v3.0.1: http-01 and other bugfixes, update deps

This commit is contained in:
AJ ONeal 2019-10-29 06:48:31 +00:00
parent 3f437c6ebb
commit 405e98620c
8 changed files with 81 additions and 65 deletions

View File

@ -14,14 +14,8 @@ function initialize() {
staging: true, staging: true,
cluster: true, cluster: true,
challenges: {
"dns-01": {
module: "acme-dns-01-digitalocean"
}
},
notify: function(ev, params) { notify: function(ev, params) {
console.log(ev, params); console.info(ev, params);
} }
}; };
return config; return config;

View File

@ -9,33 +9,49 @@ module.exports.create = function(opts) {
// TODO move to greenlock proper // TODO move to greenlock proper
greenlock.getAcmeHttp01ChallengeResponse = function(opts) { greenlock.getAcmeHttp01ChallengeResponse = function(opts) {
return greenlock.find({ servername: opts.servername }).then(function(sites) { // TODO some sort of caching to prevent database hits?
if (!sites.length) { return greenlock
return null; ._config({ servername: opts.servername })
} .then(function(site) {
var site = sites[0]; if (!site) {
if (!site.challenges || !site.challenges["http-01"]) { return null;
return null; }
}
var plugin; // Hmm... this _should_ be impossible
try { if (!site.challenges || !site.challenges["http-01"]) {
plugin = require(site.challenges["http-01"].module); return null;
plugin = plugin.create(site.challenges["http-01"]); }
} catch (e) {
console.error("error getting acme http-01 plugin");
console.error(e);
return null;
}
return plugin.get(opts).then(function(result) { return Greenlock._loadChallenge(site.challenges, "http-01");
// TODO is this the right way? })
var ch = (result && result.challenge) || result || {}; .then(function(plugin) {
return { return plugin
keyAuthorization: ch.keyAuthorization .get({
}; challenge: {
type: opts.type,
//hostname: opts.servername,
altname: opts.servername,
identifier: { value: opts.servername },
token: opts.token
}
})
.then(function(result) {
var keyAuth;
if (result) {
// backwards compat that shouldn't be dropped
// because new v3 modules had to do this to be
// backwards compatible with Greenlock v2.7 at
// the time.
if (result.challenge) {
result = challenge;
}
keyAuth = result.keyAuthorization;
}
return {
keyAuthorization: keyAuth
};
});
}); });
});
}; };
return greenlock; return greenlock;
@ -43,9 +59,9 @@ module.exports.create = function(opts) {
function addGreenlockAgent(opts) { function addGreenlockAgent(opts) {
// Add greenlock as part of Agent, unless this is greenlock // Add greenlock as part of Agent, unless this is greenlock
if (!/^greenlock(-express|-pro)?/.test(opts.packageAgent)) { if (!/greenlock(-express|-pro)?/i.test(opts.packageAgent)) {
var pkg = require("./package.json"); var pkg = require("./package.json");
var packageAgent = pkg.name + "/" + pkg.version; var packageAgent = "Greenlock_Express/" + pkg.version;
opts.packageAgent += " " + packageAgent; opts.packageAgent += " " + packageAgent;
} }

View File

@ -23,11 +23,15 @@ HttpMiddleware.create = function(gl, defaultApp) {
var token = req.url.slice(challengePrefix.length); var token = req.url.slice(challengePrefix.length);
gl.getAcmeHttp01ChallengeResponse({ type: "http-01", servername: hostname, token: token }) gl.getAcmeHttp01ChallengeResponse({ type: "http-01", servername: hostname, token: token })
.then(function(result) {
respondWithGrace(res, result, hostname, token);
})
.catch(function(err) { .catch(function(err) {
respondToError(gl, res, err, "http_01_middleware_challenge_response", hostname); respondToError(gl, res, err, "http_01_middleware_challenge_response", hostname);
return { __done: true };
})
.then(function(result) {
if (result && result.__done) {
return;
}
return respondWithGrace(res, result, hostname, token);
}); });
}; };
}; };

View File

@ -75,7 +75,7 @@ Master._spawnWorkers = function(opts, greenlock) {
} }
} }
cluster.on("exit", function() { cluster.once("exit", function() {
setTimeout(function() { setTimeout(function() {
process.exit(3); process.exit(3);
}, 100); }, 100);
@ -101,7 +101,7 @@ Master._spawnWorkers = function(opts, greenlock) {
Master._spawnWorker = function(opts, greenlock) { Master._spawnWorker = function(opts, greenlock) {
var w = cluster.fork(); var w = cluster.fork();
// automatically added to master's `cluster.workers` // automatically added to master's `cluster.workers`
w.on("exit", function(code, signal) { w.once("exit", function(code, signal) {
// TODO handle failures // TODO handle failures
// Should test if the first starts successfully // Should test if the first starts successfully
// Should exit if failures happen too quickly // Should exit if failures happen too quickly

