v2.3.10: add utility fn for sanitizing hostnames, reduce buzzwords, drop old deps

2018-08-16 19:55:02 -06:00 · 2018-08-16 19:55:02 -06:00 · 282f748e77
parent 20e8d09219
commit 282f748e77
2 changed files with 32 additions and 19 deletions
--- a/index.js
+++ b/index.js
@ -481,5 +481,34 @@ Greenlock.create = function (gl) {
    gl.middleware = gl.middleware.create(gl);
  }

+  //var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/;
+  var SERVERNAME_G = /[^a-z0-9\.\-_]/;
+  gl.middleware.sanitizeHost = function (req, res, next) {
+    // Get the host:port combo, if it exists
+    var host = (req.headers.host||'').split(':');
+
+    // if not, move along
+    if (!host[0]) { next(req, res); return; }
+
+    // if so, remove non-allowed characters
+    var safehost = host[0].replace(SERVERNAME_G, '');
+
+    // if there were unallowed characters, complain
+    if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) {
+      res.statusCode = 400;
+      res.end("Malformed HTTP Header: 'Host: " + host[0] + "'");
+      return;
+    }
+
+    // make lowercase
+    if (!gl.__sni_preserve_case) {
+      host[0] = host[0].toLowerCase();
+      req.headers.host = host.join(':');
+    }
+
+    // carry on
+    next(req, res);
+  };
+
  return gl;
 };
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "greenlock",
-  "version": "2.3.9",
+  "version": "2.3.10",
  "description": "Let's Encrypt for node.js on npm",
  "main": "index.js",
  "files": [
@ -18,25 +18,12 @@
    "letsencrypt",
    "ACME",
    "v2",
-    "v02",
-    "draft-11",
-    "draft-12",
    "auto-sni",
-    "draft",
-    "11",
-    "12",
    "Free SSL",
    "Automated HTTPS",
    "tls",
    "https",
-    "Greenlock",
-    "letsencrypt.org",
-    "le",
-    "le.js",
-    "node",
-    "nodejs",
-    "node.js",
-    "client"
+    "Greenlock"
  ],
  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
  "license": "(MIT OR Apache-2.0)",
@ -55,13 +42,10 @@
  "dependencies": {
    "acme": "^1.0.6",
    "acme-v2": "^1.2.0",
-    "asn1js": "^1.2.12",
-    "certpem": "^1.0.0",
+    "certpem": "^1.1.0",
    "le-challenge-fs": "^2.0.2",
    "le-sni-auto": "^2.1.3",
    "le-store-certbot": "^2.1.7",
-    "node.extend": "^1.1.5",
-    "pkijs": "^1.3.27",
    "rsa-compat": "^1.5.0"
  },
  "engines": {