[SSL证书]免费证书申请增加HTTP认证方式

internal/const/const.go

@@ -1,7 +1,7 @@
 package teaconst
 
 const (
-	Version = "0.0.4"
+	Version = "0.0.5"
 
 	ProductName = "Edge Node"
 	ProcessName = "edge-node"

internal/nodes/http_request.go

@@ -141,6 +141,16 @@ func (this *HTTPRequest) Do() {
 
 // 开始调用
 func (this *HTTPRequest) doBegin() {
+	// 特殊URL处理
+	if len(this.rawURI) > 1 && this.rawURI[1] == '.' {
+		// ACME
+		// TODO 需要配置是否启用ACME检测
+		if strings.HasPrefix(this.rawURI, "/.well-known/acme-challenge/") {
+			this.doACME()
+			return
+		}
+	}
+
 	// 临时关闭页面
 	if this.web.Shutdown != nil && this.web.Shutdown.IsOn {
 		this.doShutdown()

internal/nodes/http_request_acme.go

@@ -0,0 +1,33 @@
+package nodes
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeNode/internal/logs"
+	"github.com/TeaOSLab/EdgeNode/internal/rpc"
+	"net/http"
+	"path/filepath"
+)
+
+func (this *HTTPRequest) doACME() {
+	// TODO 对请求进行校验，防止恶意攻击
+
+	token := filepath.Base(this.RawReq.URL.Path)
+
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		logs.Error("RPC", "[ACME]rpc failed: "+err.Error())
+		return
+	}
+
+	keyResp, err := rpcClient.ACMEAuthenticationRPC().FindACMEAuthenticationKeyWithToken(rpcClient.Context(), &pb.FindACMEAuthenticationKeyWithTokenRequest{Token: token})
+	if err != nil {
+		logs.Error("RPC", "[ACME]read key for token failed: "+err.Error())
+		return
+	}
+	if len(keyResp.Key) == 0 {
+		this.writer.WriteHeader(http.StatusNotFound)
+	} else {
+		this.writer.Header().Set("Content-Type", "text/plain")
+		_, _ = this.writer.WriteString(keyResp.Key)
+	}
+}

internal/rpc/rpc_client.go

@@ -89,6 +89,10 @@ func (this *RPCClient) FileChunkRPC() pb.FileChunkServiceClient {
 	return pb.NewFileChunkServiceClient(this.pickConn())
 }
 
+func (this *RPCClient) ACMEAuthenticationRPC() pb.ACMEAuthenticationServiceClient {
+	return pb.NewACMEAuthenticationServiceClient(this.pickConn())
+}
+
 // 节点上下文信息
 func (this *RPCClient) Context() context.Context {
 	ctx := context.Background()