From 0fa24c668a399902b2a1f54d2bd9c0fc89241a2f Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 15 Aug 2019 07:34:14 +0100
Subject: [PATCH] Add a convenience type to specify TLS auth ACLs on the
 command line

---
 serverutil/tls.go | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/serverutil/tls.go b/serverutil/tls.go
index 5d0d984..053e74d 100644
--- a/serverutil/tls.go
+++ b/serverutil/tls.go
@@ -2,10 +2,12 @@ package serverutil
 
 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"log"
 	"net/http"
 	"regexp"
+	"strings"
 
 	common "git.autistici.org/ai3/go-common"
 )
@@ -42,6 +44,31 @@ func (p *TLSAuthACL) match(req *http.Request) bool {
 	return false
 }
 
+// TLSAuthACLListFlag is a convenience type that allows callers to use
+// the 'flag' package to specify a list of TLSAuthACL objects. It
+// implements the flag.Value interface.
+type TLSAuthACLListFlag []*TLSAuthACL
+
+func (l TLSAuthACLListFlag) String() string {
+	var out []string
+	for _, acl := range l {
+		out = append(out, fmt.Sprintf("%s:%s", acl.Path, acl.CommonName))
+	}
+	return strings.Join(out, ",")
+}
+
+func (l *TLSAuthACLListFlag) Set(value string) error {
+	parts := strings.SplitN(value, ":", 2)
+	if len(parts) != 2 {
+		return errors.New("bad acl format")
+	}
+	*l = append(*l, &TLSAuthACL{
+		Path:       parts[0],
+		CommonName: parts[1],
+	})
+	return nil
+}
+
 // TLSAuthConfig stores access control lists for TLS authentication. Access
 // control lists are matched against the request path and the
 // CommonName component of the peer certificate subject.
-- 
GitLab