v3.0.0: HTTP Authentication for Let's Encrypt

This commit is contained in:
AJ ONeal 2019-07-30 23:58:48 -06:00
parent d07dffd46e
commit b80ab1ae54
6 changed files with 28 additions and 100 deletions

View File

@ -1,6 +1,6 @@
# [acme-http-01-webroot.js](https://git.rootprojects.org/root/acme-http-01-webroot.js) | a [Root](https://rootprojects.org/) project # [acme-http-01-standalone.js](https://git.rootprojects.org/root/acme-http-01-standalone.js) | a [Root](https://rootprojects.org/) project
Webroot Authentication + Let's Encrypt for Node.js - ACME http-01 challenges w/ ACME.js and Greenlock.js In-memory HTTP Authentication for Let's Encrypt for Node.js - ACME http-01 challenges w/ ACME.js and Greenlock.js
Handles ACME http-01 challenges. Compatible with ACME.js and Greenlock.js. Passes acme-http-01-test. Handles ACME http-01 challenges. Compatible with ACME.js and Greenlock.js. Passes acme-http-01-test.
@ -8,10 +8,7 @@ Handles ACME http-01 challenges. Compatible with ACME.js and Greenlock.js. Passe
- Compatible - Compatible
- Lets Encrypt v2.1 / ACME draft 18 (2019) - Lets Encrypt v2.1 / ACME draft 18 (2019)
- Works with your web root - Works standalone, without a separate web server
- Apache
- Nginx
- Lighttpd
- ACME.js, Greenlock.js, and others - ACME.js, Greenlock.js, and others
- Quality - Quality
- node v6 compatible VanillaJS - node v6 compatible VanillaJS
@ -21,7 +18,7 @@ Handles ACME http-01 challenges. Compatible with ACME.js and Greenlock.js. Passe
# Install # Install
```js ```js
npm install --save acme-http-01-webroot npm install --save acme-http-01-standalone
``` ```
# Usage # Usage
@ -29,17 +26,7 @@ npm install --save acme-http-01-webroot
First you create an instance with your credentials: First you create an instance with your credentials:
```js ```js
var http01 = require('acme-http-01-webroot').create({ var http01 = require('acme-http-01-standalone').create({});
webroot: '~/.local/tmp/acme-challenge' // default
});
```
Template example:
```js
var http01 = require('acme-http-01-webroot').create({
webroot: '/srv/www/{domain}/.well-known/acme-challenge'
});
``` ```
Then you can use it with any compatible ACME library, such as Greenlock.js or ACME.js. Then you can use it with any compatible ACME library, such as Greenlock.js or ACME.js.
@ -108,7 +95,7 @@ See AUTHORS for contact info.
# Legal # Legal
[acme-http-01-webroot.js](https://git.coolaj86.com/coolaj86/acme-http-01-webroot.js) | MPL-2.0 | [Terms of Use](https://therootcompany.com/legal/#terms) | [Privacy Policy](https://therootcompany.com/legal/#privacy) [acme-http-01-standalone.js](https://git.coolaj86.com/coolaj86/acme-http-01-standalone.js) | MPL-2.0 | [Terms of Use](https://therootcompany.com/legal/#terms) | [Privacy Policy](https://therootcompany.com/legal/#privacy)
Copyright 2019 AJ ONeal Copyright 2019 AJ ONeal
Copyright 2019 The Root Group LLC Copyright 2019 The Root Group LLC

View File

@ -1,2 +1 @@
RECORD=example.co.uk RECORD=example.co.uk
WEBROOT=/tmp/acme-challenge

View File

@ -1,32 +1,13 @@
'use strict'; 'use strict';
//var request; //var request;
var promisify = require('util').promisify;
var os = require('os');
var fs = require('fs');
var writeFile = promisify(fs.writeFile);
var readFile = promisify(fs.readFile);
var unlink = promisify(fs.unlink);
var mkdirp = promisify(require('@root/mkdirp'));
var path = require('path');
var defaults = { var defaults = {};
webroot: path.join(require('os').tmpdir(), 'acme-challenge')
};
module.exports.create = function(config) { module.exports.create = function(config) {
var webroot = config.webroot || config.webrootPath || defaults.webroot; var memdb = config.cache || {};
function tpl(str, ch) {
return str
.replace(/\s*{+\s*domain\s*}+\s*/gi, ch.identifier.value)
.replace(/^~/, os.homedir());
}
return { return {
// exposed to make testable
_tpl: tpl,
init: function(opts) { init: function(opts) {
//request = opts.request; //request = opts.request;
return null; return null;
@ -36,47 +17,33 @@ module.exports.create = function(config) {
// console.log('Add Key Auth URL', data); // console.log('Add Key Auth URL', data);
var ch = data.challenge; var ch = data.challenge;
var pathname = tpl(webroot, ch); var key = ch.identifier.value + '#' + ch.token;
memdb[key] = ch.keyAuthorization;
return mkdirp(pathname)
.then(function() {
return writeFile(
path.join(pathname, ch.token),
ch.keyAuthorization
);
})
.then(function() {
return null; return null;
});
}, },
get: function(data) { get: function(data) {
// console.log('List Key Auth URL', data); // console.log('List Key Auth URL', data);
var ch = data.challenge; var ch = data.challenge;
var pathname = tpl(webroot, ch); var key = ch.identifier.value + '#' + ch.token;
return readFile(path.join(pathname, ch.token), 'utf8') if (memdb[key]) {
.then(function(keyAuth) { return { keyAuthorization: memdb[key] };
return { keyAuthorization: keyAuth };
})
.catch(function(err) {
if ('ENOENT' !== err.code) {
throw err;
} }
return null; return null;
});
}, },
remove: function(data) { remove: function(data) {
// console.log('Remove Key Auth URL', data); // console.log('Remove Key Auth URL', data);
var ch = data.challenge; var ch = data.challenge;
var pathname = tpl(webroot, ch); var key = ch.identifier.value + '#' + ch.token;
return unlink(path.join(pathname, ch.token)).then(function() { delete memdb[key];
return null; return null;
});
} }
}; };
}; };

