move hook secret to auto_ssl_settings dict, fix #66

Author: luto

.luacheckrc

@@ -1,5 +1,4 @@
 globals = {
-  "AUTO_SSL_HOOK_SECRET",
   "ngx",
 }
 

lib/resty/auto-ssl/init_master.lua

@@ -30,7 +30,12 @@ end
 local function generate_hook_sever_secret()
   -- Generate the secret token.
   local random = resty_random.bytes(32)
-  AUTO_SSL_HOOK_SECRET = str.to_hex(random)
+  local _, set_err, set_forcible = ngx.shared.auto_ssl_settings:set("hook_server:secret", str.to_hex(random))
+  if set_err then
+    ngx.log(ngx.ERR, "auto-ssl: failed to set shdict for hook_server:secret: ", set_err)
+  elseif set_forcible then
+    ngx.log(ngx.ERR, "auto-ssl: 'lua_shared_dict auto_ssl_settings' might be too small - consider increasing its configured size (old entries were removed while adding hook_server:secret)")
+  end
 end
 
 local function generate_config(auto_ssl_instance)

lib/resty/auto-ssl/servers/hook.lua

@@ -8,7 +8,7 @@ return function(auto_ssl_instance)
   local path = ngx.var.request_uri
   local params = ngx.req.get_post_args()
 
-  if ngx.var.http_x_hook_secret ~= AUTO_SSL_HOOK_SECRET then
+  if ngx.var.http_x_hook_secret ~= ngx.shared.auto_ssl_settings:get("hook_server:secret") then
     return ngx.exit(ngx.HTTP_FORBIDDEN)
   end
 

lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua

@@ -15,7 +15,7 @@ function _M.issue_cert(auto_ssl_instance, domain)
   assert(type(hook_port) == "number", "hook_port must be a number")
   assert(hook_port <= 65535, "hook_port must be below 65536")
 
-  local hook_secret = AUTO_SSL_HOOK_SECRET
+  local hook_secret = ngx.shared.auto_ssl_settings:get("hook_server:secret")
   assert(type(hook_secret) == "string", "hook_server:secret must be a string")
 
   local env_vars =