HTTP timeouts to API, and self-validation mutex to nameserver ops

pkg/api/api.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"net/http"
+	"time"
 
 	"github.com/joohoi/acme-dns/pkg/acmedns"
 
@@ -71,6 +72,9 @@ func (a *AcmednsAPI) Start(dnsservers []acmedns.AcmednsNS) {
 			Handler:      c.Handler(api),
 			TLSConfig:    cfg,
 			ErrorLog:     stderrorlog,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
+			IdleTimeout:  120 * time.Second,
 		}
 		a.Logger.Infow("Listening HTTPS",
 			"host", host,
@@ -82,6 +86,9 @@ func (a *AcmednsAPI) Start(dnsservers []acmedns.AcmednsNS) {
 			Handler:      c.Handler(api),
 			TLSConfig:    cfg,
 			ErrorLog:     stderrorlog,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
+			IdleTimeout:  120 * time.Second,
 		}
 		a.Logger.Infow("Listening HTTPS",
 			"host", host,

pkg/nameserver/initialize.go

@@ -24,6 +24,7 @@ type Nameserver struct {
 	OwnDomain         string
 	NotifyStartedFunc func()
 	SOA               dns.RR
+	mu                sync.RWMutex
 	personalAuthKey   string
 	Domains           map[string]Records
 	errChan           chan error

pkg/nameserver/validation.go

@@ -4,11 +4,15 @@ import "github.com/miekg/dns"
 
 // SetOwnAuthKey sets the ACME challenge token for completing dns validation for acme-dns server itself
 func (n *Nameserver) SetOwnAuthKey(key string) {
+	n.mu.Lock()
+	defer n.mu.Unlock()
 	n.personalAuthKey = key
 }
 
 // answerOwnChallenge answers to ACME challenge for acme-dns own certificate
 func (n *Nameserver) answerOwnChallenge(q dns.Question) ([]dns.RR, error) {
+	n.mu.RLock()
+	defer n.mu.RUnlock()
 	r := new(dns.TXT)
 	r.Hdr = dns.RR_Header{Name: q.Name, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 1}
 	r.Txt = append(r.Txt, n.personalAuthKey)