[WIP] getting closer
This commit is contained in:
parent
ffc95b4ddf
commit
1726e137b8
|
@ -688,7 +688,7 @@ function parseConfig(err, text) {
|
||||||
// Occassionally rotate the key just for the sake of testing the key rotation
|
// Occassionally rotate the key just for the sake of testing the key rotation
|
||||||
return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) {
|
return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) {
|
||||||
var nonce = resp.headers['replay-nonce'];
|
var nonce = resp.headers['replay-nonce'];
|
||||||
var newAccountUrl = RC.resolve('/new-acct');
|
var newAccountUrl = RC.resolve('/acme/new-acct');
|
||||||
return keypairs.signJws({
|
return keypairs.signJws({
|
||||||
jwk: state.key
|
jwk: state.key
|
||||||
, protected: {
|
, protected: {
|
||||||
|
@ -706,10 +706,11 @@ function parseConfig(err, text) {
|
||||||
}).then(function (jws) {
|
}).then(function (jws) {
|
||||||
return urequestAsync({
|
return urequestAsync({
|
||||||
url: newAccountUrl
|
url: newAccountUrl
|
||||||
, json: jws
|
, method: 'POST'
|
||||||
|
, json: jws // TODO default to post when body is present
|
||||||
, headers: { "Content-Type": 'application/jose+json' }
|
, headers: { "Content-Type": 'application/jose+json' }
|
||||||
}).then(function (resp) {
|
}).then(function (resp) {
|
||||||
console.log('resp.body:');
|
console.log(newAccountUrl, 'resp.body:');
|
||||||
console.log(resp.body);
|
console.log(resp.body);
|
||||||
if (!resp.body || 'valid' !== resp.body.status) {
|
if (!resp.body || 'valid' !== resp.body.status) {
|
||||||
throw new Error("did not successfully create or restore account");
|
throw new Error("did not successfully create or restore account");
|
||||||
|
|
|
@ -394,25 +394,25 @@ controllers._issueNonce = function (req, res) {
|
||||||
var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64'));
|
var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64'));
|
||||||
// TODO associate with a TLS session
|
// TODO associate with a TLS session
|
||||||
controllers._nonces[nonce] = Date.now();
|
controllers._nonces[nonce] = Date.now();
|
||||||
res.headers.set("Replay-Nonce", nonce);
|
res.setHeader("Replay-Nonce", nonce);
|
||||||
return nonce;
|
return nonce;
|
||||||
};
|
};
|
||||||
controllers.newNonce = function (req, res) {
|
controllers.newNonce = function (req, res) {
|
||||||
res.statusCode = 200;
|
res.statusCode = 200;
|
||||||
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store");
|
res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
|
||||||
// TODO
|
// TODO
|
||||||
//res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
|
//res.setHeader("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
|
||||||
// is this the expiration of the nonce itself? methinks maybe so
|
// is this the expiration of the nonce itself? methinks maybe so
|
||||||
//res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
|
//res.setHeader("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
|
||||||
// TODO use one of the registered domains
|
// TODO use one of the registered domains
|
||||||
//var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index"
|
//var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index"
|
||||||
var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined);
|
var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined);
|
||||||
var indexUrl = "http://localhost:" + port + "/index";
|
var indexUrl = "http://localhost:" + port + "/index";
|
||||||
res.headers.set("Link", "<" + indexUrl + ">;rel=\"index\"");
|
res.setHeader("Link", "<" + indexUrl + ">;rel=\"index\"");
|
||||||
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store");
|
res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
|
||||||
res.headers.set("Pragma", "no-cache");
|
res.setHeader("Pragma", "no-cache");
|
||||||
//res.headers.set("Strict-Transport-Security", "max-age=604800");
|
//res.setHeader("Strict-Transport-Security", "max-age=604800");
|
||||||
res.headers.set("X-Frame-Options", "DENY");
|
res.setHeader("X-Frame-Options", "DENY");
|
||||||
|
|
||||||
res.end("");
|
res.end("");
|
||||||
};
|
};
|
||||||
|
@ -959,11 +959,11 @@ function handleApi() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO turn strings into regexes to match beginnings
|
// TODO turn strings into regexes to match beginnings
|
||||||
app.use('/.well-known/openid-configuration', function (req, res) {
|
app.get('/.well-known/openid-configuration', function (req, res) {
|
||||||
res.headers.set("Access-Control-Allow-Headers", "Content-Type");
|
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
|
||||||
res.headers.set("Access-Control-Allow-Origin", "*");
|
res.setHeader("Access-Control-Allow-Origin", "*");
|
||||||
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
|
res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
|
||||||
res.headers.set("Access-Control-Max-Age", "86400");
|
res.setHeader("Access-Control-Max-Age", "86400");
|
||||||
if ('OPTIONS' === req.method) { res.end(); return; }
|
if ('OPTIONS' === req.method) { res.end(); return; }
|
||||||
res.send({
|
res.send({
|
||||||
