From 1726e137b81e4e25080ad769dbcf855098ffbd2d Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 28 Mar 2019 02:51:07 -0600 Subject: [PATCH] [WIP] getting closer --- bin/telebit-remote.js | 7 ++++--- bin/telebitd.js | 44 ++++++++++++++++++++++--------------------- lib/eggspress.js | 7 ++++--- lib/rc/index.js | 4 ++-- 4 files changed, 33 insertions(+), 29 deletions(-) diff --git a/bin/telebit-remote.js b/bin/telebit-remote.js index bbff336..f54e0fd 100755 --- a/bin/telebit-remote.js +++ b/bin/telebit-remote.js @@ -688,7 +688,7 @@ function parseConfig(err, text) { // Occassionally rotate the key just for the sake of testing the key rotation return urequestAsync({ method: 'HEAD', url: RC.resolve('/acme/new-nonce') }).then(function (resp) { var nonce = resp.headers['replay-nonce']; - var newAccountUrl = RC.resolve('/new-acct'); + var newAccountUrl = RC.resolve('/acme/new-acct'); return keypairs.signJws({ jwk: state.key , protected: { @@ -706,10 +706,11 @@ function parseConfig(err, text) { }).then(function (jws) { return urequestAsync({ url: newAccountUrl - , json: jws + , method: 'POST' + , json: jws // TODO default to post when body is present , headers: { "Content-Type": 'application/jose+json' } }).then(function (resp) { - console.log('resp.body:'); + console.log(newAccountUrl, 'resp.body:'); console.log(resp.body); if (!resp.body || 'valid' !== resp.body.status) { throw new Error("did not successfully create or restore account"); diff --git a/bin/telebitd.js b/bin/telebitd.js index 646c1a8..169243b 100755 --- a/bin/telebitd.js +++ b/bin/telebitd.js @@ -394,25 +394,25 @@ controllers._issueNonce = function (req, res) { var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64')); // TODO associate with a TLS session controllers._nonces[nonce] = Date.now(); - res.headers.set("Replay-Nonce", nonce); + res.setHeader("Replay-Nonce", nonce); return nonce; }; controllers.newNonce = function (req, res) { res.statusCode = 200; - res.headers.set("Cache-Control", "max-age=0, no-cache, no-store"); + res.setHeader("Cache-Control", "max-age=0, no-cache, no-store"); // TODO - //res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT"); + //res.setHeader("Date", "Sun, 10 Mar 2019 08:04:45 GMT"); // is this the expiration of the nonce itself? methinks maybe so - //res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT"); + //res.setHeader("Expires", "Sun, 10 Mar 2019 08:04:45 GMT"); // TODO use one of the registered domains //var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index" var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined); var indexUrl = "http://localhost:" + port + "/index"; - res.headers.set("Link", "<" + indexUrl + ">;rel=\"index\""); - res.headers.set("Cache-Control", "max-age=0, no-cache, no-store"); - res.headers.set("Pragma", "no-cache"); - //res.headers.set("Strict-Transport-Security", "max-age=604800"); - res.headers.set("X-Frame-Options", "DENY"); + res.setHeader("Link", "<" + indexUrl + ">;rel=\"index\""); + res.setHeader("Cache-Control", "max-age=0, no-cache, no-store"); + res.setHeader("Pragma", "no-cache"); + //res.setHeader("Strict-Transport-Security", "max-age=604800"); + res.setHeader("X-Frame-Options", "DENY"); res.end(""); }; @@ -959,11 +959,11 @@ function handleApi() { } // TODO turn strings into regexes to match beginnings - app.use('/.well-known/openid-configuration', function (req, res) { - res.headers.set("Access-Control-Allow-Headers", "Content-Type"); - res.headers.set("Access-Control-Allow-Origin", "*"); - res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); - res.headers.set("Access-Control-Max-Age", "86400"); + app.get('/.well-known/openid-configuration', function (req, res) { + res.setHeader("Access-Control-Allow-Headers", "Content-Type"); + res.setHeader("Access-Control-Allow-Origin", "*"); + res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); + res.setHeader("Access-Control-Max-Age", "86400"); if ('OPTIONS' === req.method) { res.end(); return; } res.send({ jwks_uri: 'http://localhost/.well-known/jwks.json' @@ -972,21 +972,22 @@ function handleApi() { }); app.use('/acme', function acmeCors(req, res, next) { // Taken from New-Nonce - res.headers.set("Access-Control-Allow-Headers", "Content-Type"); - res.headers.set("Access-Control-Allow-Origin", "*"); - res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); - res.headers.set("Access-Control-Max-Age", "86400"); + res.setHeader("Access-Control-Allow-Headers", "Content-Type"); + res.setHeader("Access-Control-Allow-Origin", "*"); + res.setHeader("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); + res.setHeader("Access-Control-Max-Age", "86400"); if ('OPTIONS' === req.method) { res.end(); return; } next(); }); - app.use('/acme/directory', function (req, res) { + app.get('/acme/directory', function (req, res) { res.send({ 'new-nonce': '/acme/new-nonce' , 'new-account': '/acme/new-acct' }); }); - app.use('/acme/new-nonce', controllers.newNonce); - app.use('/acme/new-acct', controllers.newAccount); + app.head('/acme/new-nonce', controllers.newNonce); + app.get('/acme/new-nonce', controllers.newNonce); + app.post('/acme/new-acct', controllers.newAccount); app.use(/\b(relay)\b/, controllers.relay); app.get(/\b(config)\b/, getConfigOnly); app.use(/\b(init|config)\b/, initOrConfig); @@ -1021,6 +1022,7 @@ function serveControlsHelper() { app.use('/rpc/', apiHandler); app.use('/api/', apiHandler); + app.use('/acme/', apiHandler); app.use('/', serveStatic); controlServer = http.createServer(app); diff --git a/lib/eggspress.js b/lib/eggspress.js index fdd6169..d4b3d28 100644 --- a/lib/eggspress.js +++ b/lib/eggspress.js @@ -33,11 +33,12 @@ module.exports = function eggspress() { return; } - if (!req.url.match(todo[0])) { + var urlstr = (req.url.replace(/\/$/, '') + '/'); + if (!urlstr.match(todo[0])) { //console.log("[eggspress] pattern doesn't match", todo[0], req.url); next(); return; - } else if ('string' === typeof todo[0] && 0 !== req.url.match(todo[0]).index) { + } else if ('string' === typeof todo[0] && 0 !== urlstr.match(todo[0]).index) { //console.log("[eggspress] string pattern is not the start", todo[0], req.url); next(); return; @@ -70,7 +71,7 @@ module.exports = function eggspress() { app.use = function (pattern, fn) { return app._use('', pattern, fn); }; - [ 'GET', 'POST', 'DELETE' ].forEach(function (method) { + [ 'HEAD', 'GET', 'POST', 'DELETE' ].forEach(function (method) { app[method.toLowerCase()] = function (pattern, fn) { return app._use(method, pattern, fn); }; diff --git a/lib/rc/index.js b/lib/rc/index.js index 9ffa841..5df7c72 100644 --- a/lib/rc/index.js +++ b/lib/rc/index.js @@ -74,7 +74,7 @@ module.exports.create = function (state) { var RC = {}; RC.resolve = function (pathstr) { // TODO use real hostname and return reqOpts rather than string? - return 'http://localhost:' + RC.port({}).port.toString() + '/' + pathstr.replace(/^\//, ''); + return 'http://localhost:' + (RC.port({}).port||'1').toString() + '/' + pathstr.replace(/^\//, ''); }; RC.port = function (reqOpts) { var fs = require('fs'); @@ -93,7 +93,7 @@ module.exports.create = function (state) { } return reqOpts; }; - RC.createErrorhandler = function (replay, opts, cb) { + RC.createErrorHandler = function (replay, opts, cb) { return function (err) { // ENOENT - never started, cleanly exited last start, or creating socket at a different path // ECONNREFUSED - leftover socket just needs to be restarted