add tlsrefreshinterval to control how to re-read the proxy

dmwm · Aug 3, 2022 · 52af33d · 52af33d
1 parent 6e37208
commit 52af33d
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/dbs/utils.go b/dbs/utils.go
@@ -22,6 +22,9 @@ var Cert string
 // Timeout represents DBS timeout used by HttpClient
 var Timeout int
 
+// TlsRefreshInterval represents refresh interval for Tls proxy
+var TlsRefreshInterval int64
+
 // client X509 certificates
 func tlsCerts(key, cert string) ([]tls.Certificate, error) {
 	uproxy := os.Getenv("X509_USER_PROXY")
@@ -68,11 +71,12 @@ func tlsCerts(key, cert string) ([]tls.Certificate, error) {
 // TLSCertsManager manages TLS certificates
 type TLSCertsManager struct {
 	Certificates []tls.Certificate
+	Time         time.Time
 }
 
 // TlsCerts provides access to TLS certificates for given key and certificate
 func (t *TLSCertsManager) TlsCerts(key, cert string) ([]tls.Certificate, error) {
-	if t.Certificates == nil {
+	if t.Certificates == nil || time.Since(t.Time).Seconds() > float64(TlsRefreshInterval) {
 		certs, err := tlsCerts(key, cert)
 		if err == nil {
 			t.Certificates = certs

diff --git a/web/config.go b/web/config.go
@@ -61,11 +61,12 @@ type Configuration struct {
 	Styles    string `json:"styles"`    // location of server CSS styles
 
 	// security parts
-	ServerKey  string `json:"serverkey"`  // server key for https
-	ServerCrt  string `json:"servercrt"`  // server certificate for https
-	RootCA     string `json:"rootCA"`     // RootCA file
-	CSRFKey    string `json:"csrfKey"`    // CSRF 32-byte-long-auth-key
-	Production bool   `json:"production"` // production server or not
+	ServerKey          string `json:"serverkey"`          // server key for https
+	ServerCrt          string `json:"servercrt"`          // server certificate for https
+	RootCA             string `json:"rootCA"`             // RootCA file
+	CSRFKey            string `json:"csrfKey"`            // CSRF 32-byte-long-auth-key
+	Production         bool   `json:"production"`         // production server or not
+	TlsRefreshInterval int64  `json:"tlsRefreshInterval"` // interval to refresh tls proxy
 
 	// GraphQL parts
 	GraphQLSchema string `json:"graphqlSchema"` // graph ql schema file name
@@ -142,5 +143,8 @@ func ParseConfig(configFile string) error {
 	if Config.MigrationRetries == 0 {
 		Config.MigrationRetries = 3
 	}
+	if Config.TlsRefreshInterval == 0 {
+		Config.TlsRefreshInterval = 4 * 60 * 60 // 4 hours
+	}
 	return nil
 }
diff --git a/web/server.go b/web/server.go
@@ -356,6 +356,7 @@ func Server(configFile string) {
 	dbs.FileLumiMaxSize = Config.FileLumiMaxSize
 	dbs.FileLumiInsertMethod = Config.FileLumiInsertMethod
 	dbs.ApiParametersFile = Config.ApiParametersFile
+	dbs.TlsRefreshInterval = Config.TlsRefreshInterval
 
 	// initialize templates
 	tmplData := make(map[string]interface{})