prep for ACME-style account for Telebit

2019-05-11 02:17:12 -06:00 · 2019-05-11 02:17:12 -06:00 · b81ff7550b
parent 0080cec081
commit b81ff7550b
1 changed files with 71 additions and 41 deletions
--- a/lib/admin/js/app.js
+++ b/lib/admin/js/app.js
@ -3,6 +3,7 @@

 var Vue = window.Vue;
 var Telebit = window.TELEBIT;
+var Keypairs = window.Keypairs;
 var api = {};

 /*
@ -462,52 +463,81 @@ new Vue({
 , methods: appMethods
 });

+function run(key) {
+  // 1. Get ACME directory
+  // 2. Fetch ACME account
+  // 3. Test if account has access
+  // 4. Show command line auth instructions to auth
+  // 5. Sign requests / use JWT
+  // 6. Enforce token required for config, status, etc
+  // 7. Move admin interface to standard ports (admin.foo-bar-123.telebit.xyz)
+  api.config().then(function (config) {
+    telebitState.config = config;
+    if (config.greenlock) {
+      appData.init.acmeServer = config.greenlock.server;
+    }
+    if (config.relay) {
+      appData.init.relay = config.relay;
+    }
+    if (config.email) {
+      appData.init.email = config.email;
+    }
+    if (config.agreeTos) {
+      appData.init.letos = config.agreeTos;
+      appData.init.teletos = config.agreeTos;
+    }
+    if (config._otp) {
+      appData.init.otp = config._otp;
+    }

-api.config().then(function (config) {
-  telebitState.config = config;
-  if (config.greenlock) {
-    appData.init.acmeServer = config.greenlock.server;
-  }
-  if (config.relay) {
-    appData.init.relay = config.relay;
-  }
-  if (config.email) {
-    appData.init.email = config.email;
-  }
-  if (config.agreeTos) {
-    appData.init.letos = config.agreeTos;
-    appData.init.teletos = config.agreeTos;
-  }
-  if (config._otp) {
-    appData.init.otp = config._otp;
-  }
+    telebitState.pollUrl = config._pollUrl || localStorage.getItem('poll_url');

-  telebitState.pollUrl = config._pollUrl || localStorage.getItem('poll_url');
+    if ((!config.token && !config._otp) || !config.relay || !config.email || !config.agreeTos) {
+      changeState('setup');
+      setState();
+      return;
+    }
+    if (!config.token && config._otp) {
+      changeState('otp');
+      setState();
+      // this will skip ahead as necessary
+      return Telebit.authorize(telebitState, showOtp).then(function () {
+        return changeState('status');
+      });
+    }

-  if ((!config.token && !config._otp) || !config.relay || !config.email || !config.agreeTos) {
-    changeState('setup');
-    setState();
-    return;
-  }
-  if (!config.token && config._otp) {
-    changeState('otp');
-    setState();
-    // this will skip ahead as necessary
-    return Telebit.authorize(telebitState, showOtp).then(function () {
-      return changeState('status');
-    });
-  }
+    // TODO handle default state
+    changeState('status');
+  }).catch(function (err) {
+    appData.views.flash.error = err.message || JSON.stringify(err, null, 2);
+  });
+}

-  // TODO handle default state
-  changeState('status');
-}).catch(function (err) {
-  appData.views.flash.error = err.message || JSON.stringify(err, null, 2);
-});
+
+// TODO protect key with passphrase (or QR code?)
+function getKey() {
+  var key;
+  try {
+    key = JSON.parse(localStorage.getItem('key'));
+  } catch(e) {
+    // ignore
+  }
+  if (key && key.kid && key.d) {
+    return Promise.resolve(key);
+  }
+  return Keypairs.generate().then(function (pair) {
+    key = pair.private;
+    localStorage.setItem('key', JSON.stringify(key));
+    return key;
+  });
+}

 window.api = api;
-
-setTimeout(function () {
-  document.body.hidden = false;
-}, 50);
+getKey().then(function (key) {
+  run(key);
+  setTimeout(function () {
+    document.body.hidden = false;
+  }, 50);
+});

 }());