add revocation sync (WIP)

contrib/sample-cfg.yml

@@ -32,7 +32,21 @@ cookie:
   #     ## generate with `openssl pkey -in ./contrib/bar_ed25519_priv.pem -pubout -out ./contrib/bar_ed25519_pub.pem`
   #     public-key-file: ./contrib/bar_ed25519_pub.pem
   backend:
-    # gc-interval: 10s
+    # gc-interval: 5m
+    # sync:
+    #   interval: 10s
+    #   base-url: http://localhost:1234
+    #   tls:
+    #     insecure-skip-verify: true
+    #     ca-certificates: |
+    #       -----BEGIN CERTIFICATE-----
+    #       ...
+    #       -----END CERTIFICATE-----
+    #       -----BEGIN CERTIFICATE-----
+    #       ...
+    #       -----END CERTIFICATE-----
+    #     ca-certificate-files:
+    #     - root-ca.pem
     in-memory: {}
 
 auth:

cookie/store.go

@@ -31,13 +31,16 @@
 package cookie
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
+	"net/url"
 	"time"
 
 	"github.com/oklog/ulid/v2"
+	"github.com/spreadspace/tlsconfig"
 )
 
 const (
@@ -51,8 +54,13 @@ type SignerVerifierConfig struct {
 }
 
 type StoreBackendConfig struct {
-	GCInterval time.Duration          `yaml:"gc-interval"`
-	InMemory   *InMemoryBackendConfig `yaml:"in-memory"`
+	GCInterval time.Duration `yaml:"gc-interval"`
+	Sync       struct {
+		Interval  time.Duration        `yaml:"interval"`
+		BaseURL   string               `yaml:"base-url"`
+		TLSConfig *tlsconfig.TLSConfig `yaml:"tls"`
+	} `yaml:"sync"`
+	InMemory *InMemoryBackendConfig `yaml:"in-memory"`
 }
 
 type Config struct {
@@ -198,11 +206,43 @@ func (st *Store) runGC(interval time.Duration) {
 	}
 }
 
+func (st *Store) runSync(interval time.Duration, syncBaseURL *url.URL, tlsConfig *tls.Config) {
+	t := time.NewTicker(interval)
+	st.dbgLog.Printf("cookie-store: running sync every %v", interval)
+	for {
+		if _, ok := <-t.C; !ok {
+			return
+		}
+		// TODO: implement this
+		if tlsConfig == nil {
+			st.infoLog.Printf("cookie-store: syncing revocations from: %s", syncBaseURL.String())
+		} else {
+			st.infoLog.Printf("cookie-store: syncing revocation from: %s (using custom TLS-config)", syncBaseURL.String())
+		}
+	}
+}
+
 func (st *Store) initBackend(conf *Config) (err error) {
 	if conf.Backend.GCInterval <= time.Second {
 		st.infoLog.Printf("cookie-store: overriding invalid/unset GC interval to 5 minutes")
 		conf.Backend.GCInterval = 5 * time.Minute
 	}
+	var syncBaseURL *url.URL
+	var syncTLSConfig *tls.Config
+	if conf.Backend.Sync.BaseURL != "" {
+		if syncBaseURL, err = url.Parse(conf.Backend.Sync.BaseURL); err != nil {
+			return
+		}
+		if conf.Backend.Sync.Interval <= time.Second {
+			st.infoLog.Printf("cookie-store: overriding invalid/unset GC interval to 10 seconds")
+			conf.Backend.Sync.Interval = 10 * time.Second
+		}
+		if conf.Backend.Sync.TLSConfig != nil {
+			if syncTLSConfig, err = conf.Backend.Sync.TLSConfig.ToGoTLSConfig(); err != nil {
+				return
+			}
+		}
+	}
 
 	if conf.Backend.InMemory != nil {
 		st.backend, err = NewInMemoryBackend(conf.Backend.InMemory)
@@ -217,6 +257,9 @@ func (st *Store) initBackend(conf *Config) (err error) {
 	}
 
 	go st.runGC(conf.Backend.GCInterval)
+	if syncBaseURL != nil {
+		go st.runSync(conf.Backend.Sync.Interval, syncBaseURL, syncTLSConfig)
+	}
 	return
 }
 

go.mod

@@ -32,7 +32,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
-	github.com/spreadspace/tlsconfig v0.0.0-20230726215100-56bbcafa5d60 // indirect
+	github.com/spreadspace/tlsconfig v0.0.0-20231119132223-bc653b6ec18f // indirect
 	github.com/tg123/go-htpasswd v1.2.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect

go.sum

@@ -85,8 +85,8 @@ github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+Yg
 github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 h1:OfRzdxCzDhp+rsKWXuOO2I/quKMJ/+TQwVbIP/gltZg=
 github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92/go.mod h1:7/OT02F6S6I7v6WXb+IjhMuZEYfH/RJ5RwEWnEo5BMg=
-github.com/spreadspace/tlsconfig v0.0.0-20230726215100-56bbcafa5d60 h1:YtR/I+Q4cFIg0Hy7F+EbIw5uhf3NtZnW5O9y87U+71U=
-github.com/spreadspace/tlsconfig v0.0.0-20230726215100-56bbcafa5d60/go.mod h1:taZ6lrQmZk4/XnC6stKWRIFSnj6SeBvtZ4nyAjN4nig=
+github.com/spreadspace/tlsconfig v0.0.0-20231119132223-bc653b6ec18f h1:x7TdHxuYalzj2hjX1TIRNnqEaE3PeY/0DLiLcsHLlKA=
+github.com/spreadspace/tlsconfig v0.0.0-20231119132223-bc653b6ec18f/go.mod h1:taZ6lrQmZk4/XnC6stKWRIFSnj6SeBvtZ4nyAjN4nig=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=