BREAKING CHANGE(acme): Refactor ACME configuration and certificate provisioning by replacing legacy port80HandlerConfig with unified acme options and updating CertProvisioner event subscriptions
This commit is contained in:
@ -1,47 +1,29 @@
|
||||
## Refactor: Introduce a Unified CertProvisioner for Certificate Lifecycle
|
||||
# Project Simplification Plan
|
||||
|
||||
- [x] Ensure Port80Handler is challenge-only:
|
||||
- Remove any internal scheduling and deprecated ACME flows (`getAcmeClient`, `processAuthorizations`, `handleAcmeChallenge`) from Port80Handler.
|
||||
- Remove legacy ACME options (`renewThresholdDays`, `renewCheckIntervalHours`, `mongoDescriptor`, etc.) from `IPort80HandlerOptions`.
|
||||
- Retain only methods for HTTP-01 challenge and direct renewals (`obtainCertificate`, `renewCertificate`, `getDomainCertificateStatus`).
|
||||
- [x] Clean up deprecated `acme` configuration:
|
||||
- Remove the `acme` property from `IPortProxySettings` and all legacy references in code.
|
||||
This document outlines a roadmap to simplify and refactor the SmartProxy & NetworkProxy codebase for better maintainability, reduced duplication, and clearer configuration.
|
||||
|
||||
- [x] Implement `CertProvisioner` component:
|
||||
- [x] Create class `ts/smartproxy/classes.pp.certprovisioner.ts`.
|
||||
- [x] Constructor accepts:
|
||||
* `domainConfigs: IDomainConfig[]`
|
||||
* `port80Handler: Port80Handler`
|
||||
* `networkProxyBridge: NetworkProxyBridge`
|
||||
* optional `certProvider: (domain) => Promise<ICert | 'http01'>`
|
||||
* `renewThresholdDays`, `renewCheckIntervalHours`, `autoRenew` settings.
|
||||
- Responsibilities:
|
||||
* Initial provisioning: static vs HTTP-01.
|
||||
* Subscribe to Port80Handler events (CERTIFICATE_ISSUED/RENEWED) and to static cert updates.
|
||||
* Re-emit unified `'certificate'` events to SmartProxy.
|
||||
* Central scheduling of renewals via `@push.rocks/taskbuffer`.
|
||||
## Goals
|
||||
- Eliminate duplicate code and shared types
|
||||
- Unify certificate management flow across components
|
||||
- Simplify configuration schemas and option handling
|
||||
- Centralize plugin imports and module interfaces
|
||||
- Strengthen type safety and linting
|
||||
- Improve test coverage and CI integration
|
||||
|
||||
- [x] Refactor SmartProxy:
|
||||
- [x] Remove existing scheduling / renewal logic.
|
||||
- [x] Instantiate `CertProvisioner` in `start()`, delegate cert workflows entirely.
|
||||
- [x] Forward CertProvisioner events to SmartProxy’s `'certificate'` listener.
|
||||
## Plan
|
||||
- [x] Extract all shared interfaces and types (e.g., certificate, proxy, domain configs) into a common `ts/common` module
|
||||
- [x] Consolidate ACME/Port80Handler logic:
|
||||
- [x] Merge standalone Port80Handler into a single certificate service
|
||||
- [x] Remove duplicate ACME setup in SmartProxy and NetworkProxy
|
||||
- [ ] Unify configuration options:
|
||||
- [x] Merge `INetworkProxyOptions.acme`, `IPort80HandlerOptions`, and `port80HandlerConfig` into one schema
|
||||
- [ ] Deprecate old option names and provide clear upgrade path
|
||||
- [ ] Centralize plugin imports in `ts/plugins.ts` and update all modules to use it
|
||||
- [ ] Remove legacy or unused code paths (e.g., old HTTP/2 fallback logic if obsolete)
|
||||
- [ ] Enhance and expand test coverage:
|
||||
- Add unit tests for certificate issuance, renewal, and error handling
|
||||
- Add integration tests for HTTP challenge routing and request forwarding
|
||||
- [ ] Update main README.md with architecture overview and configuration guide
|
||||
- [ ] Review and prune external dependencies no longer needed
|
||||
|
||||
- [x] CertProvisioner lifecycle methods:
|
||||
- [x] `start()`: provision all domains, start scheduler.
|
||||
- [x] `stop()`: stop scheduler.
|
||||
- [x] `requestCertificate(domain)`: on-demand provisioning.
|
||||
|
||||
- [x] Handle static certificate auto-refresh:
|
||||
- [x] In the renewal scheduler, for domains with static certs, re-call `certProvider(domain)` near expiry.
|
||||
- [x] Apply returned cert via `networkProxyBridge.applyExternalCertificate()`.
|
||||
|
||||
- [ ] Tests:
|
||||
- Unit tests for `CertProvisioner`, mocking Port80Handler and `certProvider`:
|
||||
* Validate initial provisioning and dynamic/static flows.
|
||||
* Validate scheduling triggers correct renewals.
|
||||
- Integration tests:
|
||||
* Use actual in-memory Port80Handler with short intervals to verify renewals and event emission.
|
||||
|
||||
- [ ] Documentation:
|
||||
- Add code-level TS doc for `CertProvisioner` API (options, methods, events).
|
||||
- Update root `README.md` and architecture diagrams to show `CertProvisioner` role.
|
||||
Once these steps are complete, the project will be cleaner, easier to understand, and simpler to extend.
|
||||
Reference in New Issue
Block a user