[WIP] getting closer

This commit is contained in:
AJ ONeal 2019-03-28 02:51:07 -06:00
parent ffc95b4ddf
commit 1726e137b8
4 changed files with 33 additions and 29 deletions

View File

@ -688,7 +688,7 @@ function parseConfig(err, text) {
// Occassionally rotate the key just for the sake of testing the key rotation
return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) {
var nonce = resp.headers['replay-nonce'];
var newAccountUrl = RC.resolve('/new-acct');
var newAccountUrl = RC.resolve('/acme/new-acct');
return keypairs.signJws({
jwk: state.key
, protected: {
@ -706,10 +706,11 @@ function parseConfig(err, text) {
}).then(function (jws) {
return urequestAsync({
url: newAccountUrl
, json: jws
, method: 'POST'
, json: jws // TODO default to post when body is present
, headers: { "Content-Type": 'application/jose+json' }
}).then(function (resp) {
console.log('resp.body:');
console.log(newAccountUrl, 'resp.body:');
console.log(resp.body);
if (!resp.body || 'valid' !== resp.body.status) {
throw new Error("did not successfully create or restore account");

View File

@ -394,25 +394,25 @@ controllers._issueNonce = function (req, res) {
var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64'));
// TODO associate with a TLS session
controllers._nonces[nonce] = Date.now();
res.headers.set("Replay-Nonce", nonce);
res.setHeader("Replay-Nonce", nonce);
return nonce;
};
controllers.newNonce = function (req, res) {
res.statusCode = 200;
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store");
res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
// TODO
//res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
//res.setHeader("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
// is this the expiration of the nonce itself? methinks maybe so
//res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
//res.setHeader("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
// TODO use one of the registered domains
//var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index"
var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined);
var indexUrl = "http://localhost:" + port + "/index";
res.headers.set("Link", "<" + indexUrl + ">;rel=\"index\"");
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store");
res.headers.set("Pragma", "no-cache");
//res.headers.set("Strict-Transport-Security", "max-age=604800");
res.headers.set("X-Frame-Options", "DENY");
res.setHeader("Link", "<" + indexUrl + ">;rel=\"index\"");
res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
res.setHeader("Pragma", "no-cache");
//res.setHeader("Strict-Transport-Security", "max-age=604800");
res.setHeader("X-Frame-Options", "DENY");
res.end("");
};
@ -959,11 +959,11 @@ function handleApi() {
}
// TODO turn strings into regexes to match beginnings
app.use('/.well-known/openid-configuration', function (req, res) {
res.headers.set("Access-Control-Allow-Headers", "Content-Type");
res.headers.set("Access-Control-Allow-Origin", "*");
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.headers.set("Access-Control-Max-Age", "86400");
app.get('/.well-known/openid-configuration', function (req, res) {
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.setHeader("Access-Control-Max-Age", "86400");
if ('OPTIONS' === req.method) { res.end(); return; }
res.send({
jwks_uri: 'http://localhost/.well-known/jwks.json'
@ -972,21 +972,22 @@ function handleApi() {
});
app.use('/acme', function acmeCors(req, res, next) {
// Taken from New-Nonce
res.headers.set("Access-Control-Allow-Headers", "Content-Type");
res.headers.set("Access-Control-Allow-Origin", "*");
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.headers.set("Access-Control-Max-Age", "86400");
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.setHeader("Access-Control-Max-Age", "86400");
if ('OPTIONS' === req.method) { res.end(); return; }
next();
});
app.use('/acme/directory', function (req, res) {
app.get('/acme/directory', function (req, res) {
res.send({
'new-nonce': '/acme/new-nonce'
, 'new-account': '/acme/new-acct'
});
});
app.use('/acme/new-nonce', controllers.newNonce);
app.use('/acme/new-acct', controllers.newAccount);
app.head('/acme/new-nonce', controllers.newNonce);
app.get('/acme/new-nonce', controllers.newNonce);
app.post('/acme/new-acct', controllers.newAccount);
app.use(/\b(relay)\b/, controllers.relay);
app.get(/\b(config)\b/, getConfigOnly);
app.use(/\b(init|config)\b/, initOrConfig);
@ -1021,6 +1022,7 @@ function serveControlsHelper() {
app.use('/rpc/', apiHandler);
app.use('/api/', apiHandler);
app.use('/acme/', apiHandler);
app.use('/', serveStatic);
controlServer = http.createServer(app);

View File

@ -33,11 +33,12 @@ module.exports = function eggspress() {
return;
}
if (!req.url.match(todo[0])) {
var urlstr = (req.url.replace(/\/$/, '') + '/');
if (!urlstr.match(todo[0])) {
//console.log("[eggspress] pattern doesn't match", todo[0], req.url);
next();
return;
} else if ('string' === typeof todo[0] && 0 !== req.url.match(todo[0]).index) {
} else if ('string' === typeof todo[0] && 0 !== urlstr.match(todo[0]).index) {
//console.log("[eggspress] string pattern is not the start", todo[0], req.url);
next();
return;
@ -70,7 +71,7 @@ module.exports = function eggspress() {
app.use = function (pattern, fn) {
return app._use('', pattern, fn);
};
[ 'GET', 'POST', 'DELETE' ].forEach(function (method) {
[ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) {
app[method.toLowerCase()] = function (pattern, fn) {
return app._use(method, pattern, fn);
};

View File

@ -74,7 +74,7 @@ module.exports.create = function (state) {
var RC = {};
RC.resolve = function (pathstr) {
// TODO use real hostname and return reqOpts rather than string?
return 'http://localhost:' + RC.port({}).port.toString() + '/' + pathstr.replace(/^\//, '');
return 'http://localhost:' + (RC.port({}).port||'1').toString() + '/' + pathstr.replace(/^\//, '');
};
RC.port = function (reqOpts) {
var fs = require('fs');
@ -93,7 +93,7 @@ module.exports.create = function (state) {
}
return reqOpts;
};
RC.createErrorhandler = function (replay, opts, cb) {
RC.createErrorHandler = function (replay, opts, cb) {
return function (err) {
// ENOENT - never started, cleanly exited last start, or creating socket at a different path
// ECONNREFUSED - leftover socket just needs to be restarted