Re-add automatic ssl generation

2024-10-02 10:16:27 +13:00 · 2023-09-05 17:09:54 +02:00 · 2023-09-05 17:09:54 +02:00 · cda58d2256
commit cda58d2256
parent f4ada97d1a
1 changed files with 55 additions and 0 deletions
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@ -229,6 +229,61 @@ App::init()
            Request::setFilter(null);
        }

+        $domain = $request->getHostname();
+        $domains = Config::getParam('domains', []);
+        if (!array_key_exists($domain, $domains)) {
+            $domain = new Domain(!empty($domain) ? $domain : '');
+
+            if (empty($domain->get()) || !$domain->isKnown() || $domain->isTest()) {
+                $domains[$domain->get()] = false;
+                Console::warning($domain->get() . ' is not a publicly accessible domain. Skipping SSL certificate generation.');
+            } elseif (str_starts_with($request->getURI(), '/.well-known/acme-challenge')) {
+                Console::warning('Skipping SSL certificates generation on ACME challenge.');
+            } else {
+                Authorization::disable();
+
+                $envDomain = App::getEnv('_APP_DOMAIN', '');
+                $mainDomain = null;
+                if (!empty($envDomain) && $envDomain !== 'localhost') {
+                    $mainDomain = $envDomain;
+                } else {
+                    $domainDocument = $dbForConsole->findOne('rules', [Query::orderAsc('_id')]);
+                    $mainDomain = $domainDocument ? $domainDocument->getAttribute('domain') : $domain->get();
+                }
+
+                if ($mainDomain !== $domain->get()) {
+                    Console::warning($domain->get() . ' is not a main domain. Skipping SSL certificate generation.');
+                } else {
+                    $domainDocument = $dbForConsole->findOne('rules', [
+                        Query::equal('domain', [$domain->get()])
+                    ]);
+
+                    if (!$domainDocument) {
+                        $domainDocument = new Document([
+                            'domain' => $domain->get(),
+                            'resourceType' => 'api',
+                            'status' => 'verifying',
+                            'projectId' => 'console',
+                            'projectInternalId' => 0
+                        ]);
+
+                        $domainDocument = $dbForConsole->createDocument('rules', $domainDocument);
+
+                        Console::info('Issuing a TLS certificate for the main domain (' . $domain->get() . ') in a few seconds...');
+
+                        (new Certificate())
+                            ->setDomain($domainDocument)
+                            ->setSkipRenewCheck(true)
+                            ->trigger();
+                    }
+                }
+                $domains[$domain->get()] = true;
+
+                Authorization::reset(); // ensure authorization is re-enabled
+            }
+            Config::setParam('domains', $domains);
+        }
+
        $localeParam = (string) $request->getParam('locale', $request->getHeader('x-appwrite-locale', ''));
        if (\in_array($localeParam, $localeCodes)) {
            $locale->setDefault($localeParam);