From 254469857b8e5e97834579049ae6b4cc64cb2364 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Thu, 2 Jun 2022 15:34:14 +0800
Subject: [PATCH] =?UTF-8?q?ACME=E7=94=B3=E8=AF=B7=E8=AF=81=E4=B9=A6?=
 =?UTF-8?q?=E6=97=B6=E5=A6=82=E6=9E=9C=E6=89=BE=E4=B8=8D=E5=88=B0Token?=
 =?UTF-8?q?=EF=BC=8C=E5=88=99=E7=9B=B4=E6=8E=A5=E8=B7=B3=E8=BF=87=E6=89=A7?=
 =?UTF-8?q?=E8=A1=8C=E5=90=8E=E9=9D=A2=E8=AF=B7=E6=B1=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/http_request.go      |  7 ++++---
 internal/nodes/http_request_acme.go | 24 +++++++++++++-----------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go
index 3809b6d..4b5d0c7 100644
--- a/internal/nodes/http_request.go
+++ b/internal/nodes/http_request.go
@@ -170,9 +170,10 @@ func (this *HTTPRequest) Do() {
 			// ACME
 			// TODO 需要配置是否启用ACME检测
 			if strings.HasPrefix(this.rawURI, "/.well-known/acme-challenge/") {
-				this.doACME()
-				this.doEnd()
-				return
+				if this.doACME() {
+					this.doEnd()
+					return
+				}
 			}
 		}
 
diff --git a/internal/nodes/http_request_acme.go b/internal/nodes/http_request_acme.go
index 8e22535..75f8c06 100644
--- a/internal/nodes/http_request_acme.go
+++ b/internal/nodes/http_request_acme.go
@@ -4,34 +4,36 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
 	"github.com/TeaOSLab/EdgeNode/internal/rpc"
-	"net/http"
 	"path/filepath"
 )
 
-func (this *HTTPRequest) doACME() {
+func (this *HTTPRequest) doACME() (shouldStop bool) {
 	// TODO 对请求进行校验，防止恶意攻击
 
-	token := filepath.Base(this.RawReq.URL.Path)
+	var token = filepath.Base(this.RawReq.URL.Path)
 	if token == "acme-challenge" || len(token) <= 32 {
-		this.writer.WriteHeader(http.StatusNotFound)
-		return
+		return false
 	}
 
 	rpcClient, err := rpc.SharedRPC()
 	if err != nil {
 		remotelogs.Error("RPC", "[ACME]rpc failed: "+err.Error())
-		return
+		return false
 	}
 
 	keyResp, err := rpcClient.ACMEAuthenticationRPC().FindACMEAuthenticationKeyWithToken(rpcClient.Context(), &pb.FindACMEAuthenticationKeyWithTokenRequest{Token: token})
 	if err != nil {
 		remotelogs.Error("RPC", "[ACME]read key for token failed: "+err.Error())
-		return
+		return false
 	}
 	if len(keyResp.Key) == 0 {
-		this.writer.WriteHeader(http.StatusNotFound)
-	} else {
-		this.writer.Header().Set("Content-Type", "text/plain")
-		_, _ = this.writer.WriteString(keyResp.Key)
+		return false
 	}
+
+	this.tags = append(this.tags, "ACME")
+
+	this.writer.Header().Set("Content-Type", "text/plain")
+	_, _ = this.writer.WriteString(keyResp.Key)
+
+	return true
 }