acmex 0.8.0

AcmeX: High-performance, extensible ACME v2 (RFC 8555) client and server in Rust, supporting multiple DNS providers, storage backends, and crypto libraries.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

/// REST API server implementation for AcmeX.
/// This module provides the Axum-based web server that exposes endpoints for
/// account management, certificate ordering, and system health monitoring.
use axum::{
    Router,
    routing::{get, post},
};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::net::TcpListener;
use tokio::sync::RwLock;

use super::account::{create_account, deactivate_account, get_account, update_account};
use super::auth::api_key_auth;
use super::certificate::{
    get_certificate, list_certificates, renew_certificate, revoke_certificate,
};
use super::health::{HealthCheck, health_handler};
use super::order::{create_order, get_order, list_orders, trigger_full_renewal};
use super::webhook::{WebhookHandler, webhook_handler};
use crate::AcmeClient;
use crate::config::Config;
use crate::error::Result;
use crate::notifications::WebhookManager;
use crate::orchestrator::OrchestrationStatus;
use crate::scheduler::RenewalScheduler;
use crate::storage::StorageBackend;

/// Information about an asynchronous orchestration task.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TaskInfo {
    /// The current status of the task (e.g., InProgress, Completed, Failed).
    pub status: OrchestrationStatus,
    /// The domains associated with this task.
    pub domains: Vec<String>,
}

/// Shared application state for the API server.
#[derive(Clone)]
pub struct AppState {
    /// Global system configuration.
    pub config: Arc<Config>,
    /// Shared ACME client instance.
    pub client: Option<Arc<AcmeClient>>,
    /// Pluggable storage backend.
    pub storage: Option<Arc<dyn StorageBackend>>,
    /// Health monitoring component.
    pub health: Arc<HealthCheck>,
    /// Webhook notification handler.
    pub webhook: Arc<WebhookHandler>,
    /// Thread-safe tracker for background tasks.
    pub tasks: Arc<RwLock<HashMap<String, TaskInfo>>>,
    /// List of authorized API keys for authentication.
    pub api_keys: Arc<Vec<String>>,
    /// The certificate renewal scheduler.
    pub scheduler: Option<Arc<dyn RenewalScheduler>>,
}

/// Starts the REST API server on the specified address.
///
/// This function initializes the router, applies middleware (like API key auth),
/// and starts the Axum server loop.
pub async fn start_server(
    addr: SocketAddr,
    config: Arc<Config>,
    client: Option<Arc<AcmeClient>>,
    storage: Option<Arc<dyn StorageBackend>>,
    webhook_manager: Arc<WebhookManager>,
    scheduler: Option<Arc<dyn RenewalScheduler>>,
) -> Result<()> {
    tracing::info!("Initializing AcmeX API server on {}", addr);

    let health = Arc::new(HealthCheck::new());
    let webhook = Arc::new(WebhookHandler::new(webhook_manager));
    let tasks = Arc::new(RwLock::new(HashMap::new()));

    // Load API keys from environment variable ACMEX_API_KEYS (comma separated)
    let api_keys_str = std::env::var("ACMEX_API_KEYS").unwrap_or_else(|_| {
        tracing::warn!("ACMEX_API_KEYS not set, using default insecure key");
        "secret-admin-key".to_string()
    });
    let api_keys: Vec<String> = api_keys_str
        .split(',')
        .map(|s| s.trim().to_string())
        .collect();
    let api_keys = Arc::new(api_keys);

    let state = AppState {
        config,
        client,
        storage,
        health: health.clone(),
        webhook,
        tasks,
        api_keys,
        scheduler,
    };

    // Define API routes with authentication middleware
    let api_routes = Router::new()
        // Account management endpoints
        .route("/accounts", post(create_account))
        .route(
            "/accounts/:id",
            get(get_account)
                .patch(update_account)
                .delete(deactivate_account),
        )
        // Order and renewal endpoints
        .route("/orders", get(list_orders).post(create_order))
        .route("/orders/renew-all", post(trigger_full_renewal))
        .route("/orders/:id", get(get_order))
        // Certificate management endpoints
        .route("/certificates", get(list_certificates))
        .route("/certificates/:id", get(get_certificate))
        .route("/certificates/:id/renew", post(renew_certificate))
        .route("/certificates/:id/revoke", post(revoke_certificate))
        .layer(axum::middleware::from_fn_with_state(
            state.clone(),
            api_key_auth,
        ));

    // Combine all routes
    let app = Router::new()
        .route("/health", get(health_handler))
        .route("/webhook", post(webhook_handler))
        .nest("/api", api_routes)
        .with_state(state);

    // Bind and serve
    let listener = TcpListener::bind(addr).await.map_err(|e| {
        tracing::error!("Failed to bind to address {}: {}", addr, e);
        crate::error::AcmeError::transport(format!("Failed to bind API server: {}", e))
    })?;

    tracing::info!("AcmeX API server is now listening on http://{}", addr);

    axum::serve(listener, app).await.map_err(|e| {
        tracing::error!("Axum server error: {}", e);
        crate::error::AcmeError::transport(format!("Server error: {}", e))
    })?;

    Ok(())
}

// Axum state extraction implementations
impl axum::extract::FromRef<AppState> for Arc<HealthCheck> {
    fn from_ref(state: &AppState) -> Self {
        state.health.clone()
    }
}

impl axum::extract::FromRef<AppState> for Arc<WebhookHandler> {
    fn from_ref(state: &AppState) -> Self {
        state.webhook.clone()
    }
}