7
package-lock.json generated
View File

@ -1,14 +1,9 @@
{ {
"name": "acme-http-01-webroot", "name": "acme-http-01-standalone",
"version": "3.0.0", "version": "3.0.0",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {
"@root/mkdirp": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/@root/mkdirp/-/mkdirp-1.0.0.tgz",
"integrity": "sha512-hxGAYUx5029VggfG+U9naAhQkoMSXtOeXtbql97m3Hi6/sQSRL/4khKZPyOF6w11glyCOU38WCNLu9nUcSjOfA=="
},
"@root/request": { "@root/request": {
"version": "1.3.11", "version": "1.3.11",
"resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz", "resolved": "https://registry.npmjs.org/@root/request/-/request-1.3.11.tgz",

View File

@ -1,7 +1,7 @@
{ {
"name": "acme-http-01-webroot", "name": "acme-http-01-standalone",
"version": "3.0.0", "version": "3.0.0",
"description": "Webroot Authentication + Let's Encrypt for Node.js - ACME http-01 challenges w/ ACME.js and Greenlock.js", "description": "HTTP Authentication (In-Memory) for Let's Encrypt for Node.js - ACME http-01 challenges w/ ACME.js and Greenlock.js",
"main": "index.js", "main": "index.js",
"files": [ "files": [
"lib", "lib",
@ -12,11 +12,11 @@
}, },
"repository": { "repository": {
"type": "git", "type": "git",
"url": "https://git.coolaj86.com/coolaj86/acme-http-01-webroot.js.git" "url": "https://git.coolaj86.com/coolaj86/acme-http-01-standalone.js.git"
}, },
"keywords": [ "keywords": [
"webroot", "standalone",
"storage", "memory",
"http-01", "http-01",
"letsencrypt", "letsencrypt",
"acme", "acme",
@ -31,7 +31,5 @@
"acme-challenge-test": "^3.3.2", "acme-challenge-test": "^3.3.2",
"dotenv": "^8.0.0" "dotenv": "^8.0.0"
}, },
"dependencies": { "dependencies": {}
"@root/mkdirp": "^1.0.0"
}
} }

20
test.js
View File

@ -7,11 +7,7 @@ require('dotenv').config();
// Usage: node ./test.js example.com username xxxxxxxxx // Usage: node ./test.js example.com username xxxxxxxxx
var record = process.argv[2] || process.env.RECORD; var record = process.argv[2] || process.env.RECORD;
var challenger = require('./index.js').create({ var challenger = require('./index.js').create({});
webroot:
'/tmp/acme-tests/{domain}/.well-known/acme-challenges/' ||
process.env.WEBROOT
});
// The dry-run tests can pass on, literally, 'example.com' // The dry-run tests can pass on, literally, 'example.com'
// but the integration tests require that you have control over the domain // but the integration tests require that you have control over the domain
@ -24,17 +20,3 @@ tester
console.error(e.message); console.error(e.message);
console.error(e.stack); console.error(e.stack);
}); });
var ch = { identifier: { value: 'foo.example.co.uk' } };
//var ch = { domain: 'foo.example.co.uk' };
var homeish = challenger._tpl('~/.local/tmp/acme-challenge', ch);
console.log(homeish);
if ('/' !== homeish[0] || /~/.test(homeish)) {
throw new Error('Not the expected value for home tmp: ' + homeish);
}
var srvish = challenger._tpl('/srv/{domain}/.well-known/acme-challenge', ch);
console.log(srvish);
if ('/' !== srvish[0] || /~/.test(srvish)) {
throw new Error('Not the expected value for srv template: ' + srvish);
}