@bgord/bun 0.29.15 → 0.30.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bgord/bun",
-  "version": "0.29.15",
+  "version": "0.30.1",
   "license": "MIT",
   "type": "module",
   "author": "Bartosz Gordon",
@@ -51,7 +51,6 @@
     "node-cache": "5.1.2",
     "nodemailer": "7.0.9",
     "sharp": "0.34.4",
-    "ssl-checker": "2.0.10",
     "winston": "3.18.3",
     "yazl": "3.3.1"
   },

package/readme.md

@@ -35,6 +35,9 @@ src/
 ├── cache-file.service.ts
 ├── cache-resolver.service.ts
 ├── cache-response.middleware.ts
+├── certificate-inspector-noop.adapter.ts
+├── certificate-inspector-tls.adapter.ts
+├── certificate-inspector.port.ts
 ├── client-from-hono.adapter.ts
 ├── client.vo.ts
 ├── clock-fixed.adapter.ts

package/src/certificate-inspector-noop.adapter.ts

@@ -0,0 +1,9 @@
+import type { CertificateInspection, CertificateInspectorPort } from "./certificate-inspector.port";
+
+export class CertificateInspectorNoopAdapter implements CertificateInspectorPort {
+  constructor(private readonly daysRemaining: number) {}
+
+  async inspect(_hostname: string): Promise<CertificateInspection> {
+    return { success: true, daysRemaining: this.daysRemaining };
+  }
+}

package/src/certificate-inspector-tls.adapter.ts

@@ -0,0 +1,43 @@
+import tls from "node:tls";
+import * as tools from "@bgord/tools";
+import type { CertificateInspection, CertificateInspectorPort } from "./certificate-inspector.port";
+import type { ClockPort } from "./clock.port";
+
+type Dependencies = { Clock: ClockPort };
+
+export class CertificateInspectorTLSAdapter implements CertificateInspectorPort {
+  private static readonly ROUNDING = new tools.RoundToNearest();
+
+  constructor(private readonly deps: Dependencies) {}
+
+  async inspect(hostname: string): Promise<CertificateInspection> {
+    return new Promise((resolve) => {
+      const settle = (value: CertificateInspection) => {
+        try {
+          socket.end();
+          socket.destroy();
+        } finally {
+          resolve(value);
+        }
+      };
+
+      const socket = tls.connect(
+        { host: hostname, port: 443, servername: hostname, rejectUnauthorized: false },
+        () => {
+          const certificate = socket.getPeerCertificate();
+          if (!certificate?.valid_to) return settle({ success: false });
+
+          const validToMs = new Date(certificate.valid_to).getTime();
+          const daysRemaining = tools.Duration.Ms(validToMs - this.deps.Clock.nowMs()).days;
+
+          settle({
+            success: true,
+            daysRemaining: CertificateInspectorTLSAdapter.ROUNDING.round(daysRemaining),
+          });
+        },
+      );
+
+      socket.once("error", () => settle({ success: false }));
+    });
+  }
+}

package/src/certificate-inspector.port.ts

@@ -0,0 +1,5 @@
+export type CertificateInspection = { success: true; daysRemaining: number } | { success: false };
+
+export interface CertificateInspectorPort {
+  inspect(hostname: string): Promise<CertificateInspection>;
+}

package/src/index.ts

@@ -9,6 +9,9 @@ export * from "./build-info-repository.service";
 export * from "./cache-file.service";
 export * from "./cache-resolver.service";
 export * from "./cache-response.middleware";
+export * from "./certificate-inspector.port";
+export * from "./certificate-inspector-noop.adapter";
+export * from "./certificate-inspector-tls.adapter";
 export * from "./client.vo";
 export * from "./client-from-hono.adapter";
 export * from "./clock.port";

package/src/prerequisites/ssl-certificate-expiry.ts

@@ -1,4 +1,4 @@
-import sslChecker from "ssl-checker";
+import type { CertificateInspectorPort } from "../certificate-inspector.port";
 import * as prereqs from "../prerequisites.service";
 
 export class PrerequisiteSSLCertificateExpiry implements prereqs.Prerequisite {
@@ -7,29 +7,33 @@ export class PrerequisiteSSLCertificateExpiry implements prereqs.Prerequisite {
   readonly enabled?: boolean = true;
 
   private readonly host: string;
-  private readonly validDaysMinimum: number;
+  private readonly days: number;
+  private readonly inspector: CertificateInspectorPort;
 
-  constructor(config: prereqs.PrerequisiteConfigType & { host: string; validDaysMinimum: number }) {
+  constructor(
+    config: prereqs.PrerequisiteConfigType & {
+      host: string;
+      days: number;
+      inspector: CertificateInspectorPort;
+    },
+  ) {
     this.label = config.label;
     this.enabled = config.enabled === undefined ? true : config.enabled;
 
     this.host = config.host;
-    this.validDaysMinimum = config.validDaysMinimum;
+    this.days = config.days;
+    this.inspector = config.inspector;
   }
 
   async verify(): Promise<prereqs.VerifyOutcome> {
     if (!this.enabled) return prereqs.Verification.undetermined();
 
-    try {
-      const result = await sslChecker(this.host);
+    const result = await this.inspector.inspect(this.host);
 
-      if (!result.valid) return prereqs.Verification.failure({ message: "Invalid" });
-      if (result.daysRemaining <= this.validDaysMinimum) {
-        return prereqs.Verification.failure({ message: `Days remaining: ${result.daysRemaining}` });
-      }
-      return prereqs.Verification.success();
-    } catch (error) {
-      return prereqs.Verification.failure(error as Error);
+    if (!result.success) return prereqs.Verification.failure({ message: "Unavailable" });
+    if (result.daysRemaining <= this.days) {
+      return prereqs.Verification.failure({ message: `${result.daysRemaining} days remaining` });
     }
+    return prereqs.Verification.success();
   }
 }

package/src/setup.service.ts

@@ -37,7 +37,7 @@ type Dependencies = {
 export class Setup {
   static essentials(deps: Dependencies, overrides?: SetupOverridesType) {
     const corsOptions = overrides?.cors ?? { origin: "*" };
-    const secureHeadersOptions = overrides?.secureHeaders ?? undefined;
+    const secureHeadersOptions = { crossOriginResourcePolicy: "cross-origin", ...overrides?.secureHeaders };
 
     return [
       secureHeaders(secureHeadersOptions),