Expose the redis adapter's redis connection in the allow_domain callback

The auto_ssl instance is now passed as the second argument to
the `allow_domain` callback. If using the Redis storage adapter, then
now the Redis connection can be accessed by
`auto_ssl.storage.adapter:get_connection()`. This allows for more easily
accessing the same redis connection in this callback function (or
anywhere else the auto_ssl instance is available).

This rolls back the change in 9703684
to rename the storage adapter instance inside the storage library, so
it continues to just be `adapter` (instead of `storage_adapter`). This
makes this access a bit easier and also keeps backwards compatibility
with the previous release.

See: #38

Author: GUI

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Added
 - Allow for the Redis `db` number to be configured. Thanks to [@RainFlying](https://github.com/RainFlying). ([#103](https://github.com/GUI/lua-resty-auto-ssl/pull/103))
+- Expose the storage adapter instance in the `allow_domain` callback so the Redis connection can be reused. ([#38](https://github.com/GUI/lua-resty-auto-ssl/issues/38))
 - Add `generate_certs` option to allow for disabling SSL certification generation within specific server blocks. Thanks to [@mklauber](https://github.com/mklauber). ([#91](https://github.com/GUI/lua-resty-auto-ssl/issues/91), [#92](https://github.com/GUI/lua-resty-auto-ssl/pull/92))
 - Add `json_adapter` option for choosing a different JSON encoder/decoder library. Thanks to [@meyskens](https://github.com/meyskens). ([#85](https://github.com/GUI/lua-resty-auto-ssl/pull/85), [#84](https://github.com/GUI/lua-resty-auto-ssl/issues/84))
 
@@ -12,6 +13,9 @@
 - Only call the `allow_domain` callback if a certificate is not present in shared memory. This may improve efficiency in cases where the `allow_domain` callback is more costly or takes longer. Thanks to [@gohai](https://github.com/gohai). ([#107](https://github.com/GUI/lua-resty-auto-ssl/pull/107))
 - Upgrade dehydrated to latest version from master to fix redirect issues on the Let's Encrypt staging server.
 
+### Deprecated
+- If accessing the storage object off of the auto-ssl instance, use `auto_ssl.storage` instead of `auto_ssl:get("storage")`.
+
 ### Fixed
 - Fix renewals when using the file adapter and too many certificate files were present for shell globbing ([#109](https://github.com/GUI/lua-resty-auto-ssl/issues/109))
 

README.md

@@ -138,16 +138,18 @@ http {
 Additional configuration options can be set on the `auto_ssl` instance that is created:
 
 ### `allow_domain`
-*Default:* `function(domain) return false end`
+*Default:* `function(domain, auto_ssl) return false end`
 
 A function that determines whether the incoming domain should automatically issue a new SSL certificate.
 
 By default, resty-auto-ssl will not perform any SSL registrations until you define the `allow_domain` function. You may return `true` to handle all possible domains, but be aware that bogus SNI hostnames can then be used to trigger an indefinite number of SSL registration attempts (which will be rejected). A better approach may be to whitelist the allowed domains in some way.
 
+When using the Redis storage adapter, you can access the current Redis connection inside the `allow_domain` callback by accessing `auto_ssl.storage.adapter:get_connection()`.
+
 *Example:*
 
 ```lua
-auto_ssl:set("allow_domain", function(domain)
+auto_ssl:set("allow_domain", function(domain, auto_ssl)
   return ngx.re.match(domain, "^(example.com|example.net)$", "ijo")
 end)
 ```

lib/resty/auto-ssl.lua

@@ -52,14 +52,25 @@ function _M.new(options)
 end
 
 function _M.set(self, key, value)
+  if key == "storage" then
+    ngx.log(ngx.ERR, "auto-ssl: DEPRECATED: Don't use auto_ssl:set() for the 'storage' instance. Set directly with auto_ssl.storage.")
+    self.storage = value
+    return
+  end
+
   self.options[key] = value
 end
 
 function _M.get(self, key)
+  if key == "storage" then
+    ngx.log(ngx.ERR, "auto-ssl: DEPRECATED: Don't use auto_ssl:get() for the 'storage' instance. Get directly with auto_ssl.storage.")
+    return self.storage
+  end
+
   return self.options[key]
 end
 
