)
	if err != nil {
		return nil, err
	}
	defer f.Close()
	file, err := ioutil.ReadAll(f)
	if err != nil {
		return nil, err
	}
	if err := json.Unmarshal(file, &account); err != nil {
		return nil, err
	}
	account.Init()
	s.account = account
	log.Infof("Loaded ACME config from store %s", s.file)
	return account, nil
}

// Begin creates a transaction with the KV store.
func (s *LocalStore) Begin() (cluster.Transaction, cluster.Object, error) {
	s.storageLock.Lock()
	return &localTransaction{LocalStore: s}, s.account, nil
}

var _ cluster.Transaction = (*localTransaction)(nil)

type localTransaction struct {
	*LocalStore
	dirty bool
}

// Commit allows to set an object in the file storage
func (t *localTransaction) Commit(object cluster.Object) error {
	t.LocalStore.account = object.(*Account)
	defer t.storageLock.Unlock()
	if t.dirty {
		return fmt.Errorf("transaction already used, please begin a new one")
	}

	// write account to file
	data, err := json.MarshalIndent(object, "", "  ")
	if err != nil {
		return err
	}
	err = ioutil.WriteFile(t.file, data, 0600)
	if err != nil {
		return err
	}
	t.dirty = true
	return nil
}
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`package acme`

			`import (`
			`"encoding/json"`
			`"fmt"`
			`"io/ioutil"`
check permissions on acme.json during startup Follow-up from #639. At the moment people that were affected by this security issue would still be vulnerable even after upgrading. This patch makes sure permissions are also checked for already existing files. Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com> 2017-01-12 11:04:11 +01:00			`"os"`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`"sync"`
Import order as goimports does Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-12-30 09:21:13 +01:00
			`"github.com/containous/traefik/cluster"`
			`"github.com/containous/traefik/log"`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`)`

			`var _ cluster.Store = (*LocalStore)(nil)`

			`// LocalStore is a store using a file as storage`
			`type LocalStore struct {`
			`file string`
			`storageLock sync.RWMutex`
			`account *Account`
			`}`

			`// NewLocalStore create a LocalStore`
			`func NewLocalStore(file string) *LocalStore {`
			`return &LocalStore{`
Add ACME account to storeconfig command Signed-off-by: Emile Vauge <emile@vauge.com> 2016-09-29 15:36:52 +02:00			`file: file,`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`}`
			`}`

			`// Get atomically a struct from the file storage`
			`func (s *LocalStore) Get() cluster.Object {`
			`s.storageLock.RLock()`
			`defer s.storageLock.RUnlock()`
			`return s.account`
			`}`

			`// Load loads file into store`
			`func (s *LocalStore) Load() (cluster.Object, error) {`
			`s.storageLock.Lock()`
			`defer s.storageLock.Unlock()`
			`account := &Account{}`
check permissions on acme.json during startup Follow-up from #639. At the moment people that were affected by this security issue would still be vulnerable even after upgrading. This patch makes sure permissions are also checked for already existing files. Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com> 2017-01-12 11:04:11 +01:00
Skip file permission check on Windows 2017-02-04 21:21:17 +01:00			`err := checkPermissions(s.file)`
check permissions on acme.json during startup Follow-up from #639. At the moment people that were affected by this security issue would still be vulnerable even after upgrading. This patch makes sure permissions are also checked for already existing files. Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com> 2017-01-12 11:04:11 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Skip file permission check on Windows 2017-02-04 21:21:17 +01:00			`f, err := os.Open(s.file)`
check permissions on acme.json during startup Follow-up from #639. At the moment people that were affected by this security issue would still be vulnerable even after upgrading. This patch makes sure permissions are also checked for already existing files. Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com> 2017-01-12 11:04:11 +01:00			`if err != nil {`
			`return nil, err`
			`}`
Skip file permission check on Windows 2017-02-04 21:21:17 +01:00			`defer f.Close()`
check permissions on acme.json during startup Follow-up from #639. At the moment people that were affected by this security issue would still be vulnerable even after upgrading. This patch makes sure permissions are also checked for already existing files. Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com> 2017-01-12 11:04:11 +01:00			`file, err := ioutil.ReadAll(f)`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`if err != nil {`
			`return nil, err`
			`}`
			`if err := json.Unmarshal(file, &account); err != nil {`
			`return nil, err`
			`}`
			`account.Init()`
			`s.account = account`
			`log.Infof("Loaded ACME config from store %s", s.file)`
			`return account, nil`
			`}`

			`// Begin creates a transaction with the KV store.`
			`func (s *LocalStore) Begin() (cluster.Transaction, cluster.Object, error) {`
			`s.storageLock.Lock()`
			`return &localTransaction{LocalStore: s}, s.account, nil`
			`}`

			`var _ cluster.Transaction = (*localTransaction)(nil)`

			`type localTransaction struct {`
			`*LocalStore`
			`dirty bool`
			`}`

			`// Commit allows to set an object in the file storage`
			`func (t *localTransaction) Commit(object cluster.Object) error {`
			`t.LocalStore.account = object.(*Account)`
			`defer t.storageLock.Unlock()`
			`if t.dirty {`
Fix golint recent additions to golint mean that a number of files cause the build to start failing if they are edited (we only run against changed files) This fixes all the errors in the repo so things don't unexpectedly start failing for people making PRs 2016-11-16 08:56:52 +00:00			`return fmt.Errorf("transaction already used, please begin a new one")`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`}`

			`// write account to file`
			`data, err := json.MarshalIndent(object, "", " ")`
			`if err != nil {`
			`return err`
			`}`
Fix regression in acme.json secure mode 2016-09-30 15:06:12 +02:00			`err = ioutil.WriteFile(t.file, data, 0600)`
Add ACME store Signed-off-by: Emile Vauge <emile@vauge.com> 2016-08-18 14:20:11 +02:00			`if err != nil {`
			`return err`
			`}`
			`t.dirty = true`
			`return nil`
			`}`