From 167b2fbd29900a1941033c6c66b6bfeb2a4a32e7 Mon Sep 17 00:00:00 2001
From: bfren <bf@bfren.dev>
Date: Mon, 2 Dec 2024 09:09:11 +0000
Subject: [PATCH] Adding option to quote output for getssl config

---
 Dockerfile                                    |  2 +-
 .../etc/nu/scripts/bf/nginx/proxy/getssl.nu   | 52 +++++++++++++++----
 overlay/etc/nu/scripts/bf/nginx/proxy/init.nu | 11 ++--
 overlay/etc/nu/scripts/tests/getssl.nu        | 18 +++++--
 4 files changed, 62 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cd72556..8ceda2f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM bfren/nginx:nginx1.26-alpine3.20-6.3.15
+FROM bfren/nginx:nginx1.26-alpine3.20-6.3.16
 
 LABEL org.opencontainers.image.source="https://github.com/bfren/docker-nginx-proxy"
 
diff --git a/overlay/etc/nu/scripts/bf/nginx/proxy/getssl.nu b/overlay/etc/nu/scripts/bf/nginx/proxy/getssl.nu
index 70baca2..34b709e 100644
--- a/overlay/etc/nu/scripts/bf/nginx/proxy/getssl.nu
+++ b/overlay/etc/nu/scripts/bf/nginx/proxy/getssl.nu
@@ -2,15 +2,15 @@ use bf
 
 # Generate getssl global configuration file if it does not already exist
 export def generate_global_conf []: nothing -> nothing {
-    let getssl_cfg = bf env PROXY_GETSSL_GLOBAL_CFG
+    let getssl_cfg = bf env "PROXY_GETSSL_GLOBAL_CFG"
     if ($getssl_cfg | bf fs is_not_file) {
         # get environment variables
         let e = {
-            USE_LIVE_SERVER: (bf env PROXY_GETSSL_USE_LIVE_SERVER)
-            ACCOUNT_EMAIL: (bf env PROXY_GETSSL_EMAIL)
-            ACCOUNT_KEY: (bf env PROXY_GETSSL_ACCOUNT_KEY)
-            RENEW_ALLOW: (bf env PROXY_GETSSL_RENEW_WINDOW_DAYS)
-            SKIP_HTTP_TOKEN_CHECK: (bf env check PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK | into string)
+            USE_LIVE_SERVER: (bf env "PROXY_GETSSL_USE_LIVE_SERVER")
+            ACCOUNT_EMAIL: (bf env "PROXY_GETSSL_EMAIL")
+            ACCOUNT_KEY: (bf env "PROXY_GETSSL_ACCOUNT_KEY")
+            RENEW_ALLOW: (bf env "PROXY_GETSSL_RENEW_WINDOW_DAYS")
+            SKIP_HTTP_TOKEN_CHECK: (bf env check "PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK" | into string)
         }
 
         # generate configuration
@@ -21,11 +21,11 @@ export def generate_global_conf []: nothing -> nothing {
 
 # Generate getssl site configuration file
 export def generate_site_conf [
-    domain: record      # the domain record to generate temporary SSL for
+    domain: string      # the domain to generate getssl config for
 ]: nothing -> string {
     # check for existing getssl config
     let certs = bf env "PROXY_SSL_CERTS"
-    let file = $"($certs)/($domain.primary)/(bf env PROXY_GETSSL_CFG)"
+    let file = $"($certs)/($domain)/(bf env "PROXY_GETSSL_CFG")"
     if ($file | path exists) {
         bf write debug " .. getssl configuration file already exists."
         return $file
@@ -37,7 +37,7 @@ export def generate_site_conf [
         "-w" # set working directory
         (bf env "PROXY_SSL_CERTS")
         "-c" # create default configuration files
-        $domain.primary
+        $domain
     ] | compact --empty | bf dump -t "args"
 
     # execute getssl
@@ -47,16 +47,46 @@ export def generate_site_conf [
     return $file
 }
 
+# Update getssl site configuration file with domain-specific values
+export def update_site_conf [
+    domain: record      # the domain to generate getssl config for
+]: nothing -> string {
+    # get variables
+    let certs = bf env "PROXY_SSL_CERTS"
+    let file = $"($certs)/($domain)/(bf env "PROXY_GETSSL_CFG")"
+
+    # SANS
+    let sans = $domain.aliases | str join ","
+    replace -q "SANS" $sans $file
+
+    # certificate
+    let cert = $"($certs)/($domain.primary)"
+    replace -q "DOMAIN_CERT_LOCATION" $"($cert).crt" $file
+    replace -q "DOMAIN_KEY_LOCATION" $"($cert).key" $file
+
+    # ACL
+    let acl = bf env "PROXY_WWW_ACME_CHALLENGE"
+    replace "ACL" $"\(\"($acl)\"\)" $file
+    replace -q "USE_SINGLE_ACL" "true" $file
+
+    # return cfg file path
+    return $file
+}
+
 # Replace a value in a given config file
 export def replace [
     key: string         # config key to replace
     value: string       # config value to set
     file: string        # file path to load / save
-] {
+    --add-quotes (-q)   # add double quotes to the value before inserting
+]: nothing -> nothing {
     # do nothing for empty key
     if ($key | is-empty) { return }
 
