diff options
| author | Kévin Dunglas <[email protected]> | 2024-09-13 19:16:37 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-09-13 11:16:37 -0600 |
| commit | f4bf4e0097853438eb69c573bbaa0581e9b9c02d (patch) | |
| tree | 2c01222faa34d3c95072094a2f80c41b1563c19e /modules/caddytls/tls.go | |
| parent | 21f9c20a04ec5c2ac430daa8e4ba8fbdef67f773 (diff) | |
| download | caddy-f4bf4e0097853438eb69c573bbaa0581e9b9c02d.tar.gz caddy-f4bf4e0097853438eb69c573bbaa0581e9b9c02d.zip | |
perf: use zap's Check() to prevent useless allocs (#6560)
* perf: use zap's Check() to prevent useless allocs
* fix
* fix
* fix
* fix
* restore previous replacer behavior
* fix linter
Diffstat (limited to 'modules/caddytls/tls.go')
| -rw-r--r-- | modules/caddytls/tls.go | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index b30b10c24..5f3d0eaeb 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/certmagic" "go.uber.org/zap" + "go.uber.org/zap/zapcore" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyevents" @@ -323,8 +324,9 @@ func (t *TLS) Start() error { if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.permission == nil) { for _, ap := range t.Automation.Policies { if ap.OnDemand && ap.isWildcardOrDefault() { - t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place", - zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) + if c := t.logger.Check(zapcore.WarnLevel, "YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place"); c != nil { + c.Write(zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) + } break } } @@ -408,9 +410,12 @@ func (t *TLS) Cleanup() error { // give the new TLS app a "kick" to manage certs that it is configured for // with its own configuration instead of the one we just evicted if err := nextTLSApp.Manage(reManage); err != nil { - t.logger.Error("re-managing unloaded certificates with new config", - zap.Strings("subjects", reManage), - zap.Error(err)) + if c := t.logger.Check(zapcore.ErrorLevel, "re-managing unloaded certificates with new config"); c != nil { + c.Write( + zap.Strings("subjects", reManage), + zap.Error(err), + ) + } } } else { // no more TLS app running, so delete in-memory cert cache @@ -653,7 +658,9 @@ func (t *TLS) cleanStorageUnits() { id, err := caddy.InstanceID() if err != nil { - t.logger.Warn("unable to get instance ID; storage clean stamps will be incomplete", zap.Error(err)) + if c := t.logger.Check(zapcore.WarnLevel, "unable to get instance ID; storage clean stamps will be incomplete"); c != nil { + c.Write(zap.Error(err)) + } } options := certmagic.CleanStorageOptions{ Logger: t.logger, @@ -669,7 +676,9 @@ func (t *TLS) cleanStorageUnits() { if err != nil { // probably don't want to return early, since we should still // see if any other storages can get cleaned up - t.logger.Error("could not clean default/global storage", zap.Error(err)) + if c := t.logger.Check(zapcore.ErrorLevel, "could not clean default/global storage"); c != nil { + c.Write(zap.Error(err)) + } } // then clean each storage defined in ACME automation policies @@ -679,7 +688,9 @@ func (t *TLS) cleanStorageUnits() { continue } if err := certmagic.CleanStorage(t.ctx, ap.storage, options); err != nil { - t.logger.Error("could not clean storage configured in automation policy", zap.Error(err)) + if c := t.logger.Check(zapcore.ErrorLevel, "could not clean storage configured in automation policy"); c != nil { + c.Write(zap.Error(err)) + } } } } |