From 781a735146c5bf4d2e5b4e79bd849dddb76ae828 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Mon, 17 Sep 2018 01:16:27 -0600
Subject: [PATCH] v2.4.3: security notices separate from community notices

---
 README.md        |  5 ++++-
 lib/community.js | 22 ++++++++++++++++++----
 lib/core.js      | 10 ++++++----
 package.json     |  2 +-
 4 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 55168d4..ab3000f 100644
--- a/README.md
+++ b/README.md
@@ -162,7 +162,8 @@ var greenlock = require('greenlock').create({
 
 , email: 'user@example.com'           // IMPORTANT: Change email and domains
 , agreeTos: true                      // Accept Let's Encrypt v2 Agreement
-, communityMember: true               // Optionally get important greenlock updates (security, api changes, etc)
+, communityMember: true               // Get (rare) non-mandatory updates about cool greenlock-related stuff (default false)
+, securityUpdates: true               // Important and mandatory notices related to security or breaking API changes (default true)
 
 , approveDomains: approveDomains
 });
@@ -530,6 +531,8 @@ See https://git.coolaj86.com/coolaj86/le-challenge-fs.js
 
 Change History
 ==============
+* v2.4
+  * v2.4.3 - add security updates (default true) independent of community updates (default false)
 * v2.2 - Let's Encrypt v2 Support
   * v2.2.11 - documentation updates
   * v2.2.10 - don't let SNICallback swallow approveDomains errors 6286883fc2a6ebfff711a540a2e4d92f3ac2907c
diff --git a/lib/community.js b/lib/community.js
index 83ee9e4..b129c32 100644
--- a/lib/community.js
+++ b/lib/community.js
@@ -1,6 +1,6 @@
 'use strict';
 
-function addCommunityMember(pkg, email, domains) {
+function addCommunityMember(pkg, action, email, domains, communityMember) {
   setTimeout(function () {
     var https = require('https');
     var req = https.request({
@@ -15,15 +15,29 @@ function addCommunityMember(pkg, email, domains) {
       if (err) { return; }
       resp.on('data', function () {});
     });
-    req.write(JSON.stringify({
+    var data = {
       address: email
-    , comment: (pkg || 'community') + '  member w/ ' + (domains||[]).map(function (d) {
+      // greenlock-security is transactional and security only
+    , list: communityMember ? (pkg + '@ppl.family') : 'greenlock-security@ppl.family'
+    , action: action // reg | renew
+    , package: pkg
+      // hashed for privacy, but so we can still get some telemetry and inform users
+      // if abnormal things are happening (like several registrations for the same domain each day)
+    , domain: (domains||[]).map(function (d) {
         return require('crypto').createHash('sha1').update(d).digest('base64')
           .replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '');
       }).join(',')
-    }));
+    };
+    console.log(JSON.stringify(data, 2, null));
+    req.write(JSON.stringify(data, 2, null));
     req.end();
   }, 50);
 }
 
 module.exports.add = addCommunityMember;
+
+if (require.main === module) {
+  //addCommunityMember('greenlock-express.js', 'reg', 'coolaj86+test42@gmail.com', ['coolaj86.com'], true);
+  //addCommunityMember('greenlock.js', 'reg', 'coolaj86+test37@gmail.com', ['oneal.im'], false);
+  //addCommunityMember('greenlock.js', 'reg', 'coolaj86+test11@gmail.com', ['ppl.family'], true);
+}
diff --git a/lib/core.js b/lib/core.js
index 9ba2066..1cdd8c1 100644
--- a/lib/core.js
+++ b/lib/core.js
@@ -407,9 +407,10 @@ module.exports.create = function (gl) {
         return core.certificates.checkAsync(args).then(function (certs) {
           if (!certs) {
             // There is no cert available
-            if (args.communityMember && !args._communityMemberAdded) {
+            if (false !== args.securityUpdates && !args._communityMemberAdded) {
               try {
-                require('./community').add(args._communityPackage + ' reg', args.email, args.domains);
+                // We will notify all greenlock users of mandatory and security updates
+                require('./community').add(args._communityPackage, 'reg', args.email, args.domains, args.communityMember);
               } catch(e) { /* ignore */ }
               args._communityMemberAdded = true;
             }
@@ -418,9 +419,10 @@ module.exports.create = function (gl) {
 
           if (core.certificates._isRenewable(args, certs)) {
             // it's time to renew the available cert
-            if (args.communityMember && !args._communityMemberAdded) {
+            if (false !== args.securityUpdates && !args._communityMemberAdded) {
               try {
-                require('./community').add(args._communityPackage + ' renew', args.email, args.domains);
+                // We will notify all greenlock users of mandatory and security updates
+                require('./community').add(args._communityPackage, 'renew', args.email, args.domains, args.communityMember);
               } catch(e) { /* ignore */ }
               args._communityMemberAdded = true;
             }
diff --git a/package.json b/package.json
index 5fe8ca7..030545d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "greenlock",
-  "version": "2.4.2",
+  "version": "2.4.3",
   "description": "Let's Encrypt for node.js on npm",
   "main": "index.js",
   "files": [