auto update script executed

acme.go

@@ -69,7 +69,8 @@ func acmeRegisterSpecialRoutingRule() {
 			}
 			w.Write(resBody)
 		},
-		Enabled: true,
+		Enabled:                true,
+		UseSystemAccessControl: false,
 	})
 
 	if err != nil {

mod/acme/autorenew.go

@@ -185,7 +185,21 @@ func (a *AutoRenewer) HandleLoadAutoRenewDomains(w http.ResponseWriter, r *http.
 }
 
 func (a *AutoRenewer) HandleRenewNow(w http.ResponseWriter, r *http.Request) {
+	renewedDomains, err := a.CheckAndRenewCertificates()
+	if err != nil {
+		utils.SendErrorResponse(w, err.Error())
+		return
+	}
 
+	message := "Domains renewed"
+	if len(renewedDomains) == 0 {
+		message = ("All certificates are up-to-date!")
+	} else {
+		message = ("The following domains have been renewed: " + strings.Join(renewedDomains, ","))
+	}
+
+	js, _ := json.Marshal(message)
+	utils.SendJSONResponse(w, string(js))
 }
 
 func (a *AutoRenewer) HandleAutoRenewEnable(w http.ResponseWriter, r *http.Request) {

mod/acme/ca.json

@@ -10,8 +10,6 @@
         "Buypass": "https://api.test4.buypass.no/acme/directory",
         "Google": "https://dv.acme-v02.test-api.pki.goog/directory"
     }
-    
-    
   }
   
   

mod/dynamicproxy/Server.go

@@ -23,35 +23,32 @@ import (
 
 func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	/*
-		General Access Check
+		Special Routing Rules, bypass most of the limitations
 	*/
 
-	//Check if this ip is in blacklist
-	clientIpAddr := geodb.GetRequesterIP(r)
-	if h.Parent.Option.GeodbStore.IsBlacklisted(clientIpAddr) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		w.WriteHeader(http.StatusForbidden)
-		template, err := os.ReadFile("./web/forbidden.html")
-		if err != nil {
-			w.Write([]byte("403 - Forbidden"))
-		} else {
-			w.Write(template)
+	//Check if there are external routing rule matches.
+	//If yes, route them via external rr
+	matchedRoutingRule := h.Parent.GetMatchingRoutingRule(r)
+	if matchedRoutingRule != nil {
+		//Matching routing rule found. Let the sub-router handle it
+		if matchedRoutingRule.UseSystemAccessControl {
+			//This matching rule request system access control.
+			//check access logic
+			respWritten := h.handleAccessRouting(w, r)
+			if respWritten {
+				return
+			}
 		}
-		h.logRequest(r, false, 403, "blacklist", "")
+		matchedRoutingRule.Route(w, r)
 		return
 	}
 
-	//Check if this ip is in whitelist
-	if !h.Parent.Option.GeodbStore.IsWhitelisted(clientIpAddr) {
-		w.Header().Set("Content-Type", "text/html; charset=utf-8")
-		w.WriteHeader(http.StatusForbidden)
-		template, err := os.ReadFile("./web/forbidden.html")
-		if err != nil {
-			w.Write([]byte("403 - Forbidden"))
-		} else {
-			w.Write(template)
-		}
-		h.logRequest(r, false, 403, "whitelist", "")
+	/*
+		General Access Check
+	*/
+
+	respWritten := h.handleAccessRouting(w, r)
+	if respWritten {
 		return
 	}
 
@@ -65,15 +62,6 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	//Check if there are external routing rule matches.
-	//If yes, route them via external rr
-	matchedRoutingRule := h.Parent.GetMatchingRoutingRule(r)
-	if matchedRoutingRule != nil {
-		//Matching routing rule found. Let the sub-router handle it
-		matchedRoutingRule.Route(w, r)
-		return
-	}
-
 	//Extract request host to see if it is virtual directory or subdomain
 	domainOnly := r.Host
 	if strings.Contains(r.Host, ":") {
@@ -127,3 +115,38 @@ func (h *ProxyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.proxyRequest(w, r, h.Parent.Root)
 	}
 }
+
+// Handle access routing logic. Return true if the request is handled or blocked by the access control logic
+// if the return value is false, you can continue process the response writer
+func (h *ProxyHandler) handleAccessRouting(w http.ResponseWriter, r *http.Request) bool {
+	//Check if this ip is in blacklist
+	clientIpAddr := geodb.GetRequesterIP(r)
+	if h.Parent.Option.GeodbStore.IsBlacklisted(clientIpAddr) {
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(http.StatusForbidden)
+		template, err := os.ReadFile("./web/forbidden.html")
+		if err != nil {
+			w.Write([]byte("403 - Forbidden"))
+		} else {
+			w.Write(template)
+		}
+		h.logRequest(r, false, 403, "blacklist", "")
+		return true
+	}
+
+	//Check if this ip is in whitelist
+	if !h.Parent.Option.GeodbStore.IsWhitelisted(clientIpAddr) {
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.WriteHeader(http.StatusForbidden)
+		template, err := os.ReadFile("./web/forbidden.html")
+		if err != nil {
+			w.Write([]byte("403 - Forbidden"))
+		} else {
+			w.Write(template)
+		}
+		h.logRequest(r, false, 403, "whitelist", "")
+		return true
+	}
+
+	return false
+}

mod/dynamicproxy/special.go

@@ -13,10 +13,11 @@ import (
 */
 
 type RoutingRule struct {
-	ID             string
-	MatchRule      func(r *http.Request) bool
-	RoutingHandler func(http.ResponseWriter, *http.Request)
-	Enabled        bool
+	ID                     string //ID of the routing rule
+	Enabled                bool   //If the routing rule enabled
+	UseSystemAccessControl bool   //Pass access control check to system white/black list, set this to false to bypass white/black list
+	MatchRule              func(r *http.Request) bool
+	RoutingHandler         func(http.ResponseWriter, *http.Request)
 }
 
 // Router functions

web/snippet/acme.html

@@ -393,10 +393,12 @@
 
     //Handle the renew now btn click
     function renewNow(){
-      alert("wip");
-      return
       $.get("/api/acme/autoRenew/renewNow", function(data){
-        alert(data);
+        if (data.error != undefined){
+          parent.msgbox(data.error, false, 6000);
+        }else{
+          parent.msgbox(data)
+        }
       })
     }