+    # add quotes
+    let quoted_value = match $add_quotes { true => $"\"($value)\"" false => $value }
+
     # replace value
     let find = $"^#?($key).*$" | bf dump -t "regex"
-    open --raw $file | str replace --all --regex $find $"($key)=($value)" | save --force $file
+    open --raw $file | str replace --all --regex $find $"($key)=($quoted_value)" | save --force $file
 }
diff --git a/overlay/etc/nu/scripts/bf/nginx/proxy/init.nu b/overlay/etc/nu/scripts/bf/nginx/proxy/init.nu
index d5e696e..1b6b5ef 100644
--- a/overlay/etc/nu/scripts/bf/nginx/proxy/init.nu
+++ b/overlay/etc/nu/scripts/bf/nginx/proxy/init.nu
@@ -32,7 +32,8 @@ export def main [
         conf generate_nginx_site_conf $x
 
         # generate site getssl conf
-        getssl generate_site_conf $x
+        getssl generate_site_conf $x.primary
+        getssl update_site_conf $x
 
         # generate temporary SSL
         ssl generate_temp_certs $x
@@ -56,10 +57,10 @@ export def main [
 # Check for clean install and delete
 export def setup_clean_install []: nothing -> nothing {
     bf write debug " .. removing SSL config and certificates:" init/setup_clean_install
-    bf env PROXY_GETSSL_GLOBAL_CFG | remove
-    bf env PROXY_SITES | $"($in)/*" | remove
-    bf env PROXY_SSL_CERTS | $"($in)/*" | remove
-    bf env PROXY_SSL_DHPARAM | remove
+    bf env "PROXY_GETSSL_GLOBAL_CFG" | remove
+    bf env "PROXY_SITES" | $"($in)/*" | remove
+    bf env "PROXY_SSL_CERTS" | $"($in)/*" | remove
+    bf env "PROXY_SSL_DHPARAM" | remove
 }
 
 # Remove file(s) by converting input into a glob before calling `rm`
diff --git a/overlay/etc/nu/scripts/tests/getssl.nu b/overlay/etc/nu/scripts/tests/getssl.nu
index a620488..8160e6f 100644
--- a/overlay/etc/nu/scripts/tests/getssl.nu
+++ b/overlay/etc/nu/scripts/tests/getssl.nu
@@ -165,6 +165,18 @@ export def replace__replaces_line_without_hash [] {
     assert equal $expected $result
 }
 
+export def replace__adds_double_quotes [] {
+    let key = random chars
+    let value = random chars
+    let file = mktemp -t
+    echo $"#($key)=(random chars)" | save --force $file
+    let expected = $"($key)=\"($value)\""
+
+    let result = replace --add-quotes $key $value $file | open --raw $file
+
+    assert equal $expected $result
+}
+
 
 #======================================================================================================================
 # generate_site_conf
@@ -172,7 +184,6 @@ export def replace__replaces_line_without_hash [] {
 
 export def generate_site_conf__does_nothing_when_config_exists [] {
     let primary = random chars
-    let domain = generate_domain --primary $primary
     let certs = mktemp -d -t
     let cfg = random chars
     let e = {
@@ -184,14 +195,13 @@ export def generate_site_conf__does_nothing_when_config_exists [] {
     $cfg | path dirname | mkdir $in
     $content | save --force $cfg
 
-    let result = with-env $e { generate_site_conf $domain } | open --raw
+    let result = with-env $e { generate_site_conf $primary } | open --raw
 
     assert equal $content $result
 }
 
 export def generate_site_conf__creates_default_config [] {
     let primary = "do not use random value or hash will break"
-    let domain = generate_domain --primary $primary
     let certs = mktemp -d -t
     let cfg = "getssl.cfg"
     let e = {
@@ -201,7 +211,7 @@ export def generate_site_conf__creates_default_config [] {
     let cfg = $"($certs)/($primary)/($cfg)"
     let expected = "7146e789a83077202ab129d461959016"
 
-    let result = with-env $e { generate_site_conf $domain } | open --raw | hash md5
+    let result = with-env $e { generate_site_conf $primary } | open --raw | hash md5
 
     assert equal $expected $result
 }