exposed a loopback test route in the api
This commit is contained in:
parent
caa7b343d4
commit
000d36e76a
|
@ -251,7 +251,7 @@ function run(args) {
|
|||
var cachedConfig;
|
||||
|
||||
cluster.on('message', function (worker, message) {
|
||||
if (message.type !== 'com.daplie.goldilocks.config-change') {
|
||||
if (message.type !== 'com.daplie.goldilocks/config') {
|
||||
return;
|
||||
}
|
||||
configStorage.save(message.changes)
|
||||
|
|
29
lib/app.js
29
lib/app.js
|
@ -86,35 +86,6 @@ module.exports = function (myDeps, conf, overrideHttp) {
|
|||
myDeps.storage = Object.assign({ owners: owners }, myDeps.storage);
|
||||
myDeps.recase = require('recase').create({});
|
||||
myDeps.request = request;
|
||||
myDeps.api = {
|
||||
// TODO move loopback to oauth3.api('tunnel:loopback')
|
||||
loopback: function (deps, session, opts2) {
|
||||
var crypto = require('crypto');
|
||||
var token = crypto.randomBytes(16).toString('hex');
|
||||
var keyAuthorization = crypto.randomBytes(16).toString('hex');
|
||||
var nonce = crypto.randomBytes(16).toString('hex');
|
||||
|
||||
// TODO set token and keyAuthorization to /.well-known/cloud-challenge/:token
|
||||
return request({
|
||||
method: 'POST'
|
||||
, url: 'https://oauth3.org/api/org.oauth3.tunnel/loopback'
|
||||
, json: {
|
||||
address: opts2.address
|
||||
, port: opts2.port
|
||||
, token: token
|
||||
, keyAuthorization: keyAuthorization
|
||||
, servername: opts2.servername
|
||||
, nonce: nonce
|
||||
, scheme: 'https'
|
||||
, iat: Date.now()
|
||||
}
|
||||
}).then(function (result) {
|
||||
// TODO this will always fail at the moment
|
||||
console.log('loopback result:');
|
||||
return result;
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
return require('../packages/apis/com.daplie.goldilocks').create(myDeps, conf);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
'use strict';
|
||||
|
||||
module.exports.create = function () {
|
||||
var PromiseA = require('bluebird');
|
||||
var request = PromiseA.promisify(require('request'));
|
||||
var pending = {};
|
||||
|
||||
function loopback(session, opts) {
|
||||
var crypto = require('crypto');
|
||||
var token = crypto.randomBytes(8).toString('hex');
|
||||
var keyAuth = crypto.randomBytes(32).toString('hex');
|
||||
pending[token] = keyAuth;
|
||||
|
||||
var host;
|
||||
if (!opts) {
|
||||
opts = session;
|
||||
host = 'api.oauth3.org';
|
||||
} else {
|
||||
host = 'api.' + ((session.token || {}).aud || 'oauth3.org');
|
||||
}
|
||||
|
||||
opts.token = token;
|
||||
opts.keyAuthorization = keyAuth;
|
||||
opts.iat = Date.now();
|
||||
|
||||
return request({
|
||||
method: 'POST'
|
||||
, url: 'https://'+host+'/api/org.oauth3.tunnel/loopback'
|
||||
, json: opts
|
||||
})
|
||||
.then(function (result) {
|
||||
if (result.body.error) {
|
||||
var err = new Error(result.body.error.message);
|
||||
return PromiseA.reject(Object.assign(err, result.body.error));
|
||||
}
|
||||
return result.body.success;
|
||||
});
|
||||
}
|
||||
|
||||
loopback.server = require('http').createServer(function (req, res) {
|
||||
var parsed = require('url').parse(req.url);
|
||||
var token = parsed.pathname.replace('/.well-known/cloud-challenge/', '');
|
||||
if (pending[token]) {
|
||||
res.setHeader('Content-Type', 'text/plain');
|
||||
res.end(pending[token]);
|
||||
} else {
|
||||
res.statusCode = 404;
|
||||
res.end();
|
||||
}
|
||||
});
|
||||
|
||||
return loopback;
|
||||
};
|
|
@ -64,7 +64,7 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
|||
}
|
||||
|
||||
function hostMatchesDomains(req, domains) {
|
||||
var host = separatePort((req.headers || req).host).host;
|
||||
var host = separatePort((req.headers || req).host).host.toLowerCase();
|
||||
|
||||
return domains.some(function (pattern) {
