made testable and tested server example

This commit is contained in:
AJ ONeal 2019-06-26 22:49:44 -06:00
parent c73ad565a3
commit 778416d49b
1 changed files with 31 additions and 15 deletions

View File

@ -50,10 +50,12 @@ var glx = require("./").create({
store: require("greenlock-store-fs") store: require("greenlock-store-fs")
}); });
if (require.main === module) {
var server = glx.listen(80, 443); var server = glx.listen(80, 443);
server.on("listening", function() { server.on("listening", function() {
console.info(server.type + " listening on", server.address()); console.info(server.type + " listening on", server.address());
}); });
}
function myApproveDomains(opts) { function myApproveDomains(opts) {
console.info("SNI:", opts.domain); console.info("SNI:", opts.domain);
@ -62,14 +64,26 @@ function myApproveDomains(opts) {
// SECURITY Greenlock validates opts.domains ahead-of-time so you don't have to // SECURITY Greenlock validates opts.domains ahead-of-time so you don't have to
var domains = []; var domains = [];
var domain = opts.domain.replace(/^(www|api)\./, ""); var original = opts.domain;
return checkWwws(domain) var bare = original.replace(/^(www|api)\./, "");
// The goal here is to support both bare and www domains
//
// dns:example.com + fs:www.example.com => both
// dns:www.example.com + fs:example.com => both
//
// dns:api.example.com + fs:www.example.com => www.example.com
// dns:api.example.com + fs:example.com => example.com
//
// dns:example.com + fs:example.com => example.com
// dns:www.example.com + fs:www.example.com => www.example.com
//
return checkWwws(bare)
.then(function(hostname) { .then(function(hostname) {
// this is either example.com or www.example.com // hostname is either example.com or www.example.com
domains.push(hostname); domains.push(hostname);
if ("api." + domain !== opts.domain) { if ("api." + bare !== original) {
if (!domains.includes(opts.domain)) { if (!domains.includes(original)) {
domains.push(opts.domain); domains.push(original);
} }
} }
}) })
@ -79,10 +93,7 @@ function myApproveDomains(opts) {
}) })
.then(function() { .then(function() {
// check for api prefix // check for api prefix
var apiname = domain; var apiname = "api." + bare;
if (domains.length) {
apiname = "api." + domain;
}
return checkApi(apiname) return checkApi(apiname)
.then(function(app) { .then(function(app) {
if (!app) { if (!app) {
@ -95,7 +106,9 @@ function myApproveDomains(opts) {
}); });
}) })
.then(function() { .then(function() {
if (0 === domains.length) { // It's possible that example.com could have been requested,
// and not found, but api.example.com was found
if (!domains.includes(original)) {
return Promise.reject(new Error("no bare, www., or api. domain matching '" + opts.domain + "'")); return Promise.reject(new Error("no bare, www., or api. domain matching '" + opts.domain + "'"));
} }
@ -129,6 +142,7 @@ function myApproveDomains(opts) {
return Promise.resolve(opts); return Promise.resolve(opts);
}); });
} }
exports.myApproveDomains = myApproveDomains;
function checkApi(hostname) { function checkApi(hostname) {
var apipath = path.join(config.api, hostname); var apipath = path.join(config.api, hostname);
@ -153,6 +167,7 @@ function checkApi(hostname) {
throw new Error("rejecting '" + hostname + "' because '" + apipath + link + "' failed at require()"); throw new Error("rejecting '" + hostname + "' because '" + apipath + link + "' failed at require()");
}); });
} }
exports.checkApi = checkApi;
function checkWwws(_hostname) { function checkWwws(_hostname) {
if (!_hostname) { if (!_hostname) {
@ -192,6 +207,7 @@ function checkWwws(_hostname) {
throw new Error("rejecting '" + _hostname + "' because '" + hostdir + "' could not be read"); throw new Error("rejecting '" + _hostname + "' because '" + hostdir + "' could not be read");
}); });
} }
exports.checkWwws = checkWwws;
function myVhostApp(req, res) { function myVhostApp(req, res) {
// SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access so you don't have to // SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access so you don't have to