fix(cli): create client only when needed (#2372)

2025-03-11 23:14:41 +02:00 · 2024-12-03 14:03:49 +01:00 · 2024-12-03 14:03:49 +01:00 · eb041044b8
commit eb041044b8
parent aacfa2b069
5 changed files with 44 additions and 15 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -249,6 +249,10 @@ issues:
      text: 'cyclomatic complexity \d+ of func `(renewForDomains|renewForCSR)` is high'
      linters:
        - gocyclo
+    - path: cmd/cmd_renew.go
+      text: "Function 'renewForDomains' has too many statements"
+      linters:
+        - funlen
    - path: providers/dns/cpanel/cpanel.go
      text: 'cyclomatic complexity 13 of func `\(\*DNSProvider\)\.CleanUp` is high'
      linters:
--- a/cmd/cmd_renew.go
+++ b/cmd/cmd_renew.go
@ -123,8 +123,7 @@ func createRenew() *cli.Command {
 }

 func renew(ctx *cli.Context) error {
-	account, client := setup(ctx, NewAccountsStorage(ctx))
-	setupChallenges(ctx, client)
+	account, keyType := setupAccount(ctx, NewAccountsStorage(ctx))

 	if account.Registration == nil {
 		log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", account.Email)
@ -138,14 +137,14 @@ func renew(ctx *cli.Context) error {

 	// CSR
 	if ctx.IsSet(flgCSR) {
-		return renewForCSR(ctx, client, certsStorage, bundle, meta)
+		return renewForCSR(ctx, account, keyType, certsStorage, bundle, meta)
 	}

 	// Domains
-	return renewForDomains(ctx, client, certsStorage, bundle, meta)
+	return renewForDomains(ctx, account, keyType, certsStorage, bundle, meta)
 }

-func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
+func renewForDomains(ctx *cli.Context, account *Account, keyType certcrypto.KeyType, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
 	domains := ctx.StringSlice(flgDomains)
 	domain := domains[0]

@ -162,7 +161,11 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 	var ariRenewalTime *time.Time
 	var replacesCertID string

+	var client *lego.Client
+
 	if !ctx.Bool(flgARIDisable) {
+		client = setupClient(ctx, account, keyType)
+
 		ariRenewalTime = getARIRenewalTime(ctx, cert, domain, client)
 		if ariRenewalTime != nil {
 			now := time.Now().UTC()
@ -189,6 +192,10 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 		return nil
 	}

+	if client == nil {
+		client = setupClient(ctx, account, keyType)
+	}
+
 	// This is just meant to be informal for the user.
 	timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 	log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
@ -250,7 +257,7 @@ func renewForDomains(ctx *cli.Context, client *lego.Client, certsStorage *Certif
 	return launchHook(ctx.String(flgRenewHook), meta)
 }

-func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
+func renewForCSR(ctx *cli.Context, account *Account, keyType certcrypto.KeyType, certsStorage *CertificatesStorage, bundle bool, meta map[string]string) error {
 	csr, err := readCSRFile(ctx.String(flgCSR))
 	if err != nil {
 		log.Fatal(err)
@ -274,7 +281,11 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 	var ariRenewalTime *time.Time
 	var replacesCertID string

+	var client *lego.Client
+
 	if !ctx.Bool(flgARIDisable) {
+		client = setupClient(ctx, account, keyType)
+
 		ariRenewalTime = getARIRenewalTime(ctx, cert, domain, client)
 		if ariRenewalTime != nil {
 			now := time.Now().UTC()
@ -296,6 +307,10 @@ func renewForCSR(ctx *cli.Context, client *lego.Client, certsStorage *Certificat
 		return nil
 	}

+	if client == nil {
+		client = setupClient(ctx, account, keyType)
+	}
+
 	// This is just meant to be informal for the user.
 	timeLeft := cert.NotAfter.Sub(time.Now().UTC())
 	log.Infof("[%s] acme: Trying renewal with %d hours remaining", domain, int(timeLeft.Hours()))
--- a/cmd/cmd_revoke.go
+++ b/cmd/cmd_revoke.go
@ -38,12 +38,14 @@ func createRevoke() *cli.Command {
 }

 func revoke(ctx *cli.Context) error {
-	acc, client := setup(ctx, NewAccountsStorage(ctx))
+	account, keyType := setupAccount(ctx, NewAccountsStorage(ctx))

-	if acc.Registration == nil {
-		log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", acc.Email)
+	if account.Registration == nil {
+		log.Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", account.Email)
 	}

+	client := newClient(ctx, account, keyType)
+
 	certsStorage := NewCertificatesStorage(ctx)
 	certsStorage.CreateRootFolder()

--- a/cmd/cmd_run.go
+++ b/cmd/cmd_run.go
@ -93,8 +93,9 @@ backups of this folder is ideal.
 func run(ctx *cli.Context) error {
 	accountsStorage := NewAccountsStorage(ctx)

-	account, client := setup(ctx, accountsStorage)
-	setupChallenges(ctx, client)
+	account, keyType := setupAccount(ctx, accountsStorage)
+
+	client := setupClient(ctx, account, keyType)

 	if account.Registration == nil {
 		reg, err := register(ctx, client)
--- a/cmd/setup.go
+++ b/cmd/setup.go
@ -18,7 +18,16 @@ import (

 const filePerm os.FileMode = 0o600

-func setup(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, *lego.Client) {
+// setupClient creates a new client with challenge settings.
+func setupClient(ctx *cli.Context, account *Account, keyType certcrypto.KeyType) *lego.Client {
+	client := newClient(ctx, account, keyType)
+
+	setupChallenges(ctx, client)
+
+	return client
+}
+
+func setupAccount(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, certcrypto.KeyType) {
 	keyType := getKeyType(ctx)
 	privateKey := accountsStorage.GetPrivateKey(keyType)

@ -29,9 +38,7 @@ func setup(ctx *cli.Context, accountsStorage *AccountsStorage) (*Account, *lego.
 		account = &Account{Email: accountsStorage.GetUserID(), key: privateKey}
 	}

-	client := newClient(ctx, account, keyType)
-
-	return account, client
+	return account, keyType
 }

 func newClient(ctx *cli.Context, acc registration.User, keyType certcrypto.KeyType) *lego.Client {