From cb5952c6c2e38edd0f5f2c88b13e73d29a0fba8a Mon Sep 17 00:00:00 2001
From: Eldad Fux <eldad.fux@gmail.com>
Date: Sat, 29 Feb 2020 08:24:46 +0200
Subject: [PATCH] Added domain renewals task

---
 app/config/collections.php       |  9 ++++++++
 app/controllers/api/projects.php |  5 +++-
 app/controllers/api/storage.php  | 10 ++++----
 app/workers/certificates.php     | 39 ++++++++++++++++++++------------
 docker-compose.yml               |  7 ++++--
 5 files changed, 48 insertions(+), 22 deletions(-)

diff --git a/app/config/collections.php b/app/config/collections.php
index 3464c938e..cd3353d1a 100644
--- a/app/config/collections.php
+++ b/app/config/collections.php
@@ -1029,6 +1029,15 @@ $collections = [
                 'required' => false,
                 'array' => false,
             ],
+            [
+                '$collection' => Database::SYSTEM_COLLECTION_RULES,
+                'label' => 'Renew Date',
+                'key' => 'renewDate',
+                'type' => 'numeric',
+                'default' => 0,
+                'required' => false,
+                'array' => false,
+            ],
             [
                 '$collection' => Database::SYSTEM_COLLECTION_RULES,
                 'label' => 'Attempts',
diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 7f3a5f8ea..07d3ff2a8 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -1347,7 +1347,10 @@ $utopia->patch('/v1/projects/:projectId/domains/:domainId/verification')
             }
 
             // Issue a TLS certificate when domain is verified
-            Resque::enqueue('v1-certificates', 'CertificatesV1', ['document' => $domain->getArrayCopy()]);
+            Resque::enqueue('v1-certificates', 'CertificatesV1', [
+                'document' => $domain->getArrayCopy(),
+                'domain' => $domain->getAttribute('domain'),
+            ]);
 
             $response->json($domain->getArrayCopy());
         }
diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php
index 9129e7323..c74b9412c 100644
--- a/app/controllers/api/storage.php
+++ b/app/controllers/api/storage.php
@@ -1,6 +1,6 @@
 <?php
 
-global $utopia, $request, $response, $register, $user, $audit, $usage, $project, $projectDB;
+global $utopia, $request, $response, $register, $user, $audit, $usage, $project, $projectDB, $version;
 
 use Utopia\Exception;
 use Utopia\Response;
@@ -338,7 +338,7 @@ $utopia->get('/v1/storage/files/:fileId/preview')
     //->param('storage', 'local', function () {return new WhiteList(array('local'));}, 'Selected storage device. defaults to local')
     //->param('token', '', function () {return new Text(128);}, 'Preview token', true)
     ->action(
-        function ($fileId, $width, $height, $quality, $background, $output) use ($request, $response, $projectDB, $project, $inputs, $outputs, $fileLogos) {
+        function ($fileId, $width, $height, $quality, $background, $output) use ($request, $response, $projectDB, $project, $inputs, $outputs, $fileLogos, $version) {
             $storage = 'local';
 
             if (!extension_loaded('imagick')) {
@@ -354,7 +354,7 @@ $utopia->get('/v1/storage/files/:fileId/preview')
             }
 
             $date = date('D, d M Y H:i:s', time() + (60 * 60 * 24 * 45)).' GMT';  // 45 days cache
-            $key = md5($fileId.$width.$height.$quality.$background.$storage.$output);
+            $key = md5($version.$fileId.$width.$height.$quality.$background.$storage.$output);
 
             $file = $projectDB->getDocument($fileId);
 
@@ -372,9 +372,9 @@ $utopia->get('/v1/storage/files/:fileId/preview')
                 $path = (array_key_exists($mime, $fileLogos)) ? $fileLogos[$mime] : $fileLogos['default'];
                 $algorithm = null;
                 $cipher = null;
-                $background = (empty($background)) ? 'f2f3f5' : $background;
+                $background = (empty($background)) ? 'eceff1' : $background;
                 $type = strtolower(pathinfo($path, PATHINFO_EXTENSION));
-                $key = md5($path.$width.$height.$quality.$background.$storage.$output);
+                $key = md5($version.$path.$width.$height.$quality.$background.$storage.$output);
             }
 
