acme.js/examples/server.js

175 lines
4.6 KiB
JavaScript
Raw Permalink Normal View History

2019-10-08 10:33:14 +00:00
'use strict';
var crypto = require('crypto');
//var dnsjs = require('dns-suite');
var dig = require('dig.js/dns-request');
var request = require('util').promisify(require('@root/request'));
var express = require('express');
var app = express();
var nameservers = require('dns').getServers();
var index = crypto.randomBytes(2).readUInt16BE(0) % nameservers.length;
var nameserver = nameservers[index];
app.use('/', express.static(__dirname));
app.use('/api', express.json());
2020-07-28 21:53:50 +00:00
app.get('/api/dns/:domain', function (req, res, next) {
2019-10-08 10:33:14 +00:00
var domain = req.params.domain;
var casedDomain = domain
.toLowerCase()
.split('')
2020-07-28 21:53:50 +00:00
.map(function (ch) {
2019-10-08 10:33:14 +00:00
// dns0x20 takes advantage of the fact that the binary operation for toUpperCase is
// ch = ch | 0x20;
return Math.round(Math.random()) % 2 ? ch : ch.toUpperCase();
})
.join('');
var typ = req.query.type;
var query = {
header: {
id: crypto.randomBytes(2).readUInt16BE(0),
qr: 0,
opcode: 0,
aa: 0, // Authoritative-Only
tc: 0, // NA
rd: 1, // Recurse
ra: 0, // NA
rcode: 0 // NA
},
question: [
{
name: casedDomain,
//, type: typ || 'A'
typeName: typ || 'A',
className: 'IN'
}
]
};
var opts = {
2020-07-28 21:53:50 +00:00
onError: function (err) {
2019-10-08 10:33:14 +00:00
next(err);
},
2020-07-28 21:53:50 +00:00
onMessage: function (packet) {
2019-10-08 10:33:14 +00:00
var fail0x20;
if (packet.id !== query.id) {
console.error(
"[SECURITY] ignoring packet for '" +
packet.question[0].name +
"' due to mismatched id"
);
console.error(packet);
return;
}
2020-07-28 21:53:50 +00:00
packet.question.forEach(function (q) {
2019-10-08 10:33:14 +00:00
// if (-1 === q.name.lastIndexOf(cli.casedQuery))
if (q.name !== casedDomain) {
fail0x20 = q.name;
}
});
2020-07-28 21:53:50 +00:00
['question', 'answer', 'authority', 'additional'].forEach(function (
2019-10-08 10:33:14 +00:00
group
) {
2020-07-28 21:53:50 +00:00
(packet[group] || []).forEach(function (a) {
2019-10-08 10:33:14 +00:00
var an = a.name;
var i = domain
.toLowerCase()
.lastIndexOf(a.name.toLowerCase()); // answer is something like ExAMPle.cOM and query was wWw.ExAMPle.cOM
var j = a.name
.toLowerCase()
.lastIndexOf(domain.toLowerCase()); // answer is something like www.ExAMPle.cOM and query was ExAMPle.cOM
// it's important to note that these should only relpace changes in casing that we expected
// any abnormalities should be left intact to go "huh?" about
// TODO detect abnormalities?
if (-1 !== i) {
// "EXamPLE.cOm".replace("wWw.EXamPLE.cOm".substr(4), "www.example.com".substr(4))
a.name = a.name.replace(
casedDomain.substr(i),
domain.substr(i)
);
} else if (-1 !== j) {
// "www.example.com".replace("EXamPLE.cOm", "example.com")
a.name =
a.name.substr(0, j) +
a.name.substr(j).replace(casedDomain, domain);
}
// NOTE: right now this assumes that anything matching the query matches all the way to the end
// it does not handle the case of a record for example.com.uk being returned in response to a query for www.example.com correctly
// (but I don't think it should need to)
if (a.name.length !== an.length) {
console.error(
"[ERROR] question / answer mismatch: '" +
an +
"' != '" +
a.length +
"'"
);
console.error(a);
}
});
});
if (fail0x20) {
console.warn(
";; Warning: DNS 0x20 security not implemented (or packet spoofed). Queried '" +
casedDomain +
"' but got response for '" +
fail0x20 +
"'."
);
return;
}
res.send({
header: packet.header,
question: packet.question,
answer: packet.answer,
authority: packet.authority,
additional: packet.additional,
edns_options: packet.edns_options
});
},
2020-07-28 21:53:50 +00:00
onListening: function () {},
onSent: function (/*res*/) {},
onTimeout: function (res) {
2019-10-08 10:33:14 +00:00
console.error('dns timeout:', res);
next(new Error('DNS timeout - no response'));
},
2020-07-28 21:53:50 +00:00
onClose: function () {},
2019-10-08 10:33:14 +00:00
//, mdns: cli.mdns
nameserver: nameserver,
port: 53,
timeout: 2000
};
dig.resolveJson(query, opts);
});
2020-07-28 21:53:50 +00:00
app.get('/api/http', function (req, res) {
2019-10-08 10:33:14 +00:00
var url = req.query.url;
2020-07-28 21:53:50 +00:00
return request({ method: 'GET', url: url }).then(function (resp) {
2019-10-08 10:33:14 +00:00
res.send(resp.body);
});
});
2020-07-28 21:53:50 +00:00
app.get('/api/_acme_api_', function (req, res) {
2019-10-08 10:33:14 +00:00
res.send({ success: true });
});
module.exports = app;
if (require.main === module) {
// curl -L http://localhost:3000/api/dns/example.com?type=A
console.info('Listening on localhost:3000');
app.listen(3000);
console.info('Try this:');
console.info("\tcurl -L 'http://localhost:3000/api/_acme_api_/'");
console.info(
"\tcurl -L 'http://localhost:3000/api/dns/example.com?type=A'"
);
console.info(
"\tcurl -L 'http://localhost:3000/api/http/?url=https://example.com'"
);
}