From 6bbb5f78e980fc70510e214bdfbb993095656b86 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 4 Nov 2019 15:03:24 -0700 Subject: [PATCH] remove cruft --- examples/old-demo.js | 75 ------------------- examples/old-force-renew.js | 30 -------- examples/old-remote-access.js | 104 -------------------------- examples/old-vhost.js | 134 ---------------------------------- examples/old-wildcard.js | 77 ------------------- 5 files changed, 420 deletions(-) delete mode 100644 examples/old-demo.js delete mode 100644 examples/old-force-renew.js delete mode 100644 examples/old-remote-access.js delete mode 100644 examples/old-vhost.js delete mode 100644 examples/old-wildcard.js diff --git a/examples/old-demo.js b/examples/old-demo.js deleted file mode 100644 index 8000314..0000000 --- a/examples/old-demo.js +++ /dev/null @@ -1,75 +0,0 @@ -"use strict"; - -// npm install spdy@3.x - -//var Greenlock = require('greenlock-express') -var Greenlock = require("../"); - -var greenlock = Greenlock.create({ - // Let's Encrypt v2 is ACME draft 11 - version: "draft-11", - - server: "https://acme-v02.api.letsencrypt.org/directory", - // Note: If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - - // You MUST change this to a valid email address - email: "jon@example.com", - - // You MUST NOT build clients that accept the ToS without asking the user - agreeTos: true, - - // You MUST change these to valid domains - // NOTE: all domains will validated and listed on the certificate - approvedDomains: ["example.com", "www.example.com"], - - // You MUST have access to write to directory where certs are saved - // ex: /home/foouser/acme/etc - configDir: "~/.config/acme/", - - // Get notified of important updates and help me make greenlock better - communityMember: true - - //, debug: true -}); - -//////////////////////// -// http-01 Challenges // -//////////////////////// - -// http-01 challenge happens over http/1.1, not http2 -var redirectHttps = require("redirect-https")(); -var acmeChallengeHandler = greenlock.middleware(function(req, res) { - res.setHeader("Content-Type", "text/html; charset=utf-8"); - res.end( - "

Hello, ⚠️ Insecure World!

Visit Secure Site" + - '' - ); -}); -require("http") - .createServer(acmeChallengeHandler) - .listen(80, function() { - console.log("Listening for ACME http-01 challenges on", this.address()); - }); - -//////////////////////// -// http2 via SPDY h2 // -//////////////////////// - -// spdy is a drop-in replacement for the https API -var spdyOptions = Object.assign({}, greenlock.tlsOptions); -spdyOptions.spdy = { protocols: ["h2", "http/1.1"], plain: false }; -var server = require("spdy").createServer( - spdyOptions, - require("express")().use("/", function(req, res) { - res.setHeader("Content-Type", "text/html; charset=utf-8"); - res.end("

Hello, 🔐 Secure World!

"); - }) -); -server.on("error", function(err) { - console.error(err); -}); -server.on("listening", function() { - console.log("Listening for SPDY/http2/https requests on", this.address()); -}); -server.listen(443); diff --git a/examples/old-force-renew.js b/examples/old-force-renew.js deleted file mode 100644 index 6869f6f..0000000 --- a/examples/old-force-renew.js +++ /dev/null @@ -1,30 +0,0 @@ -"use strict"; - -//require('greenlock-express') -require("../") - .create({ - // Let's Encrypt v2 is ACME draft 11 - version: "draft-11", - - server: "https://acme-v02.api.letsencrypt.org/directory", - // Note: If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - - email: "john.doe@example.com", - - agreeTos: true, - - approvedDomains: ["example.com", "www.example.com"], - - app: require("express")().use("/", function(req, res) { - res.end("Hello, World!"); - }), - - renewWithin: 91 * 24 * 60 * 60 * 1000, - renewBy: 90 * 24 * 60 * 60 * 1000, - - // Get notified of important updates and help me make greenlock better - communityMember: true, - debug: true - }) - .listen(80, 443); diff --git a/examples/old-remote-access.js b/examples/old-remote-access.js deleted file mode 100644 index 2852aa1..0000000 --- a/examples/old-remote-access.js +++ /dev/null @@ -1,104 +0,0 @@ -"use strict"; - -// -// WARNING: Not for noobs -// Try the simple example first -// - -// -// This demo is used with tunnel-server.js and tunnel-client.js -// - -var email = "john.doe@gmail.com"; -var domains = ["example.com"]; -var agreeLeTos = true; -//var secret = "My Little Brony"; -var secret = require("crypto") - .randomBytes(16) - .toString("hex"); - -require("../") - .create({ - version: "draft-11", - - server: "https://acme-v02.api.letsencrypt.org/directory", - // Note: If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - - email: email, - agreeTos: agreeLeTos, - approveDomains: domains, - configDir: "~/.config/acme/", - app: remoteAccess(secret), - // Get notified of important updates and help me make greenlock better - communityMember: true - //, debug: true - }) - .listen(3000, 8443); - -function remoteAccess(secret) { - var express = require("express"); - var basicAuth = require("express-basic-auth"); - var serveIndex = require("serve-index"); - - var rootIndex = serveIndex("/", { hidden: true, icons: true, view: "details" }); - var rootFs = express.static("/", { dotfiles: "allow", redirect: true, index: false }); - - var userIndex = serveIndex(require("os").homedir(), { hidden: true, icons: true, view: "details" }); - var userFs = express.static(require("os").homedir(), { dotfiles: "allow", redirect: true, index: false }); - - var app = express(); - var realm = "Login Required"; - - var myAuth = basicAuth({ - users: { root: secret, user: secret }, - challenge: true, - realm: realm, - unauthorizedResponse: function(/*req*/) { - return 'Unauthorized Home'; - } - }); - - app.get("/", function(req, res) { - res.setHeader("Content-Type", "text/html; charset=utf-8"); - res.end('View Files' + "  |  " + 'Logout'); - }); - app.use("/logout", function(req, res) { - res.setHeader("Content-Type", "text/html; charset=utf-8"); - res.setHeader("WWW-Authenticate", 'Basic realm="' + realm + '"'); - res.statusCode = 401; - //res.setHeader('Location', '/'); - res.end('Logged out   |   Home'); - }); - app.use("/browse", myAuth); - app.use("/browse", function(req, res, next) { - if ("root" === req.auth.user) { - rootFs(req, res, function() { - rootIndex(req, res, next); - }); - return; - } - if ("user" === req.auth.user) { - userFs(req, res, function() { - userIndex(req, res, next); - }); - return; - } - res.end("Sad Panda"); - }); - - console.log(""); - console.log(""); - console.log("Usernames are\n"); - console.log("\troot"); - console.log("\tuser"); - console.log(""); - console.log("Password (for both) is\n"); - console.log("\t" + secret); - console.log(""); - console.log("Shhhh... It's a secret to everybody!"); - console.log(""); - console.log(""); - - return app; -} diff --git a/examples/old-vhost.js b/examples/old-vhost.js deleted file mode 100644 index ed93322..0000000 --- a/examples/old-vhost.js +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/env node -"use strict"; - -/////////////////// -// vhost example // -/////////////////// - -// -// virtual hosting example -// - -// The prefix where sites go by name. -// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path -var srv = process.argv[3] || "/srv/www/"; - -var path = require("path"); -var fs = require("fs").promises; -var finalhandler = require("finalhandler"); -var serveStatic = require("serve-static"); - -//var glx = require('greenlock-express') -var glx = require("./").create({ - version: "draft-11", // Let's Encrypt v2 is ACME draft 11 - - server: "https://acme-v02.api.letsencrypt.org/directory", // If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - - configDir: process.argv[4] || "~/.config/acme/", // You MUST have access to write to directory where certs - // are saved. ex: /home/foouser/.config/acme - - approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the - // domain name here and reject invalid ones - - app: myVhostApp, // Any node-style http app (i.e. express, koa, hapi, rill) - - /* CHANGE TO A VALID EMAIL */ - email: process.argv[2] || "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security - agreeTos: true // Accept Let's Encrypt ToS - //, communityMember: true // Join Greenlock to get important updates, no spam - - //, debug: true -}); - -var server = glx.listen(80, 443); -server.on("listening", function() { - console.info(server.type + " listening on", server.address()); -}); - -function myApproveDomains(opts, certs, cb) { - console.log("sni:", opts.domain); - // In this example the filesystem is our "database". - // We check in /srv/www for whatever.com and if it exists, it's allowed - - // SECURITY Greenlock validates opts.domains ahead-of-time so you don't have to - return checkWwws(opts.domains[0]) - .then(function() { - //opts.email = email; - opts.agreeTos = true; - cb(null, { options: opts, certs: certs }); - }) - .catch(cb); -} - -function checkWwws(_hostname) { - if (!