[WIP] getting closer

This commit is contained in:
AJ ONeal 2019-03-28 02:51:07 -06:00
parent ffc95b4ddf
commit 1726e137b8
4 changed files with 33 additions and 29 deletions

View File

@ -688,7 +688,7 @@ function parseConfig(err, text) {
// Occassionally rotate the key just for the sake of testing the key rotation // Occassionally rotate the key just for the sake of testing the key rotation
return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) { return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) {
var nonce = resp.headers['replay-nonce']; var nonce = resp.headers['replay-nonce'];
var newAccountUrl = RC.resolve('/new-acct'); var newAccountUrl = RC.resolve('/acme/new-acct');
return keypairs.signJws({ return keypairs.signJws({
jwk: state.key jwk: state.key
, protected: { , protected: {
@ -706,10 +706,11 @@ function parseConfig(err, text) {
}).then(function (jws) { }).then(function (jws) {
return urequestAsync({ return urequestAsync({
url: newAccountUrl url: newAccountUrl
, json: jws , method: 'POST'
, json: jws // TODO default to post when body is present
, headers: { "Content-Type": 'application/jose+json' } , headers: { "Content-Type": 'application/jose+json' }
}).then(function (resp) { }).then(function (resp) {
console.log('resp.body:'); console.log(newAccountUrl, 'resp.body:');
console.log(resp.body); console.log(resp.body);
if (!resp.body || 'valid' !== resp.body.status) { if (!resp.body || 'valid' !== resp.body.status) {
throw new Error("did not successfully create or restore account"); throw new Error("did not successfully create or restore account");

View File

@ -394,25 +394,25 @@ controllers._issueNonce = function (req, res) {
var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64')); var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64'));
// TODO associate with a TLS session // TODO associate with a TLS session
controllers._nonces[nonce] = Date.now(); controllers._nonces[nonce] = Date.now();
res.headers.set("Replay-Nonce", nonce); res.setHeader("Replay-Nonce", nonce);
return nonce; return nonce;
}; };
controllers.newNonce = function (req, res) { controllers.newNonce = function (req, res) {
res.statusCode = 200; res.statusCode = 200;
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store"); res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
// TODO // TODO
//res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT"); //res.setHeader("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
// is this the expiration of the nonce itself? methinks maybe so // is this the expiration of the nonce itself? methinks maybe so
//res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT"); //res.setHeader("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
// TODO use one of the registered domains // TODO use one of the registered domains
//var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index" //var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index"
var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined); var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined);
var indexUrl = "http://localhost:" + port + "/index"; var indexUrl = "http://localhost:" + port + "/index";
res.headers.set("Link", "<" + indexUrl + ">;rel=\"index\""); res.setHeader("Link", "<" + indexUrl + ">;rel=\"index\"");
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store"); res.setHeader("Cache-Control", "max-age=0, no-cache, no-store");
res.headers.set("Pragma", "no-cache"); res.setHeader("Pragma", "no-cache");
//res.headers.set("Strict-Transport-Security", "max-age=604800"); //res.setHeader("Strict-Transport-Security", "max-age=604800");
res.headers.set("X-Frame-Options", "DENY"); res.setHeader("X-Frame-Options", "DENY");
res.end(""); res.end("");
}; };
@ -959,11 +959,11 @@ function handleApi() {
} }
// TODO turn strings into regexes to match beginnings // TODO turn strings into regexes to match beginnings
app.use('/.well-known/openid-configuration', function (req, res) { app.get('/.well-known/openid-configuration', function (req, res) {
res.headers.set("Access-Control-Allow-Headers", "Content-Type"); res.setHeader("Access-Control-Allow-Headers", "Content-Type");
res.headers.set("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Origin", "*");
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.headers.set("Access-Control-Max-Age", "86400"); res.setHeader("Access-Control-Max-Age", "86400");
if ('OPTIONS' === req.method) { res.end(); return; } if ('OPTIONS' === req.method) { res.end(); return; }
res.send({ res.send({
jwks_uri: 'http://localhost/.well-known/jwks.json' jwks_uri: 'http://localhost/.well-known/jwks.json'
@ -972,21 +972,22 @@ function handleApi() {
}); });
app.use('/acme', function acmeCors(req, res, next) { app.use('/acme', function acmeCors(req, res, next) {
// Taken from New-Nonce // Taken from New-Nonce
res.headers.set("Access-Control-Allow-Headers", "Content-Type"); res.setHeader("Access-Control-Allow-Headers", "Content-Type");
res.headers.set("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Origin", "*");
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.headers.set("Access-Control-Max-Age", "86400"); res.setHeader("Access-Control-Max-Age", "86400");
if ('OPTIONS' === req.method) { res.end(); return; } if ('OPTIONS' === req.method) { res.end(); return; }
next(); next();
}); });
app.use('/acme/directory', function (req, res) { app.get('/acme/directory', function (req, res) {
res.send({ res.send({
'new-nonce': '/acme/new-nonce' 'new-nonce': '/acme/new-nonce'
, 'new-account': '/acme/new-acct' , 'new-account': '/acme/new-acct'
}); });
}); });
app.use('/acme/new-nonce', controllers.newNonce); app.head('/acme/new-nonce', controllers.newNonce);
app.use('/acme/new-acct', controllers.newAccount); app.get('/acme/new-nonce', controllers.newNonce);
app.post('/acme/new-acct', controllers.newAccount);
app.use(/\b(relay)\b/, controllers.relay); app.use(/\b(relay)\b/, controllers.relay);
app.get(/\b(config)\b/, getConfigOnly); app.get(/\b(config)\b/, getConfigOnly);
app.use(/\b(init|config)\b/, initOrConfig); app.use(/\b(init|config)\b/, initOrConfig);
@ -1021,6 +1022,7 @@ function serveControlsHelper() {
app.use('/rpc/', apiHandler); app.use('/rpc/', apiHandler);
app.use('/api/', apiHandler); app.use('/api/', apiHandler);
app.use('/acme/', apiHandler);
app.use('/', serveStatic); app.use('/', serveStatic);
controlServer = http.createServer(app); controlServer = http.createServer(app);

View File

@ -33,11 +33,12 @@ module.exports = function eggspress() {
return; return;
} }
if (!req.url.match(todo[0])) { var urlstr = (req.url.replace(/\/$/, '') + '/');
if (!urlstr.match(todo[0])) {
//console.log("[eggspress] pattern doesn't match", todo[0], req.url); //console.log("[eggspress] pattern doesn't match", todo[0], req.url);
next(); next();
return; return;
} else if ('string' === typeof todo[0] && 0 !== req.url.match(todo[0]).index) { } else if ('string' === typeof todo[0] && 0 !== urlstr.match(todo[0]).index) {
//console.log("[eggspress] string pattern is not the start", todo[0], req.url); //console.log("[eggspress] string pattern is not the start", todo[0], req.url);
next(); next();
return; return;
@ -70,7 +71,7 @@ module.exports = function eggspress() {
app.use = function (pattern, fn) { app.use = function (pattern, fn) {
return app._use('', pattern, fn); return app._use('', pattern, fn);
}; };
[ 'GET', 'POST', 'DELETE' ].forEach(function (method) { [ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) {
app[method.toLowerCase()] = function (pattern, fn) { app[method.toLowerCase()] = function (pattern, fn) {
return app._use(method, pattern, fn); return app._use(method, pattern, fn);
}; };

View File

@ -74,7 +74,7 @@ module.exports.create = function (state) {
var RC = {}; var RC = {};
RC.resolve = function (pathstr) { RC.resolve = function (pathstr) {
// TODO use real hostname and return reqOpts rather than string? // TODO use real hostname and return reqOpts rather than string?
return 'http://localhost:' + RC.port({}).port.toString() + '/' + pathstr.replace(/^\//, ''); return 'http://localhost:' + (RC.port({}).port||'1').toString() + '/' + pathstr.replace(/^\//, '');
}; };
RC.port = function (reqOpts) { RC.port = function (reqOpts) {
var fs = require('fs'); var fs = require('fs');
@ -93,7 +93,7 @@ module.exports.create = function (state) {
} }
return reqOpts; return reqOpts;
}; };
RC.createErrorhandler = function (replay, opts, cb) { RC.createErrorHandler = function (replay, opts, cb) {
return function (err) { return function (err) {
// ENOENT - never started, cleanly exited last start, or creating socket at a different path // ENOENT - never started, cleanly exited last start, or creating socket at a different path
// ECONNREFUSED - leftover socket just needs to be restarted // ECONNREFUSED - leftover socket just needs to be restarted