             $compressor = new GZIP();
diff --git a/app/workers/certificates.php b/app/workers/certificates.php
index 3aa510a46..d6c4598e7 100644
--- a/app/workers/certificates.php
+++ b/app/workers/certificates.php
@@ -38,9 +38,12 @@ class CertificatesV1
 
         Authorization::disable();
 
-        $document = $this->args['document'];
-        $domain = new Domain((isset($document['domain'])) ? $document['domain'] : '');
-        $expiry = 60 * 60 * 24 * 30 * 2; // 60 days
+        $document   = $this->args['document'];
+        $domain     = $this->args['domain'];
+        $domain     = new Domain((!empty($domain)) ? $domain : '');
+        $expiry     = 60 * 60 * 24 * 30 * 2; // 60 days
+        $safety     = 60 * 60; // 1 hour
+        $renew      = (time() + $expiry);
 
         if(empty($domain->get())) {
             throw new Exception('Missing domain');
@@ -80,7 +83,7 @@ class CertificatesV1
         if($certificate
             && $certificate instanceof Document
             && isset($certificate['issueDate'])
-            && ($certificate['issueDate'] + $expiry > time())) { // Check last issue time
+            && (($certificate['issueDate'] + ($expiry)) > time())) { // Check last issue time
                 throw new Exception('Renew isn\'t required. Domain issued at '.date('d.m.Y H:i', (isset($certificate['issueDate']) ? $certificate['issueDate'] : 0)));
         }
 
@@ -88,7 +91,7 @@ class CertificatesV1
 
         $response = shell_exec("certbot certonly --webroot --noninteractive --agree-tos{$staging} --email security@appwrite.io \
             -w ".APP_STORAGE_CERTIFICATES." \
-            -d {$domain->get()} 2>&1"); // cert2.tests.appwrite.org
+            -d {$domain->get()} 2>&1");
 
         if(!$response) {
             throw new Exception('Failed to issue a certificate');
@@ -126,6 +129,7 @@ class CertificatesV1
             ],
             'domain' => $domain->get(),
             'issueDate' => time(),
+            'renewDate' => $renew,
             'attempts' => 0,
             'log' => json_encode($response),
         ]);
@@ -136,15 +140,17 @@ class CertificatesV1
             throw new Exception('Failed saving certificate to DB');
         }
 
-        $document = array_merge($document, [
-            'updated' => time(),
-            'certificateId' => $certificate->getId(),
-        ]);
-
-        $document = $consoleDB->updateDocument($document);
-
-        if(!$document) {
-            throw new Exception('Failed saving domain to DB');
+        if(!empty($document)) {
+            $document = array_merge($document, [
+                'updated' => time(),
+                'certificateId' => $certificate->getId(),
+            ]);
+    
+            $document = $consoleDB->updateDocument($document);
+    
+            if(!$document) {
+                throw new Exception('Failed saving domain to DB');
+            }
         }
         
         $config = 
@@ -157,6 +163,11 @@ class CertificatesV1
             throw new Exception('Failed to save SSL configuration');
         }
 
+        ResqueScheduler::enqueueAt($renew + $safety, 'v1-certificates', 'CertificatesV1', [
+            'document' => [],
+            'domain' => $domain->get()
+        ]);  // Async task rescheduale
+
         Authorization::reset();
     }
 
diff --git a/docker-compose.yml b/docker-compose.yml
index eef2d4d53..3f5ba3e13 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -86,7 +86,7 @@ services:
     networks:
       - appwrite
     volumes:
-      - appwrite-db:/var/lib/mysql:rw
+      - appwrite-mariadb:/var/lib/mysql:rw
     ports:
       - "3306:3306"
     environment:
@@ -110,6 +110,8 @@ services:
     restart: unless-stopped
     networks:
       - appwrite
+    volumes:
+      - appwrite-redis:/data:rw
 
   clamav:
     image: appwrite/clamav:1.0.7
@@ -159,7 +161,8 @@ networks:
   appwrite:
 
 volumes:
-  appwrite-db:
+  appwrite-mariadb:
+  appwrite-redis:
   appwrite-cache:
   appwrite-uploads:
   appwrite-certificates: