greenlock checks sni now
This commit is contained in:
parent
11e0db1f20
commit
aac54d63f2
|
@ -13,7 +13,8 @@ var fs = require('fs');
|
||||||
var finalhandler = require('finalhandler');
|
var finalhandler = require('finalhandler');
|
||||||
var serveStatic = require('serve-static');
|
var serveStatic = require('serve-static');
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
var hostnameRe = /^[a-z0-9][\.a-z0-9\-]+$/;
|
// Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
|
||||||
|
var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
|
||||||
|
|
||||||
//require('greenlock-express')
|
//require('greenlock-express')
|
||||||
require('../').create({
|
require('../').create({
|
||||||
|
@ -39,17 +40,13 @@ require('../').create({
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO could test for www/no-www both in directory and IP
|
// SECURITY Greenlock validates opts.domains ahead-of-time
|
||||||
var e;
|
|
||||||
var hostdir = path.join(srv, opts.domains[0]);
|
var hostdir = path.join(srv, opts.domains[0]);
|
||||||
if (!hostnameRe.test(opts.domains[0])) {
|
// TODO could test for www/no-www both in directory and IP
|
||||||
e = new Error("rejecting '" + opts.domains[0] + "' because it is not a valid domain name");
|
|
||||||
cb(e);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
fs.readdir(hostdir, function (err, nodes) {
|
fs.readdir(hostdir, function (err, nodes) {
|
||||||
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
|
var e;
|
||||||
if (err || !nodes) {
|
if (err || !nodes) {
|
||||||
|
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
|
||||||
console.error(err);
|
console.error(err);
|
||||||
console.error(e);
|
console.error(e);
|
||||||
cb(e);
|
cb(e);
|
||||||
|
@ -74,7 +71,7 @@ require('../').create({
|
||||||
, app: function (req, res) {
|
, app: function (req, res) {
|
||||||
console.log(req.headers.host);
|
console.log(req.headers.host);
|
||||||
var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
|
var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
|
||||||
// sanatize hostname to prevent unauthorized fs access
|
// SECURITY sanatize hostname to prevent unauthorized fs access
|
||||||
if (!hostnameRe.test(hostname)) {
|
if (!hostnameRe.test(hostname)) {
|
||||||
res.statusCode = 404;
|
res.statusCode = 404;
|
||||||
res.end('Bad Hostname');
|
res.end('Bad Hostname');
|
||||||
|
|
Loading…
Reference in New Issue