jwks_uri: 'http://localhost/.well-known/jwks.json'
|
jwks_uri: 'http://localhost/.well-known/jwks.json'
|
||||||
|
@ -972,21 +972,22 @@ function handleApi() {
|
||||||
});
|
});
|
||||||
app.use('/acme', function acmeCors(req, res, next) {
|
app.use('/acme', function acmeCors(req, res, next) {
|
||||||
// Taken from New-Nonce
|
// Taken from New-Nonce
|
||||||
res.headers.set("Access-Control-Allow-Headers", "Content-Type");
|
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
|
||||||
res.headers.set("Access-Control-Allow-Origin", "*");
|
res.setHeader("Access-Control-Allow-Origin", "*");
|
||||||
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
|
res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
|
||||||
res.headers.set("Access-Control-Max-Age", "86400");
|
res.setHeader("Access-Control-Max-Age", "86400");
|
||||||
if ('OPTIONS' === req.method) { res.end(); return; }
|
if ('OPTIONS' === req.method) { res.end(); return; }
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
app.use('/acme/directory', function (req, res) {
|
app.get('/acme/directory', function (req, res) {
|
||||||
res.send({
|
res.send({
|
||||||
'new-nonce': '/acme/new-nonce'
|
'new-nonce': '/acme/new-nonce'
|
||||||
, 'new-account': '/acme/new-acct'
|
, 'new-account': '/acme/new-acct'
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
app.use('/acme/new-nonce', controllers.newNonce);
|
app.head('/acme/new-nonce', controllers.newNonce);
|
||||||
app.use('/acme/new-acct', controllers.newAccount);
|
app.get('/acme/new-nonce', controllers.newNonce);
|
||||||
|
app.post('/acme/new-acct', controllers.newAccount);
|
||||||
app.use(/\b(relay)\b/, controllers.relay);
|
app.use(/\b(relay)\b/, controllers.relay);
|
||||||
app.get(/\b(config)\b/, getConfigOnly);
|
app.get(/\b(config)\b/, getConfigOnly);
|
||||||
app.use(/\b(init|config)\b/, initOrConfig);
|
app.use(/\b(init|config)\b/, initOrConfig);
|
||||||
|
@ -1021,6 +1022,7 @@ function serveControlsHelper() {
|
||||||
|
|
||||||
app.use('/rpc/', apiHandler);
|
app.use('/rpc/', apiHandler);
|
||||||
app.use('/api/', apiHandler);
|
app.use('/api/', apiHandler);
|
||||||
|
app.use('/acme/', apiHandler);
|
||||||
app.use('/', serveStatic);
|
app.use('/', serveStatic);
|
||||||
|
|
||||||
controlServer = http.createServer(app);
|
controlServer = http.createServer(app);
|
||||||
|
|
|
@ -33,11 +33,12 @@ module.exports = function eggspress() {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!req.url.match(todo[0])) {
|
var urlstr = (req.url.replace(/\/$/, '') + '/');
|
||||||
|
if (!urlstr.match(todo[0])) {
|
||||||
//console.log("[eggspress] pattern doesn't match", todo[0], req.url);
|
//console.log("[eggspress] pattern doesn't match", todo[0], req.url);
|
||||||
next();
|
next();
|
||||||
return;
|
return;
|
||||||
} else if ('string' === typeof todo[0] && 0 !== req.url.match(todo[0]).index) {
|
} else if ('string' === typeof todo[0] && 0 !== urlstr.match(todo[0]).index) {
|
||||||
//console.log("[eggspress] string pattern is not the start", todo[0], req.url);
|
//console.log("[eggspress] string pattern is not the start", todo[0], req.url);
|
||||||
next();
|
next();
|
||||||
return;
|
return;
|
||||||
|
@ -70,7 +71,7 @@ module.exports = function eggspress() {
|
||||||
app.use = function (pattern, fn) {
|
app.use = function (pattern, fn) {
|
||||||
return app._use('', pattern, fn);
|
return app._use('', pattern, fn);
|
||||||
};
|
};
|
||||||
[ 'GET', 'POST', 'DELETE' ].forEach(function (method) {
|
[ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) {
|
||||||
app[method.toLowerCase()] = function (pattern, fn) {
|
app[method.toLowerCase()] = function (pattern, fn) {
|
||||||
return app._use(method, pattern, fn);
|
return app._use(method, pattern, fn);
|
||||||
};
|
};
|
||||||
|
|
|
@ -74,7 +74,7 @@ module.exports.create = function (state) {
|
||||||
var RC = {};
|
var RC = {};
|
||||||
RC.resolve = function (pathstr) {
|
RC.resolve = function (pathstr) {
|
||||||
// TODO use real hostname and return reqOpts rather than string?
|
// TODO use real hostname and return reqOpts rather than string?
|
||||||
return 'http://localhost:' + RC.port({}).port.toString() + '/' + pathstr.replace(/^\//, '');
|
return 'http://localhost:' + (RC.port({}).port||'1').toString() + '/' + pathstr.replace(/^\//, '');
|
||||||
};
|
};
|
||||||
RC.port = function (reqOpts) {
|
RC.port = function (reqOpts) {
|
||||||
var fs = require('fs');
|
var fs = require('fs');
|
||||||
|
@ -93,7 +93,7 @@ module.exports.create = function (state) {
|
||||||
}
|
}
|
||||||
return reqOpts;
|
return reqOpts;
|
||||||
};
|
};
|
||||||
RC.createErrorhandler = function (replay, opts, cb) {
|
RC.createErrorHandler = function (replay, opts, cb) {
|
||||||
return function (err) {
|
return function (err) {
|
||||||
// ENOENT - never started, cleanly exited last start, or creating socket at a different path
|
// ENOENT - never started, cleanly exited last start, or creating socket at a different path
|
||||||
// ECONNREFUSED - leftover socket just needs to be restarted
|
// ECONNREFUSED - leftover socket just needs to be restarted
|
||||||
|
|
Loading…
Reference in New Issue