refactor: refactor and enhance autocert TLS handling

- Move import of `golang.org/x/crypto/acme/autocert` in `autocertcache.go` - Update permission format in `os.MkdirAll` call to octal in `autocertcache.go` - Add `time` package and `ReadHeaderTimeout` variable in `autotls.go` - Set `ReadHeaderTimeout` for HTTP server configurations in `autotls.go` - Refactor HTTP server creation to use a structured approach in `autotls.go` Signed-off-by: appleboy <appleboy.tw@gmail.com>
gin-gonic · May 12, 2024 · 5badb85 · 5badb85
1 parent 7034b7d
commit 5badb85
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 11 deletions.
diff --git a/autocertcache.go b/autocertcache.go
@@ -2,15 +2,16 @@ package autotls
 
 import (
 	"errors"
-	"golang.org/x/crypto/acme/autocert"
 	"os"
 	"path/filepath"
 	"runtime"
+
+	"golang.org/x/crypto/acme/autocert"
 )
 
 func getCacheDir() (autocert.DirCache, error) {
 	dir := cacheDir()
-	if err := os.MkdirAll(dir, 0700); err != nil {
+	if err := os.MkdirAll(dir, 0o700); err != nil {
 		return "", errors.New("warning: autocert.NewListener not using a cache: " + err.Error())
 	}
 	return autocert.DirCache(dir), nil

diff --git a/autotls.go b/autotls.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"log"
 	"net/http"
+	"time"
 
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/sync/errgroup"
@@ -13,19 +14,22 @@ import (
 type tlsContextKey string
 
 var (
-	ctxKey  = tlsContextKey("autls")
-	todoCtx = context.WithValue(context.Background(), ctxKey, "done")
+	ctxKey            = tlsContextKey("autls")
+	todoCtx           = context.WithValue(context.Background(), ctxKey, "done")
+	ReadHeaderTimeout = 3 * time.Second
 )
 
 func run(ctx context.Context, r http.Handler, domain ...string) error {
 	var g errgroup.Group
 
 	s1 := &http.Server{
-		Addr:    ":http",
-		Handler: http.HandlerFunc(redirect),
+		Addr:              ":http",
+		Handler:           http.HandlerFunc(redirect),
+		ReadHeaderTimeout: ReadHeaderTimeout,
 	}
 	s2 := &http.Server{
-		Handler: r,
+		Handler:           r,
+		ReadHeaderTimeout: ReadHeaderTimeout,
 	}
 
 	g.Go(func() error {
@@ -84,12 +88,18 @@ func RunWithManagerAndTLSConfig(r http.Handler, m *autocert.Manager, tlsc *tls.C
 	tlsc.GetCertificate = defaultTLSConfig.GetCertificate
 	tlsc.NextProtos = defaultTLSConfig.NextProtos
 	s := &http.Server{
-		Addr:      ":https",
-		TLSConfig: tlsc,
-		Handler:   r,
+		Addr:              ":https",
+		TLSConfig:         tlsc,
+		Handler:           r,
+		ReadHeaderTimeout: ReadHeaderTimeout,
 	}
 	g.Go(func() error {
-		return http.ListenAndServe(":http", m.HTTPHandler(http.HandlerFunc(redirect)))
+		s := &http.Server{
+			Addr:              ":http",
+			Handler:           m.HTTPHandler(http.HandlerFunc(redirect)),
+			ReadHeaderTimeout: ReadHeaderTimeout,
+		}
+		return s.ListenAndServe()
 	})
 	g.Go(func() error {
 		return s.ListenAndServeTLS("", "")