use std::fs::File; use std::io::Read; use std::time::Duration; use anyhow::{anyhow, bail, Result}; use crate::config::{ConfigOpts, ConfigOptsAcme, ConfigOptsBase, ConfigOptsConsul}; // This code is inspired by the Trunk crate (https://github.com/thedodd/trunk) // In this file, we take ConfigOpts and transform them into ready-to-use // RuntimeConfig. We apply default values and business logic. #[derive(Debug)] pub struct RuntimeConfigAcme { pub email: String, } #[derive(Debug)] pub struct RuntimeConfigConsul { pub node_name: String, pub url: String, pub tls: Option<(reqwest::Certificate, reqwest::Identity)>, } #[derive(Debug)] pub struct RuntimeConfigFirewall { pub refresh_time: Duration, } #[derive(Debug)] pub struct RuntimeConfigIgd { pub private_ip: Option, pub expiration_time: Duration, pub refresh_time: Duration, } #[derive(Debug)] pub struct RuntimeConfig { pub acme: Option, pub consul: RuntimeConfigConsul, pub firewall: RuntimeConfigFirewall, pub igd: RuntimeConfigIgd, } impl RuntimeConfig { pub fn new(opts: ConfigOpts) -> Result { let acme = RuntimeConfigAcme::new(opts.acme.clone())?; let consul = RuntimeConfigConsul::new(opts.consul.clone())?; let firewall = RuntimeConfigFirewall::new(opts.base.clone())?; let igd = RuntimeConfigIgd::new(opts.base.clone())?; Ok(Self { acme, consul, firewall, igd, }) } } impl RuntimeConfigAcme { pub fn new(opts: ConfigOptsAcme) -> Result> { if !opts.enable { return Ok(None); } let email = opts.email.expect( "'DIPLONAT_ACME_EMAIL' environment variable is required if 'DIPLONAT_ACME_ENABLE' == 'true'", ); Ok(Some(Self { email })) } } impl RuntimeConfigConsul { pub(super) fn new(opts: ConfigOptsConsul) -> Result { let node_name = opts .node_name .expect("'DIPLONAT_CONSUL_NODE_NAME' environment variable is required"); let url = opts.url.unwrap_or(super::CONSUL_URL.to_string()); let tls = match (&opts.ca_cert, &opts.client_cert, &opts.client_key) { (Some(ca_cert), Some(client_cert), Some(client_key)) => { let mut ca_cert_buf = vec![]; File::open(ca_cert)?.read_to_end(&mut ca_cert_buf)?; let cert = reqwest::Certificate::from_pem(&ca_cert_buf[..])?; let mut client_cert_buf = vec![]; File::open(client_cert)?.read_to_end(&mut client_cert_buf)?; let mut client_key_buf = vec![]; File::open(client_key)?.read_to_end(&mut client_key_buf)?; let ident = reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?; Some((cert, ident)) } (None, None, None) => None, _ => bail!("Incomplete TLS configuration parameters"), }; Ok(Self { node_name, url, tls, }) } } impl RuntimeConfigFirewall { pub(super) fn new(opts: ConfigOptsBase) -> Result { let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into()); Ok(Self { refresh_time }) } } impl RuntimeConfigIgd { pub(super) fn new(opts: ConfigOptsBase) -> Result { let private_ip = opts.private_ip; let expiration_time = Duration::from_secs( opts .expiration_time .unwrap_or(super::EXPIRATION_TIME) .into(), ); let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into()); if refresh_time.as_secs() * 2 > expiration_time.as_secs() { return Err(anyhow!( "IGD expiration time (currently: {}s) must be at least twice bigger than refresh time \ (currently: {}s)", expiration_time.as_secs(), refresh_time.as_secs() )); } Ok(Self { private_ip, expiration_time, refresh_time, }) } }