A lightweight IOT application server with a hard shell written for node.js
Go to file
AJ ONeal 52a6627e84 add missing res.error 2017-05-24 06:23:40 +00:00
bin remove symlink 2017-05-04 23:12:29 -06:00
boot update deps and add a bunch of debug logging 2017-05-10 23:26:25 +00:00
dist add empty walnut.yml 2017-05-15 18:11:49 +00:00
etc include special and auto cert dirs 2016-03-28 21:12:35 -04:00
lib add missing res.error 2017-05-24 06:23:40 +00:00
snippets add undo instructions 2015-02-23 19:30:34 +00:00
tests apppath => pagespath 2015-11-21 20:47:28 +00:00
.gitignore remove unused files 2015-11-28 05:44:52 +00:00
.jshintrc add .jshintrc 2017-05-04 23:10:24 -06:00
LICENSE open source, again 2015-11-28 06:14:03 +00:00
README.md separate packages from permissions 2017-05-22 17:22:32 +00:00
add-subtree.sh add subtree script 2017-05-19 00:57:34 -05:00
install.sh load sites separately from packages 2017-05-20 04:34:17 +00:00
package.json update package.json deps 2017-05-18 01:00:53 +00:00
setup-dev-deps.sh refactoring to use fs config 2016-04-09 19:14:00 -04:00
uninstall.sh update installer 2017-05-09 10:27:47 -06:00
walnut.js removed letsencrypt and other 2017-05-04 23:09:56 -06:00

README.md

walnut

Small, light, and secure iot application framework.

curl https://git.daplie.com/Daplie/daplie-snippets/raw/master/install.sh | bash

daplie-install-cloud

Features

  • Works with Goldilocks for secure, Let's Encrypt maneged, https-only serving

  • IOT Application server written in Node.js

  • Small memory footprint (for a node app)

  • Secure

    • Uses JWT, not Cookies*
    • HTTPS-only (checks for X-Forwarded-For)
    • AES, RSA, and ECDSA encryption and signing
    • Safe against CSRF, XSS, and SQL injection
    • Safe against Compression attacks
  • Multi-Tentated Application Management

  • Built-in OAuth2 & OAuth3 support

*Cookies are used only for GETs and only where using a token would be less secure such as images which would otherwise require the token to be passed into the img src. They are also scoped such that CSRF attacks are not possible.

In Progress

  • HTTPS Key Pinning
  • Heroku (pending completion of PostgreSQL support)
  • GunDB Support
  • OpenID support

Structure

Currently being tested with Ubuntu, Raspbian, and Debian on Digital Ocean, Raspberry Pi, and Heroku.

/srv/walnut/
├── setup.sh (in-progress)
├── core
│   ├── bin
│   ├── boot
│   ├── holepunch
│   └── lib
├── node_modules
├── packages
│   ├── apis
│   ├── pages
│   └── services
└── var
  • core contains all walnut code
  • node_modules is a flat installation of all dependencies
  • certs is a directory for Let's Encrypt (or custom) certificates
  • var is a directory for database files and such
  • packages contains 3 types of packages

Will install to

/srv/walnut/core/
/etc/walnut
/opt/walnut
/var/log/walnut
/etc/systemd/system/walnut.service
/etc/tmpfiles.d/walnut.conf

Implementation details

Initialization

needs to know its primary domain

POST https://api.<domain.tld>/api/com.daplie.walnut.init

{ "domain": "<domain.tld>" }

The following domains are required to point to WALNUT server

<domain.tld>
www.<domain.tld>

api.<domain.tld>
assets.<domain.tld>

cloud.<domain.tld>
api.cloud.<domain.tld>

Example /etc/goldilocks/goldilocks.yml:

tls:
  email: domains@example.com
  servernames:
    - example.com
    - www.example.com
    - api.example.com
    - assets.example.com
    - cloud.example.com
    - api.cloud.example.com

http:
  trust_proxy: true
  modules:
    - name: proxy
      domains:
        - '*'
      address: '127.0.0.1:3000'

Resetting the Initialization

Once you run the app the initialization files will appear in these locations

/srv/walnut/var/com.daplie.walnut.config.sqlite3
/srv/walnut/config/<domain.tld>.json

Deleting those files will rese

Accessing static apps

Static apps are stored in packages/pages

# App ID as files with a list of packages they should load
# note that '#' is used in place of '/' because files and folders may not contain '/' in their names
/srv/walnut/packages/sites/<domain.tld#path>          # https://domain.tld/path
/srv/walnut/packages/sites/<domain.tld>               # https://domain.tld and https://domain.tld/foo match

# packages are directories with reverse dns name      # For the sake of debugging these packages can be accessed directly, without a site by
/srv/walnut/packages/pages/<tld.domain.package>       # matches apps.<domain.tld>/<package-name> and <domain.tld>/apps/<package-name>

Accessing REST APIs

# Apps are granted access to use a package by listing it in the grants file by the name of the app url (domain.tld)
/srv/walnut/packages/client-api-grants/<domain.tld>   # matches api.<domain.tld>/api/ and contains a list of allowed REST APIs
                                                      # the REST apis themselves are submatched as api.<domain.tld>/api/<tld.domain.package>

# packages are directories with reverse dns name, a package.json, and an index.js
/srv/walnut/packages/rest/<tld.domain.package>

Example tree with contents:

Here com.example.hello is a package with a REST API and a static page and foobar.me is a WALNUT-configured domain (smithfam.net, etc).

The packages:

/srv/walnut/packages/
├── api
├── pages
│   └── com.example.hello
│       └── index.html
│             '''
│             <html>
│               <head><title>com.example.hello</title></head>
│               <body>
│                 <h1>com.example.hello</h1>
│               </body>
│             </html>
│             '''
│
├── rest
│   └── com.example.hello
│      ├── package.json
│      └── index.js
│           '''
│           'use strict';
│
│           module.exports.create = function (conf, deps, app) {
│
│             app.use('/', function (req, res) {
│               console.log('[com.example.hello] req.url', req.url);
│               res.send({ message: 'hello' });
│             });
│
│             return deps.Promise.resolve();
│           };
│
│           '''
│
└── services

The permissions:

/srv/walnut/packages/
├── client-api-grants
│   └── cloud.foobar.me
│         '''
│         com.example.hello     # refers to /srv/walnut/packages/rest/com.example.hello
│         '''
│
└── sites
    └── daplie.me
          '''
          com.example.hello     # refers to /srv/walnut/packages/pages/com.example.hello
          '''