works?

2017-05-01 17:39:43 -04:00 · 2017-05-01 17:39:43 -04:00 · d4a904ef94
parent 671753bb94
commit d4a904ef94
6 changed files with 29 additions and 27 deletions
--- a/README.md
+++ b/README.md
@ -57,6 +57,8 @@ Currently being tested with Ubuntu, Raspbian, and Debian on Digital Ocean, Raspb
 │           ├── fullchain.pem
 │           └── privkey.pem
 └── var
+    ├── files
+    └── tmp
 ```

 * `core` contains all walnut code
--- a/boot/worker.js
+++ b/boot/worker.js
@ -5,6 +5,11 @@ module.exports.create = function (opts) {
  var promiseApp;

  function createAndBindInsecure(lex, message, cb) {
+    var webserver = require('http').createServer(lex.middleware(require('redirect-https')())).listen(message.conf.insecurePort, function () {
+      console.log('handling http-01 ACME challenges on port', message.conf.insecurePort);
+      cb(null, webserver, null, message);
+    });
+    /*
    // TODO conditional if 80 is being served by caddy
    require('../lib/insecure-server').create(lex, message.conf.externalPort, message.conf.insecurePort, message, function (err, webserver) {
      console.info("#" + id + " Listening on http://" + webserver.address().address + ":" + webserver.address().port, '\n');
@ -12,34 +17,21 @@ module.exports.create = function (opts) {
      // we are returning the promise result to the caller
      return cb(null, webserver, null, message);
    });
+    */
  }

  function createLe(conf) {
    var LEX = require('letsencrypt-express');
    var lex = LEX.create({
-      configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config'
-    , approveRegistration: function (hostname, cb) {
-        cb(null, {
-          domains: [hostname]                 // TODO handle www and bare on the same cert
-        , email: conf.letsencrypt.email
-        , agreeTos: conf.letsencrypt.agreeTos
-        });
-        /*
-        letsencrypt.getConfig({ domains: [domain] }, function (err, config) {
-          if (!(config && config.checkpoints >= 0)) {
-            cb(err, null);
-            return;
-          }
-
-          cb(null, {
-            email: config.email
-                // can't remember which it is, but the pyconf is different that the regular variable
-          , agreeTos: config.tos || config.agree || config.agreeTos
-          , server: config.server || LE.productionServerUrl
-          , domains: config.domains || [domain]
-          });
-        });
-        */
+      server: 'https://acme-v01.api.letsencrypt.org/directory'
+      //server: 'staging'
+    , configDir: conf.letsencrypt.configDir // i.e. __dirname + '/letsencrypt.config'
+    , webrootPath: '/tmp/acme-challenges'
+    , approveDomains: function (opts, certs, cb) {
+        opts.email = conf.letsencrypt.email;
+        opts.agreeTos = conf.letsencrypt.agreeTos;
+        opts.domains = certs && certs.altnames || opts.domains;
+        cb(null, { options: opts, certs: certs });
      }
    });
    //var letsencrypt = lex.letsencrypt;
--- a/lib/insecure-server.js
+++ b/lib/insecure-server.js
@ -42,7 +42,6 @@ module.exports.create = function (lex, securePort, insecurePort, info, serverCal
    // http://evothings.com/is-it-possible-to-secure-micro-controllers-used-within-iot/
    // needs ECDSA?

-    console.warn('HARD-CODED HTTPS EXCEPTION in insecure-server.js for redirect-www.org');
    if (/redirect-www.org$/.test(host) && useAppInsecurely(req, res)) {
      return true;
    }
--- a/lib/local-server.js
+++ b/lib/local-server.js
@ -44,8 +44,7 @@ module.exports.create = function (lex, certPaths, port, info, serverCallback) {
    }

    if (lex) {
-      var LEX = require('letsencrypt-express');
-      server.on('request', LEX.createAcmeResponder(lex, onRequest));
+      server.on('request', lex.middleware(onRequest));
    } else {
      server.on('request', onRequest);
    }
--- a/lib/worker.js
+++ b/lib/worker.js
@ -222,6 +222,15 @@ module.exports.create = function (webserver, info, state) {
            req.hostname = req.hostname.replace(/.*\.?proxyable\./, '');
          }

+          // hacky fix for com.enom.reseller, com.daplie.domains, org.oauth3.dns, org.oauth3.domains
+          if (req.path) {
+            req.url = req.url.replace(/com\.daplie\.domains/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.domains/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.dns/, 'com.enom.reseller');
+            req.url = req.url.replace(/org\.oauth3\.provider\/credentials/, 'org.oauth3.provider/logins');
+            //req.path = req.path.replace(/com\.daplie\.domains/, 'com.enom.reseller');
+          }
+
          require('./package-server').mapToApp({
            config: pkgConf
          , deps: pkgDeps
--- a/package.json
+++ b/package.json
@ -43,6 +43,7 @@
    "bluebird": "2.x",
    "body-parser": "1.x",
    "btoa": "1.x",
+    "busboy": "^0.2.13",
    "bytes": "^1.0.0",
    "cluster-store": "^1.0.0",
    "compression": "1.x",
@ -80,8 +81,8 @@
    "jarson": "1.x",
    "json-storage": "2.x",
    "jsonwebtoken": "^5.4.0",
-    "lodash": "2.x",
    "letsencrypt-express": "1.1.x",
+    "lodash": "2.x",
    "masterquest-sqlite3": "git://github.com/coolaj86/masterquest-sqlite3.git",
    "media-typer": "^0.3.0",
    "methods": "^1.1.1",