push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smartproxy/readme.plan.md

2.5 KiB
Raw Blame History

Refactor: Introduce a Unified CertProvisioner for Certificate Lifecycle

  • Ensure Port80Handler is challenge-only:

    • Remove any internal scheduling and deprecated ACME flows (getAcmeClient, processAuthorizations, handleAcmeChallenge) from Port80Handler.
    • Remove legacy ACME options (renewThresholdDays, renewCheckIntervalHours, mongoDescriptor, etc.) from IPort80HandlerOptions.
    • Retain only methods for HTTP-01 challenge and direct renewals (obtainCertificate, renewCertificate, getDomainCertificateStatus).

  • Clean up deprecated acme configuration:

    • Remove the acme property from IPortProxySettings and all legacy references in code.

  • Implement CertProvisioner component:

    • Create class ts/smartproxy/classes.pp.certprovisioner.ts.
    • Constructor accepts:
      • domainConfigs: IDomainConfig[]
      • port80Handler: Port80Handler
      • networkProxyBridge: NetworkProxyBridge
      • optional certProvider: (domain) => Promise<ICert | 'http01'>
      • renewThresholdDays, renewCheckIntervalHours, autoRenew settings.
    • Responsibilities:
      • Initial provisioning: static vs HTTP-01.
      • Subscribe to Port80Handler events (CERTIFICATE_ISSUED/RENEWED) and to static cert updates.
      • Re-emit unified 'certificate' events to SmartProxy.
      • Central scheduling of renewals via @push.rocks/taskbuffer.

  • Refactor SmartProxy:

    • Remove existing scheduling / renewal logic.
    • Instantiate CertProvisioner in start(), delegate cert workflows entirely.
    • Forward CertProvisioner events to SmartProxys 'certificate' listener.

  • CertProvisioner lifecycle methods:

    • start(): provision all domains, start scheduler.
    • stop(): stop scheduler.
    • requestCertificate(domain): on-demand provisioning.

  • Handle static certificate auto-refresh:

    • In the renewal scheduler, for domains with static certs, re-call certProvider(domain) near expiry.
    • Apply returned cert via networkProxyBridge.applyExternalCertificate().

  • Tests:

    • Unit tests for CertProvisioner, mocking Port80Handler and certProvider:
      • Validate initial provisioning and dynamic/static flows.
      • Validate scheduling triggers correct renewals.
    • Integration tests:
      • Use actual in-memory Port80Handler with short intervals to verify renewals and event emission.

  • Documentation:

    • Add code-level TS doc for CertProvisioner API (options, methods, events).
    • Update root README.md and architecture diagrams to show CertProvisioner role.