30
package-lock.json generated
View File

@ -5,9 +5,9 @@
"requires": true, "requires": true,
"dependencies": { "dependencies": {
"@root/acme": { "@root/acme": {
"version": "3.0.6", "version": "3.0.8",
"resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.0.6.tgz", "resolved": "https://registry.npmjs.org/@root/acme/-/acme-3.0.8.tgz",
"integrity": "sha512-KfgwcyWDsT90vz+gmWbCwuOBolwV5Gcg0WHsG8/dznDC7a6QF4AmZsil7mIWKGJxHdi6MElkyrHZyK53OhPnug==", "integrity": "sha512-VmBvLvWdCDkolkanI9Dzm1ouSWPaAa2eCCwcDZcVQbWoNiUIOqbbd57fcMA/gZxLyuJPStD2WXFuEuSMPDxcww==",
"requires": { "requires": {
"@root/encoding": "^1.0.1", "@root/encoding": "^1.0.1",
"@root/keypairs": "^0.9.0", "@root/keypairs": "^0.9.0",
@ -40,18 +40,18 @@
"integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ==" "integrity": "sha512-OaEub02ufoU038gy6bsNHQOjIn8nUjGiLcaRmJ40IUykneJkIW5fxDqKxQx48cszuNflYldsJLPPXCrGfHs8yQ=="
}, },
"@root/greenlock": { "@root/greenlock": {
"version": "3.0.1", "version": "3.0.5",
"resolved": "https://registry.npmjs.org/@root/greenlock/-/greenlock-3.0.1.tgz", "resolved": "https://registry.npmjs.org/@root/greenlock/-/greenlock-3.0.5.tgz",
"integrity": "sha512-Hyrnw/gXgmM4Ml7l0SAwYQ1FAq685dwRXpp7zmOxZDieUGWwP+GUcXOrEefph/lpELWJ5igcPzdEkIGtjMCTww==", "integrity": "sha512-2fjtMRel/BDnxOhlIukcxdLjZSwmTSswwBKG8jvTYWwXsXMP5ef1YOdHYR7Vn6gFltaku0gBdE3ecG4KsV+g3A==",
"requires": { "requires": {
"@root/acme": "^3.0.6", "@root/acme": "^3.0.8",
"@root/csr": "^0.8.1", "@root/csr": "^0.8.1",
"@root/keypairs": "^0.9.0", "@root/keypairs": "^0.9.0",
"@root/mkdirp": "^1.0.0", "@root/mkdirp": "^1.0.0",
"@root/request": "^1.3.10", "@root/request": "^1.3.10",
"acme-http-01-standalone": "^3.0.0", "acme-http-01-standalone": "^3.0.5",
"cert-info": "^1.5.1", "cert-info": "^1.5.1",
"greenlock-manager-fs": "^0.6.0", "greenlock-manager-fs": "^0.6.2",
"greenlock-store-fs": "^3.2.0", "greenlock-store-fs": "^3.2.0",
"safe-replace": "^1.1.0" "safe-replace": "^1.1.0"
} }
@ -91,9 +91,9 @@
} }
}, },
"acme-http-01-standalone": { "acme-http-01-standalone": {
"version": "3.0.0", "version": "3.0.5",
"resolved": "https://registry.npmjs.org/acme-http-01-standalone/-/acme-http-01-standalone-3.0.0.tgz", "resolved": "https://registry.npmjs.org/acme-http-01-standalone/-/acme-http-01-standalone-3.0.5.tgz",
"integrity": "sha512-lZqVab2UZ1Dp36HemfhGEvdYOcVNg5wyVXNjtPUqGSAOVUOKqwi3gDrTGwqz+FBrEEEEpTngDPaZn2g3hfmPLA==" "integrity": "sha512-W4GfK+39GZ+u0mvxRVUcVFCG6gposfzEnSBF20T/NUwWAKG59wQT1dUbS1NixRIAsRuhpGc4Jx659cErFQH0Pg=="
}, },
"cert-info": { "cert-info": {
"version": "1.5.1", "version": "1.5.1",
@ -106,9 +106,9 @@
"integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
}, },
"greenlock-manager-fs": { "greenlock-manager-fs": {
"version": "0.6.0", "version": "0.6.2",
"resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-0.6.0.tgz", "resolved": "https://registry.npmjs.org/greenlock-manager-fs/-/greenlock-manager-fs-0.6.2.tgz",
"integrity": "sha512-o5RZ/T4j6eaUXCVnZ2dScE1pAjFuS8/R4ZDn7mCyRkxBjZvXJU7TpYe5Bc/wmN8x+gLHqVUECZWC6VdA/DbShQ==", "integrity": "sha512-hfQvrOsbSBffAe4dcZL2Aju4XQi3ePlGvwHcxOnIpqdxR8o/5ePNYAyvqwPFPt5iryHvRr7aMrPaA2CO2u3X6g==",
"requires": { "requires": {
"@root/mkdirp": "^1.0.0", "@root/mkdirp": "^1.0.0",
"safe-replace": "^1.1.0" "safe-replace": "^1.1.0"