_hostname) { - // SECURITY, don't allow access to the 'srv' root - // (greenlock-express uses middleware to check '..', etc) - return ""; - } - var hostname = _hostname; - var _hostdir = path.join(srv, hostname); - var hostdir = _hostdir; - // TODO could test for www/no-www both in directory - return fs - .readdir(hostdir) - .then(function() { - // TODO check for some sort of htaccess.json and use email in that - // NOTE: you can also change other options such as `challengeType` and `challenge` - // opts.challengeType = 'http-01'; - // opts.challenge = require('le-challenge-fs').create({}); - return hostname; - }) - .catch(function() { - if ("www." === hostname.slice(0, 4)) { - // Assume we'll redirect to non-www if it's available. - hostname = hostname.slice(4); - hostdir = path.join(srv, hostname); - return fs.readdir(hostdir).then(function() { - // TODO list both domains? - return hostname; - }); - } else { - // Or check and see if perhaps we should redirect non-www to www - hostname = "www." + hostname; - hostdir = path.join(srv, hostname); - return fs.readdir(hostdir).then(function() { - // TODO list both domains? - return hostname; - }); - } - }) - .catch(function() { - throw new Error("rejecting '" + _hostname + "' because '" + _hostdir + "' could not be read"); - }); -} - -function myVhostApp(req, res) { - // SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access so you don't have to - // (also: only domains approved above will get here) - console.log("vhost:", req.headers.host); - if (!req.headers.host) { - // SECURITY, don't allow access to the 'srv' root - // (greenlock-express uses middleware to check '..', etc) - return res.end(); - } - - // We could cache wether or not a host exists for some amount of time - var fin = finalhandler(req, res); - return checkWwws(req.headers.host) - .then(function(hostname) { - if (hostname !== req.headers.host) { - res.statusCode = 302; - res.setHeader("Location", "https://" + hostname); - // SECURITY this is safe only because greenlock disallows invalid hostnames - res.end(""); - return; - } - var serve = serveStatic(path.join(srv, hostname), { redirect: true }); - serve(req, res, fin); - }) - .catch(function() { - fin(); - }); -} diff --git a/examples/old-wildcard.js b/examples/old-wildcard.js deleted file mode 100644 index 349846e..0000000 --- a/examples/old-wildcard.js +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/env node -"use strict"; -/*global Promise*/ - -/////////////////////// -// wildcard example // -////////////////////// - -// -// wildcard example -// - -//var glx = require('greenlock-express') -var glx = require("../").create({ - version: "draft-11", // Let's Encrypt v2 is ACME draft 11 - - server: "https://acme-staging-v02.api.letsencrypt.org/directory", - //, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging - // https://acme-staging-v02.api.letsencrypt.org/directory - - configDir: "~/acme/", // You MUST have access to write to directory where certs - // are saved. ex: /home/foouser/.config/acme - - approveDomains: myApproveDomains, // Greenlock's wraps around tls.SNICallback. Check the - // domain name here and reject invalid ones - - app: require("./my-express-app.js"), // Any node-style http app (i.e. express, koa, hapi, rill) - - /* CHANGE TO A VALID EMAIL */ - email: "jon.doe@example.com", // Email for Let's Encrypt account and Greenlock Security - agreeTos: true, // Accept Let's Encrypt ToS - communityMember: true, // Join Greenlock to (very rarely) get important updates - - //, debug: true - store: require("le-store-fs") -}); - -var server = glx.listen(80, 443); -server.on("listening", function() { - console.info(server.type + " listening on", server.address()); -}); - -function myApproveDomains(opts) { - console.log("sni:", opts.domain); - - // must be 'example.com' or start with 'example.com' - if ( - "example.com" !== opts.domain && - "example.com" !== - opts.domain - .split(".") - .slice(1) - .join(".") - ) { - return Promise.reject(new Error("we don't serve your kind here: " + opts.domain)); - } - - // the primary domain for the cert - opts.subject = "example.com"; - // the altnames (including the primary) - opts.domains = [opts.subject, "*.example.com"]; - - if (!opts.challenges) { - opts.challenges = {}; - } - opts.challenges["http-01"] = require("le-challenge-fs").create({}); - // Note: When implementing a dns-01 plugin you should make it check in a loop - // until it can positively confirm that the DNS changes have propagated. - // That could take several seconds to a few minutes. - opts.challenges["dns-01"] = require("le-challenge-dns").create({}); - - // explicitly set account id and certificate.id - opts.account = { id: opts.email }; - opts.certificate = { id: opts.subject }; - - return Promise.resolve(opts); -}