OPNsense Forum

English Forums => Development and Code Review => Topic started by: Alphakilo on September 19, 2019, 06:25:13 pm

Title: security/acme-client: API token support for Cloudflare
Post by: Alphakilo on September 19, 2019, 06:25:13 pm

acme.sh supports Cloudflares new token model, which allows fine-grained control over token permissions.
Reference: https://github.com/Neilpang/acme.sh/wiki/dnsapi#using-the-new-cloudflare-api-token

I'm a huge fan of the "least-privilege" principle, so I took it upon me to take a stab at implementing it into the os-acme-client Plugin.
Here's the result: https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b)
(http://)

It works on my lab and my productive installations, though there are some issues where I'd like some feedback on.

• Are <help>-elements appropriate in the dialogValidation.xml? (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b#diff-b7bb21b1968b1e68df572e587acf6dbcR201)
• I can't get a proper control structure around this (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b#r35154089), any advice?

Cheers!