-function _M.allow_domain(domain) -- luacheck: ignore
+function _M.allow_domain(domain, auto_ssl) -- luacheck: ignore
   return false
 end
 

lib/resty/auto-ssl/init_master.lua

@@ -91,10 +91,10 @@ local function setup_storage(auto_ssl_instance)
 
   local storage = require "resty.auto-ssl.storage"
   local storage_instance = storage.new({
-    storage_adapter = storage_adapter_instance,
+    adapter = storage_adapter_instance,
     json_adapter = json_adapter_instance,
   })
-  auto_ssl_instance:set("storage", storage_instance)
+  auto_ssl_instance.storage = storage_instance
 end
 
 return function(auto_ssl_instance)

lib/resty/auto-ssl/init_worker.lua

@@ -25,8 +25,8 @@ return function(auto_ssl_instance)
   -- background process, which would be nice.
   start_sockproc()
 
-  local storage = auto_ssl_instance:get("storage")
-  local storage_adapter = storage.storage_adapter
+  local storage = auto_ssl_instance.storage
+  local storage_adapter = storage.adapter
   if storage_adapter.setup_worker then
     storage_adapter:setup_worker()
   end

lib/resty/auto-ssl/jobs/renewal.lua

@@ -136,7 +136,7 @@ end
 
 local function renew_all_domains(auto_ssl_instance)
   -- Loop through all known domains and check to see if they should be renewed.
-  local storage = auto_ssl_instance:get("storage")
+  local storage = auto_ssl_instance.storage
   local domains, domains_err = storage:all_cert_domains()
   if domains_err then
     ngx.log(ngx.ERR, "auto-ssl: failed to fetch all certificate domains: ", domains_err)

lib/resty/auto-ssl/servers/challenge.lua

@@ -15,7 +15,7 @@ return function(auto_ssl_instance)
 
   -- Return the challenge value for this token if it's found.
   local domain = ngx.var.host
-  local storage = auto_ssl_instance:get("storage")
+  local storage = auto_ssl_instance.storage
   local value = storage:get_challenge(domain, token_filename)
   if value then
     ngx.say(value)

lib/resty/auto-ssl/servers/hook.lua

@@ -17,7 +17,7 @@ return function(auto_ssl_instance)
   end
 
   local path = ngx.var.request_uri
-  local storage = auto_ssl_instance:get("storage")
+  local storage = auto_ssl_instance.storage
   if path == "/deploy-challenge" then
     assert(params["domain"])
     assert(params["token_filename"])

lib/resty/auto-ssl/ssl_certificate.lua

@@ -122,13 +122,13 @@ local function get_cert_der(auto_ssl_instance, domain, ssl_options)
   -- We may want to consider caching the results of allow_domain lookups
   -- (including negative caching or disallowed domains).
   local allow_domain = auto_ssl_instance:get("allow_domain")
-  if not allow_domain(domain) then
+  if not allow_domain(domain, auto_ssl_instance) then
     return nil, "domain not allowed"
   end
 
   -- Next, look for the certificate in permanent storage (which can be shared
   -- across servers depending on the storage).
-  local storage = auto_ssl_instance:get("storage")
+  local storage = auto_ssl_instance.storage
   local cert, get_cert_err = storage:get_cert(domain)
   if get_cert_err then
     ngx.log(ngx.ERR, "auto-ssl: error fetching certificate from storage for ", domain, ": ", get_cert_err)

lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua

@@ -46,7 +46,7 @@ function _M.issue_cert(auto_ssl_instance, domain)
 
   -- The result of running that command should result in the certs being
   -- populated in our storage (due to the deploy_cert hook triggering).
-  local storage = auto_ssl_instance:get("storage")
+  local storage = auto_ssl_instance.storage
   local cert, get_cert_err = storage:get_cert(domain)
   if get_cert_err then
     ngx.log(ngx.ERR, "auto-ssl: error fetching certificate from storage for ", domain, ": ", get_cert_err)