push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smartproxy/readme.plan.md

48 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Refactor: Introduce a Unified CertProvisioner for Certificate Lifecycle
- [x] Ensure Port80Handler is challenge-only:
- Remove any internal scheduling and deprecated ACME flows (`getAcmeClient`, `processAuthorizations`, `handleAcmeChallenge`) from Port80Handler.
- Remove legacy ACME options (`renewThresholdDays`, `renewCheckIntervalHours`, `mongoDescriptor`, etc.) from `IPort80HandlerOptions`.
- Retain only methods for HTTP-01 challenge and direct renewals (`obtainCertificate`, `renewCertificate`, `getDomainCertificateStatus`).
- [x] Clean up deprecated `acme` configuration:
- Remove the `acme` property from `IPortProxySettings` and all legacy references in code.
- [x] Implement `CertProvisioner` component:
- [x] Create class `ts/smartproxy/classes.pp.certprovisioner.ts`.
- [x] Constructor accepts:
* `domainConfigs: IDomainConfig[]`
* `port80Handler: Port80Handler`
* `networkProxyBridge: NetworkProxyBridge`
* optional `certProvider: (domain) => Promise<ICert | 'http01'>`
* `renewThresholdDays`, `renewCheckIntervalHours`, `autoRenew` settings.
- Responsibilities:
* Initial provisioning: static vs HTTP-01.
* Subscribe to Port80Handler events (CERTIFICATE_ISSUED/RENEWED) and to static cert updates.
* Re-emit unified `'certificate'` events to SmartProxy.
* Central scheduling of renewals via `@push.rocks/taskbuffer`.
- [x] Refactor SmartProxy:
- [x] Remove existing scheduling / renewal logic.
- [x] Instantiate `CertProvisioner` in `start()`, delegate cert workflows entirely.
- [x] Forward CertProvisioner events to SmartProxys `'certificate'` listener.
- [x] CertProvisioner lifecycle methods:
- [x] `start()`: provision all domains, start scheduler.
- [x] `stop()`: stop scheduler.
- [x] `requestCertificate(domain)`: on-demand provisioning.
- [x] Handle static certificate auto-refresh:
- [x] In the renewal scheduler, for domains with static certs, re-call `certProvider(domain)` near expiry.
- [x] Apply returned cert via `networkProxyBridge.applyExternalCertificate()`.
- [ ] Tests:
- Unit tests for `CertProvisioner`, mocking Port80Handler and `certProvider`:
* Validate initial provisioning and dynamic/static flows.
* Validate scheduling triggers correct renewals.
- Integration tests:
* Use actual in-memory Port80Handler with short intervals to verify renewals and event emission.
- [ ] Documentation:
- Add code-level TS doc for `CertProvisioner` API (options, methods, events).
- Update root `README.md` and architecture diagrams to show `CertProvisioner` role.
Reference in New Issue View Git Blame Copy Permalink