View File

@ -1,6 +1,6 @@
{ {
"name": "@root/greenlock-express", "name": "@root/greenlock-express",
"version": "3.0.0", "version": "3.0.1",
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.", "description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
"main": "greenlock-express.js", "main": "greenlock-express.js",
"homepage": "https://greenlock.domains", "homepage": "https://greenlock.domains",
@ -17,7 +17,7 @@
"example": "examples" "example": "examples"
}, },
"dependencies": { "dependencies": {
"@root/greenlock": "^3.0.1", "@root/greenlock": "^3.0.5",
"redirect-https": "^1.1.5" "redirect-https": "^1.1.5"
}, },
"trulyOptionalDependencies": { "trulyOptionalDependencies": {

17
sni.js
View File

@ -118,26 +118,24 @@ sni.create = function(greenlock, secureOpts) {
meta.refreshAt = Date.now() + randomRefreshOffset(); meta.refreshAt = Date.now() + randomRefreshOffset();
} }
// TODO greenlock.get({ servername: servername })
// TODO don't get unknown certs at all, rely on auto-updates from greenlock // TODO don't get unknown certs at all, rely on auto-updates from greenlock
// Note: greenlock.renew() will return an existing fresh cert or issue a new one // Note: greenlock.get() will return an existing fresh cert or issue a new one
return greenlock.renew({ servername: servername }).then(function(matches) { return greenlock.get({ servername: servername }).then(function(result) {
var meta = getCachedMeta(servername); var meta = getCachedMeta(servername);
if (!meta) { if (!meta) {
meta = _cache[servername] = { secureContext: {} }; meta = _cache[servername] = { secureContext: { _valid: false } };
} }
// prevent from being punked by bot trolls // prevent from being punked by bot trolls
meta.refreshAt = Date.now() + smallStagger; meta.refreshAt = Date.now() + smallStagger;
// nothing to do // nothing to do
if (!matches.length) { if (!result) {
return null; return null;
} }
// we only care about the first one // we only care about the first one
var pems = matches[0].pems; var pems = result.pems;
var site = matches[0].site; var site = result.site;
var match = matches[0];
if (!pems || !pems.cert) { if (!pems || !pems.cert) {
// nothing to do // nothing to do
// (and the error should have been reported already) // (and the error should have been reported already)
@ -152,9 +150,10 @@ sni.create = function(greenlock, secureOpts) {
cert: pems.cert + "\n" + pems.chain + "\n" cert: pems.cert + "\n" + pems.chain + "\n"
}) })
}; };
meta.secureContext._valid = true;
// copy this same object into every place // copy this same object into every place
[match.altnames || site.altnames || [match.subject || site.subject]].forEach(function(altname) { (result.altnames || site.altnames || [result.subject || site.subject]).forEach(function(altname) {
_cache[altname] = meta; _cache[altname] = meta;
}); });

View File

@ -7,7 +7,7 @@ var msgPrefix = "greenlock:";
Worker.create = function() { Worker.create = function() {
var greenlock = {}; var greenlock = {};
["getAcmeHttp01ChallengeResponse", "renew", "notify"].forEach(function(k) { ["getAcmeHttp01ChallengeResponse", "get", "notify"].forEach(function(k) {
greenlock[k] = function(args) { greenlock[k] = function(args) {
return rpc(k, args); return rpc(k, args);
}; };
@ -40,10 +40,13 @@ function rpc(funcname, msg) {
if (msg._id !== id) { if (msg._id !== id) {
return; return;
} }
process.removeListener("message", getResponse);
clearTimeout(timeout); clearTimeout(timeout);
resolve(msg._result); resolve(msg._result);
} }
// TODO keep a single listener than just responds
// via a collection of callbacks? or leave as is?
process.on("message", getResponse); process.on("message", getResponse);
process.send({ process.send({
_id: id, _id: id,