From 93985c7d745a981aecb7918043ffca880c9bc3a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 8 Mar 2026 21:12:47 +0000 Subject: [PATCH 1/3] build(deps): bump golang.org/x/sys Bumps the go_modules group with 1 update in the / directory: [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/sys` from 0.0.0-20210218145245-beda7e5e158e to 0.1.0 - [Commits](https://github.com/golang/sys/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.1.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] --- go.mod | 9 ++++++--- go.sum | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index ebe163c..0b6f01f 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,11 @@ module tsc-bridge go 1.25.6 require ( - github.com/jchv/go-webview2 v0.0.0-20260205173254-56598839c808 // indirect + github.com/jchv/go-webview2 v0.0.0-20260205173254-56598839c808 + github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6 +) + +require ( github.com/jchv/go-winloader v0.0.0-20250406163304-c1995be93bd1 // indirect - github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6 // indirect - golang.org/x/sys v0.0.0-20210218145245-beda7e5e158e // indirect + golang.org/x/sys v0.1.0 // indirect ) diff --git a/go.sum b/go.sum index 6be86f8..fd1b756 100644 --- a/go.sum +++ b/go.sum @@ -5,5 +5,6 @@ github.com/jchv/go-winloader v0.0.0-20250406163304-c1995be93bd1/go.mod h1:alcuEE github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6 h1:VQpB2SpK88C6B5lPHTuSZKb2Qee1QWwiFlC5CKY4AW0= github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6/go.mod h1:yE65LFCeWf4kyWD5re+h4XNvOHJEXOCOuJZ4v8l5sgk= golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210218145245-beda7e5e158e h1:f5mksnk+hgXHnImpZoWj64ja99j9zV7YUgrVG95uFE4= golang.org/x/sys v0.0.0-20210218145245-beda7e5e158e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From d3658302e398c4ee408c226c4c3bd66b69bc2e4c Mon Sep 17 00:00:00 2001 From: Mario Herrera Date: Sun, 8 Mar 2026 15:41:42 -0600 Subject: [PATCH 2/3] feat: embedded Let's Encrypt cert for local.labelctl.dev - Embedded real Let's Encrypt certificate (valid 90 days, auto-renewed monthly) - HTTPS serves on local.labelctl.dev with trusted cert (no browser warnings) - Falls back to self-signed if embedded cert expires - Added renew-cert.yml GitHub Action for monthly auto-renewal via DNS-01 - Changed default hostname from myprinter.com to local.labelctl.dev --- .github/workflows/renew-cert.yml | 43 ++++++++++++++++++++++++++++ .gitignore | 1 + certs/server.crt | 48 ++++++++++++++++++++++++++++++++ certs/server.key | 5 ++++ certs_embed.go | 28 +++++++++++++++++++ main.go | 28 +++++++++++-------- tls.go | 4 +-- 7 files changed, 144 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/renew-cert.yml create mode 100644 certs/server.crt create mode 100644 certs/server.key create mode 100644 certs_embed.go diff --git a/.github/workflows/renew-cert.yml b/.github/workflows/renew-cert.yml new file mode 100644 index 0000000..a6c0e70 --- /dev/null +++ b/.github/workflows/renew-cert.yml @@ -0,0 +1,43 @@ +name: Renew Certificate + +on: + schedule: + - cron: '0 6 1 * *' # First day of every month at 6am UTC + workflow_dispatch: # Manual trigger + +jobs: + renew: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install lego + run: | + curl -sL https://github.com/go-acme/lego/releases/latest/download/lego_linux_amd64.tar.gz | tar xz + sudo mv lego /usr/local/bin/ + + - name: Renew certificate + env: + CLOUDFLARE_DNS_API_TOKEN: ${{ secrets.CLOUDFLARE_DNS_API_TOKEN }} + run: | + lego --email="herrera.monterroso.mario@gmail.com" \ + --dns cloudflare \ + --domains="local.labelctl.dev" \ + --accept-tos \ + --path="./.lego" \ + run + + cp .lego/certificates/local.labelctl.dev.crt certs/server.crt + cp .lego/certificates/local.labelctl.dev.key certs/server.key + + - name: Commit updated certificate + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add certs/server.crt certs/server.key + if git diff --cached --quiet; then + echo "No certificate changes" + else + git commit -m "chore: renew Let's Encrypt certificate for local.labelctl.dev" + git push + fi diff --git a/.gitignore b/.gitignore index 63a3383..5e0048b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ tsc-bridge.exe *.exe .DS_Store .ai-sessions/ +.lego/ diff --git a/certs/server.crt b/certs/server.crt new file mode 100644 index 0000000..1b1d895 --- /dev/null +++ b/certs/server.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDhjCCAw2gAwIBAgISBfRSqev+aldQsYsS6WahZreFMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +ODAeFw0yNjAzMDgyMDQxMjFaFw0yNjA2MDYyMDQxMjBaMB0xGzAZBgNVBAMTEmxv +Y2FsLmxhYmVsY3RsLmRldjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABK/KfWZb +zQ1KDKZS82OdTj/Ny9hLTYlM/YYvmFQfsbyUDynmPfk5CsxFDvMpy61Iu6Ywb1s1 +3VA2jGteuFMyKQKjggIWMIICEjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKPIkRGWqb3PFOEtNAnNv +YsJZjX4wHwYDVR0jBBgwFoAUjw0TovYuftFQbDMYOF1ZjiNykcowMgYIKwYBBQUH +AQEEJjAkMCIGCCsGAQUFBzAChhZodHRwOi8vZTguaS5sZW5jci5vcmcvMB0GA1Ud +EQQWMBSCEmxvY2FsLmxhYmVsY3RsLmRldjATBgNVHSAEDDAKMAgGBmeBDAECATAs +BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vZTguYy5sZW5jci5vcmcvNi5jcmwwggEF +BgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDLOPcViXyEoURfW8Hd+8lu8ppZzUcKaQWF +sMsUwxRY5wAAAZzPZG32AAAEAwBHMEUCIQDObDO1HnbH4udWbsCvUMSUs2NsYIk4 +1QwsaxkqMPGfIAIgD7QrqqJMcG42XDD1QNV8dx+n2zHse4sBMihl/fYsnj0AdwCW +l2S/VViXrfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZzPZG4PAAAEAwBIMEYC +IQCRu6reTOB+B2IugxQeRYXJY1BzepdoUq9kuhT8/ZmNiwIhAKzLVMmmSFUg6irJ +a6yvZarNUIgFO+eJqJSYl+A9gmgqMAoGCCqGSM49BAMDA2cAMGQCMEYmOjHwswRn +ee3mm57saH0FxdMpevPWh1mphqBMt417QfKow6YillWN/YP4R7lIPgIwBeZ6UT6l +lYd9Ub2tJn7eLOKDehD+4hKNzwgHGn3OUspApf57lfPkwLjAWWjP12vm +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIEVjCCAj6gAwIBAgIQY5WTY8JOcIJxWRi/w9ftVjANBgkqhkiG9w0BAQsFADBP +MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy +Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa +Fw0yNzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF +bmNyeXB0MQswCQYDVQQDEwJFODB2MBAGByqGSM49AgEGBSuBBAAiA2IABNFl8l7c +S7QMApzSsvru6WyrOq44ofTUOTIzxULUzDMMNMchIJBwXOhiLxxxs0LXeb5GDcHb +R6EToMffgSZjO9SNHfY9gjMy9vQr5/WWOrQTZxh7az6NSNnq3u2ubT6HTKOB+DCB +9TAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI8NE6L2Ln7RUGwzGDhdWY4j +cpHKMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEB +BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzATBgNVHSAE +DDAKMAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5j +ci5vcmcvMA0GCSqGSIb3DQEBCwUAA4ICAQBnE0hGINKsCYWi0Xx1ygxD5qihEjZ0 +RI3tTZz1wuATH3ZwYPIp97kWEayanD1j0cDhIYzy4CkDo2jB8D5t0a6zZWzlr98d +AQFNh8uKJkIHdLShy+nUyeZxc5bNeMp1Lu0gSzE4McqfmNMvIpeiwWSYO9w82Ob8 +otvXcO2JUYi3svHIWRm3+707DUbL51XMcY2iZdlCq4Wa9nbuk3WTU4gr6LY8MzVA +aDQG2+4U3eJ6qUF10bBnR1uuVyDYs9RhrwucRVnfuDj29CMLTsplM5f5wSV5hUpm +Uwp/vV7M4w4aGunt74koX71n4EdagCsL/Yk5+mAQU0+tue0JOfAV/R6t1k+Xk9s2 +HMQFeoxppfzAVC04FdG9M+AC2JWxmFSt6BCuh3CEey3fE52Qrj9YM75rtvIjsm/1 +Hl+u//Wqxnu1ZQ4jpa+VpuZiGOlWrqSP9eogdOhCGisnyewWJwRQOqK16wiGyZeR +xs/Bekw65vwSIaVkBruPiTfMOo0Zh4gVa8/qJgMbJbyrwwG97z/PRgmLKCDl8z3d +tA0Z7qq7fta0Gl24uyuB05dqI5J1LvAzKuWdIjT1tP8qCoxSE/xpix8hX2dt3h+/ +jujUgFPFZ0EVZ0xSyBNRF3MboGZnYXFUxpNjTWPKpagDHJQmqrAcDmWJnMsFY3jS +u1igv3OefnWjSQ== +-----END CERTIFICATE----- diff --git a/certs/server.key b/certs/server.key new file mode 100644 index 0000000..cd8b101 --- /dev/null +++ b/certs/server.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIP94a9FyoPzqzqLt3Cgd4HF/FjsSHPckdpxM+/C3FZxMoAoGCCqGSM49 +AwEHoUQDQgAEr8p9ZlvNDUoMplLzY51OP83L2EtNiUz9hi+YVB+xvJQPKeY9+TkK +zEUO8ynLrUi7pjBvWzXdUDaMa164UzIpAg== +-----END EC PRIVATE KEY----- diff --git a/certs_embed.go b/certs_embed.go new file mode 100644 index 0000000..523efa9 --- /dev/null +++ b/certs_embed.go @@ -0,0 +1,28 @@ +package main + +import ( + "crypto/tls" + _ "embed" + "log" +) + +//go:embed certs/server.crt +var embeddedCert []byte + +//go:embed certs/server.key +var embeddedKey []byte + +// loadEmbeddedCert returns the embedded Let's Encrypt certificate for local.labelctl.dev. +// Returns nil if the embedded cert is missing or invalid. +func loadEmbeddedCert() *tls.Certificate { + if len(embeddedCert) == 0 || len(embeddedKey) == 0 { + return nil + } + cert, err := tls.X509KeyPair(embeddedCert, embeddedKey) + if err != nil { + log.Printf("[tls] Embedded cert invalid: %v — falling back to self-signed", err) + return nil + } + log.Printf("[tls] Using embedded Let's Encrypt certificate for local.labelctl.dev") + return &cert +} diff --git a/main.go b/main.go index c7b35d8..d4e06ca 100644 --- a/main.go +++ b/main.go @@ -749,19 +749,25 @@ func startServers(port string) error { }() } - // HTTPS server with auto-generated certs (also on dedicated thread) + // HTTPS server — try embedded Let's Encrypt cert first, fallback to self-signed httpsPort := fmt.Sprintf("%d", portInt(port)+1) httpsAddr := "127.0.0.1:" + httpsPort - certFile, keyFile, caFile, err := ensureCerts(defaultHostname) - if err != nil { - log.Printf("[tls] Could not generate certs: %v — HTTPS disabled", err) - return nil // HTTP is running, HTTPS is optional - } - go installCACert(caFile) - tlsCert, err := loadCertWithCA(certFile, keyFile, caFile) - if err != nil { - log.Printf("[tls] Could not load certs: %v — HTTPS disabled", err) - return nil + var tlsCert tls.Certificate + if embedded := loadEmbeddedCert(); embedded != nil { + tlsCert = *embedded + } else { + certFile, keyFile, caFile, err := ensureCerts(defaultHostname) + if err != nil { + log.Printf("[tls] Could not generate certs: %v — HTTPS disabled", err) + return nil + } + go installCACert(caFile) + loaded, err := loadCertWithCA(certFile, keyFile, caFile) + if err != nil { + log.Printf("[tls] Could not load certs: %v — HTTPS disabled", err) + return nil + } + tlsCert = loaded } httpsLn, err := net.Listen("tcp", httpsAddr) if err != nil { diff --git a/tls.go b/tls.go index 7a68f84..4ddc9b0 100644 --- a/tls.go +++ b/tls.go @@ -18,7 +18,7 @@ import ( "time" ) -const defaultHostname = "myprinter.com" +const defaultHostname = "local.labelctl.dev" // certDir returns the directory for TLS certificates. func certDir() string { @@ -101,7 +101,7 @@ func ensureCerts(hostname string) (certFile, keyFile, caFile string, err error) Organization: []string{"TSC Bridge"}, CommonName: hostname, }, - DNSNames: []string{hostname, "localhost", "tsc-bridge", "myprinter.com"}, + DNSNames: []string{hostname, "localhost", "local.labelctl.dev"}, IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}, NotBefore: time.Now(), NotAfter: time.Now().Add(397 * 24 * time.Hour), // Max 398 days for Apple/Chrome compliance From 4ec155a351335e2988cf1bb231c0e6167fc49f6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 8 Mar 2026 21:43:33 +0000 Subject: [PATCH 3/3] build(deps): bump the go_modules group across 1 directory with 2 updates Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.28.0 to 0.45.0 - [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.45.0) Updates `golang.org/x/net` from 0.30.0 to 0.47.0 - [Commits](https://github.com/golang/net/compare/v0.30.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.47.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] --- go.mod | 12 ++++++------ go.sum | 16 ++++++++-------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 9b11943..3cb1c76 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,9 @@ require ( github.com/boombuler/barcode v1.1.0 github.com/signintech/gopdf v0.36.0 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e + github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6 github.com/xuri/excelize/v2 v2.9.0 + golang.org/x/image v0.18.0 ) require ( @@ -17,12 +19,10 @@ require ( github.com/pkg/errors v0.8.1 // indirect github.com/richardlehane/mscfb v1.0.4 // indirect github.com/richardlehane/msoleps v1.0.4 // indirect - github.com/webview/webview_go v0.0.0-20240831120633-6173450d4dd6 // indirect github.com/xuri/efp v0.0.0-20240408161823-9ad904a10d6d // indirect github.com/xuri/nfp v0.0.0-20240318013403-ab9948c2c4a7 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/image v0.18.0 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/crypto v0.45.0 // indirect + golang.org/x/net v0.47.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/text v0.31.0 // indirect ) diff --git a/go.sum b/go.sum index ca8024f..863dd55 100644 --- a/go.sum +++ b/go.sum @@ -33,15 +33,15 @@ github.com/xuri/excelize/v2 v2.9.0 h1:1tgOaEq92IOEumR1/JfYS/eR0KHOCsRv/rYXXh6YJQ github.com/xuri/excelize/v2 v2.9.0/go.mod h1:uqey4QBZ9gdMeWApPLdhm9x+9o2lq4iVmjiLfBS5hdE= github.com/xuri/nfp v0.0.0-20240318013403-ab9948c2c4a7 h1:hPVCafDV85blFTabnqKgNhDCkJX25eik94Si9cTER4A= github.com/xuri/nfp v0.0.0-20240318013403-ab9948c2c4a7/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=