|
||||
return domainMatches(pattern, host);
|
||||
|
@ -170,6 +170,13 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
|||
return emitConnection(acmeServer, conn, opts);
|
||||
}
|
||||
|
||||
function checkLoopback(conn, opts, headers) {
|
||||
if (headers.url.indexOf('/.well-known/cloud-challenge/') !== 0) {
|
||||
return false;
|
||||
}
|
||||
return emitConnection(deps.loopback.server, conn, opts);
|
||||
}
|
||||
|
||||
var httpsRedirectServer;
|
||||
function checkHttps(conn, opts, headers) {
|
||||
if (conf.http.allowInsecure || conn.encrypted) {
|
||||
|
@ -398,6 +405,7 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
|||
parseHeaders(conn, opts)
|
||||
.then(function (headers) {
|
||||
if (checkAcme(conn, opts, headers)) { return; }
|
||||
if (checkLoopback(conn, opts, headers)) { return; }
|
||||
if (checkHttps(conn, opts, headers)) { return; }
|
||||
if (checkAdmin(conn, opts, headers)) { return; }
|
||||
|
||||
|
|
|
@ -164,18 +164,21 @@ module.exports.create = function (deps, config, netHandler) {
|
|||
var secureContexts = {};
|
||||
var terminatorOpts = require('localhost.daplie.me-certificates').merge({});
|
||||
terminatorOpts.SNICallback = function (sni, cb) {
|
||||
sni = sni.toLowerCase();
|
||||
console.log("[tlsOptions.SNICallback] SNI: '" + sni + "'");
|
||||
|
||||
var tlsOptions;
|
||||
|
||||
// Static Certs
|
||||
if (/.*localhost.*\.daplie\.me/.test(sni.toLowerCase())) {
|
||||
// TODO implement
|
||||
if (/\.invalid$/.test(sni)) {
|
||||
sni = 'localhost.daplie.me';
|
||||
}
|
||||
if (/.*localhost.*\.daplie\.me/.test(sni)) {
|
||||
if (!secureContexts[sni]) {
|
||||
tlsOptions = localhostCerts.mergeTlsOptions(sni, {});
|
||||
}
|
||||
if (tlsOptions) {
|
||||
secureContexts[sni] = tls.createSecureContext(tlsOptions);
|
||||
if (tlsOptions) {
|
||||
secureContexts[sni] = tls.createSecureContext(tlsOptions);
|
||||
}
|
||||
}
|
||||
if (secureContexts[sni]) {
|
||||
console.log('Got static secure context:', sni, secureContexts[sni]);
|
||||
|
|
|
@ -32,13 +32,14 @@ function create(conf) {
|
|||
config: {
|
||||
save: function (changes) {
|
||||
process.send({
|
||||
type: 'com.daplie.goldilocks.config-change'
|
||||
type: 'com.daplie.goldilocks/config'
|
||||
, changes: changes
|
||||
});
|
||||
}
|
||||
}
|
||||
};
|
||||
deps.socks5 = require('./socks5-server').create(deps, conf);
|
||||
deps.loopback = require('./loopback').create(deps, conf);
|
||||
|
||||
require('./goldilocks.js').create(deps, conf);
|
||||
process.removeListener('message', create);
|
||||
|
|
|
@ -10,8 +10,6 @@ module.exports.create = function (deps, conf) {
|
|||
inflate: true, limit: '100kb', reviver: null, strict: true /* type, verify */
|
||||
});
|
||||
|
||||
var api = deps.api;
|
||||
|
||||
/*
|
||||
var owners;
|
||||
deps.storage.owners.on('set', function (_owners) {
|
||||
|
@ -310,6 +308,22 @@ module.exports.create = function (deps, conf) {
|
|||
});
|
||||
});
|
||||
}
|
||||
, loopback: function (req, res) {
|
||||
if (handleCors(req, res, 'POST')) {
|
||||
return;
|
||||
}
|
||||
isAuthorized(req, res, function () {
|
||||
jsonParser(req, res, function () {
|
||||
res.setHeader('Content-Type', 'application/json');
|
||||
deps.loopback(req.body)
|
||||
.then(function (success) {
|
||||
res.end(JSON.stringify({error: null, success: success}));
|
||||
}, function (err) {
|
||||
res.end(JSON.stringify({error: {message: err.message, code: err.code}}))
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
, paywall_check: function (req, res) {
|
||||
if (handleCors(req, res, 'GET')) {
|
||||
return;
|
||||
|
@ -352,6 +366,5 @@ module.exports.create = function (deps, conf) {
|
|||
});
|
||||
});
|
||||
}
|
||||
, _api: api
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue