2022-10-19 05:09:09 +02:00
|
|
|
package config
|
|
|
|
|
|
|
|
import (
|
|
|
|
"path/filepath"
|
|
|
|
|
|
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
|
|
|
"github.com/photoprism/photoprism/pkg/fs"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
PrivateKeyExt = ".key"
|
|
|
|
PublicCertExt = ".crt"
|
|
|
|
)
|
|
|
|
|
|
|
|
// CertificatesPath returns the path to the TLS certificates and keys.
|
|
|
|
func (c *Config) CertificatesPath() string {
|
|
|
|
return filepath.Join(c.ConfigPath(), "certificates")
|
|
|
|
}
|
|
|
|
|
|
|
|
// TLSEmail returns the email address to enable automatic HTTPS via Let's Encrypt
|
|
|
|
func (c *Config) TLSEmail() string {
|
|
|
|
return clean.Email(c.options.TLSEmail)
|
|
|
|
}
|
|
|
|
|
|
|
|
// TLSCert returns the public certificate required to enable TLS.
|
|
|
|
func (c *Config) TLSCert() string {
|
|
|
|
certName := c.options.TLSCert
|
|
|
|
if certName == "" {
|
|
|
|
certName = c.SiteDomain() + PublicCertExt
|
|
|
|
} else if fs.FileExistsNotEmpty(certName) {
|
|
|
|
return certName
|
|
|
|
}
|
|
|
|
|
2023-06-28 16:50:04 +02:00
|
|
|
// find looks for an existing certificate file.
|
|
|
|
find := func(certName string) string {
|
|
|
|
if fileName := filepath.Join(c.CertificatesPath(), certName); fs.FileExistsNotEmpty(fileName) {
|
|
|
|
return fileName
|
|
|
|
} else if fileName = filepath.Join("/etc/ssl/certs", certName); fs.FileExistsNotEmpty(fileName) {
|
|
|
|
return fileName
|
|
|
|
} else {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Find matching TLS certificate file.
|
|
|
|
if fileName := find(certName); fileName != "" {
|
2022-10-20 16:19:28 +02:00
|
|
|
return fileName
|
2022-10-19 05:09:09 +02:00
|
|
|
}
|
|
|
|
|
2023-06-28 16:50:04 +02:00
|
|
|
// Find default TLS certificate.
|
2023-07-15 12:01:06 +02:00
|
|
|
if c.DefaultTLS() {
|
|
|
|
return find("photoprism" + PublicCertExt)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Not found.
|
|
|
|
return ""
|
2022-10-19 05:09:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// TLSKey returns the private key required to enable TLS.
|
|
|
|
func (c *Config) TLSKey() string {
|
|
|
|
keyName := c.options.TLSKey
|
|
|
|
|
|
|
|
if keyName == "" {
|
|
|
|
keyName = c.SiteDomain() + PrivateKeyExt
|
|
|
|
} else if fs.FileExistsNotEmpty(keyName) {
|
|
|
|
return keyName
|
|
|
|
}
|
|
|
|
|
2023-06-28 16:50:04 +02:00
|
|
|
// find looks for an existing private key file.
|
|
|
|
find := func(keyName string) string {
|
|
|
|
if fileName := filepath.Join(c.CertificatesPath(), keyName); fs.FileExistsNotEmpty(fileName) {
|
|
|
|
return fileName
|
|
|
|
} else if fileName = filepath.Join("/etc/ssl/private", keyName); fs.FileExistsNotEmpty(fileName) {
|
|
|
|
return fileName
|
|
|
|
} else {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Find matching private key.
|
|
|
|
if fileName := find(keyName); fileName != "" {
|
2022-10-20 16:19:28 +02:00
|
|
|
return fileName
|
2022-10-19 05:09:09 +02:00
|
|
|
}
|
|
|
|
|
2023-06-28 16:50:04 +02:00
|
|
|
// Find default key file.
|
2023-07-15 12:01:06 +02:00
|
|
|
if c.DefaultTLS() {
|
|
|
|
return find("photoprism" + PrivateKeyExt)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Not found.
|
|
|
|
return ""
|
2022-10-19 05:09:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// TLS returns the HTTPS certificate and private key file name.
|
|
|
|
func (c *Config) TLS() (publicCert, privateKey string) {
|
2022-10-19 20:26:36 +02:00
|
|
|
if c.DisableTLS() {
|
2022-10-19 05:09:09 +02:00
|
|
|
return "", ""
|
|
|
|
}
|
|
|
|
|
2022-10-19 20:26:36 +02:00
|
|
|
return c.TLSCert(), c.TLSKey()
|
2022-10-19 05:09:09 +02:00
|
|
|
}
|
|
|
|
|
2023-07-15 12:01:06 +02:00
|
|
|
// DisableTLS checks if HTTPS should be disabled even if the site URL starts with https:// and a certificate is available.
|
2022-10-19 05:09:09 +02:00
|
|
|
func (c *Config) DisableTLS() bool {
|
|
|
|
if c.options.DisableTLS {
|
|
|
|
return true
|
|
|
|
} else if !c.SiteHttps() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.TLSCert() == "" || c.TLSKey() == ""
|
|
|
|
}
|
2023-07-15 12:01:06 +02:00
|
|
|
|
|
|
|
// DefaultTLS checks if a self-signed certificate should be used to enable HTTPS if no other certificate is available.
|
|
|
|
func (c *Config) DefaultTLS() bool {
|
|
|
|
return c.options.DefaultTLS
|
|
|
|
}
|