support embedding of the IP requesting the certificate in the challenge

Signed-off-by: Erik Hollensbe <git@hollensbe.org>

migrations/V1__init.sql

@@ -48,6 +48,7 @@ create table orders_challenges (
   identifier varchar not null,
   token varchar not null,
   status varchar not null,
+  issuing_address varchar not null,
   validated timestamptz,
   created_at timestamptz default CURRENT_TIMESTAMP not null,
   deleted_at timestamptz

src/acme/challenge.rs

@@ -195,6 +195,7 @@ mod tests {
             reference: make_nonce(None),
             token: make_nonce(None),
             status: OrderStatus::Processing,
+            issuing_address: "127.0.0.1".to_string(),
             created_at: chrono::DateTime::<chrono::Local>::from(std::time::SystemTime::now()),
             deleted_at: None,
             validated: None,
@@ -225,6 +226,7 @@ mod tests {
             reference: make_nonce(None),
             token: make_nonce(None),
             status: OrderStatus::Processing,
+            issuing_address: "127.0.0.1".to_string(),
             created_at: chrono::DateTime::<chrono::Local>::from(std::time::SystemTime::now()),
             deleted_at: None,
             validated: None,
@@ -300,6 +302,7 @@ mod tests {
                         reference: make_nonce(None),
                         challenge_type: ChallengeType::DNS01,
                         status: OrderStatus::Pending,
+                        issuing_address: "127.0.0.1".to_string(),
                         created_at: chrono::DateTime::<chrono::Local>::from(
                             std::time::SystemTime::now(),
                         ),

src/acme/handlers/order.rs

@@ -3,6 +3,7 @@ use serde::{Deserialize, Serialize};
 use std::{
     collections::HashSet,
     convert::{TryFrom, TryInto},
+    net::IpAddr,
 };
 use tokio_postgres::Transaction;
 use url::Url;
@@ -121,12 +122,14 @@ pub(crate) async fn new_order(
 
                 // for now at least, schedule one http-01 and dns-01 per name
 
+                let ip = req.extensions().get::<IpAddr>().unwrap();
                 for chall in vec![ChallengeType::DNS01, ChallengeType::HTTP01] {
                     let mut c = Challenge::new(
                         o.order_id.clone(),
                         authz.reference.clone(),
                         chall,
                         id.clone().to_string(),
+                        ip.to_string(),
                         OrderStatus::Pending,
                     );
 

src/models/order.rs

@@ -369,6 +369,7 @@ pub struct Challenge {
     pub identifier: String,
     pub token: String,
     pub reference: String,
+    pub issuing_address: String,
     pub status: OrderStatus,
     pub validated: Option<chrono::DateTime<chrono::Local>>,
     pub created_at: chrono::DateTime<chrono::Local>,
@@ -382,6 +383,7 @@ impl Challenge {
         authorization_id: String,
         challenge_type: ChallengeType,
         identifier: String,
+        issuing_address: String,
         status: OrderStatus,
     ) -> Self {
         Self {
@@ -392,6 +394,7 @@ impl Challenge {
             identifier,
             token: make_nonce(None),
             reference: make_nonce(None),
+            issuing_address,
             status,
             validated: None,
             created_at: chrono::DateTime::<chrono::Local>::from(std::time::SystemTime::now()),
@@ -454,6 +457,7 @@ impl Challenge {
             authorization_id: result.get("authorization_id"),
             challenge_type: ct.clone(),
             identifier: id.to_string(),
+            issuing_address: result.get("issuing_address"),
             validated: result.get("validated"),
             reference: result.get("reference"),
             token: result.get("token"),
@@ -467,8 +471,8 @@ impl Challenge {
         let mut client = db.client().await?;
         let tx = client.transaction().await?;
         let res = tx.query_one(
-            "insert into orders_challenges (order_id, authorization_id, challenge_type, identifier, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id",
-            &[&self.order_id.clone(), &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.identifier.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at],
+            "insert into orders_challenges (order_id, authorization_id, challenge_type, issuing_address, identifier, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) returning id",
+            &[&self.order_id.clone(), &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.issuing_address, &self.identifier.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at],
             ).await?;
 
         let id = res.get("id");
@@ -530,8 +534,8 @@ impl RecordList<String> for Challenge {
 
     async fn append(&self, order_id: String, tx: &Transaction<'_>) -> Result<Vec<Self>, SaveError> {
         tx.execute(
-            "insert into orders_challenges (order_id, authorization_id, challenge_type, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8) returning id",
-            &[&order_id, &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at],
+            "insert into orders_challenges (order_id, authorization_id, challenge_type, issuing_address, token, reference, status, created_at, deleted_at) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id",
+            &[&order_id, &self.authorization_id.clone(), &self.challenge_type.clone().to_string(), &self.issuing_address, &self.token.clone(), &self.reference.clone(), &self.status.clone().to_string(), &self.created_at, &self.deleted_at],
             ).await?;
         Ok(Self::collect(order_id, tx).await?)
     }