@depup/redbird 1.0.2-depup.0

package/dist/letsencrypt.js

@@ -0,0 +1,127 @@
+/**
+ * Letsecript module for Redbird (c) Optimalbits 2016-2024
+ *
+ *
+ *
+ */
+import { createServer } from 'http';
+import path from 'path';
+import url from 'url';
+import fs from 'fs';
+import LeChallengeFs from './third-party/le-challenge-fs.js';
+/**
+ *  LetsEncrypt certificates are stored like the following:
+ *
+ *  /example.com
+ *    /
+ *
+ *
+ *
+ */
+let leStoreConfig = {};
+const webrootPath = ':configDir/:hostname/.well-known/acme-challenge';
+function init(certPath, port, logger) {
+    logger === null || logger === void 0 ? void 0 : logger.info('Initializing letsencrypt, path %s, port: %s', certPath, port);
+    leStoreConfig = {
+        configDir: certPath,
+        privkeyPath: ':configDir/:hostname/privkey.pem',
+        fullchainPath: ':configDir/:hostname/fullchain.pem',
+        certPath: ':configDir/:hostname/cert.pem',
+        chainPath: ':configDir/:hostname/chain.pem',
+        workDir: ':configDir/letsencrypt/var/lib',
+        logsDir: ':configDir/letsencrypt/var/log',
+        webrootPath,
+        debug: false,
+    };
+    // we need to proxy for example: 'example.com/.well-known/acme-challenge' -> 'localhost:port/example.com/'
+    return createServer(function (req, res) {
+        if (req.method !== 'GET') {
+            res.statusCode = 405; // Method Not Allowed
+            res.end();
+            return;
+        }
+        const reqPath = url.parse(req.url).pathname;
+        const basePath = path.resolve(certPath);
+        const safePath = path.normalize(reqPath).replace(/^(\.\.[\/\\])+/, ''); // Prevent directory traversal
+        const fullPath = path.join(basePath, safePath);
+        if (!fullPath.startsWith(basePath)) {
+            logger === null || logger === void 0 ? void 0 : logger.info(`Attempted directory traversal attack: ${req.url}`);
+            res.statusCode = 403; // Forbidden
+            res.end('Access denied');
+            return;
+        }
+        logger === null || logger === void 0 ? void 0 : logger.info('LetsEncrypt CA trying to validate challenge %s', fullPath);
+        fs.stat(fullPath, function (err, stats) {
+            if (err || !stats.isFile()) {
+                res.writeHead(404, { 'Content-Type': 'text/plain' });
+                res.write('404 Not Found\n');
+                res.end();
+                return;
+            }
+            res.writeHead(200);
+            fs.createReadStream(fullPath, 'binary').pipe(res);
+        });
+    }).listen(port);
+}
+/**
+ *  Gets the certificates for the given domain.
+ *  Handles all the LetsEncrypt protocol. Uses
+ *  existing certificates if any, or negotiates a new one.
+ *  Returns a promise that resolves to an object with the certificates.
+ *  TODO: We should use something like https://github.com/PaquitoSoft/memored/blob/master/index.js
+ *  to avoid
+ */
+async function getCertificates(domain, email, loopbackPort, production, renew, logger) {
+    const LE = (await import('greenlock')).default;
+    // Storage Backend
+    const leStore = (await import('le-store-certbot')).create(leStoreConfig);
+    // ACME Challenge Handlers
+    const leChallenge = LeChallengeFs.create({
+        loopbackPort: loopbackPort,
+        webrootPath,
+        debug: false,
+    });
+    const le = LE.create({
+        server: production
+            ? 'https://acme-v02.api.letsencrypt.org/directory'
+            : 'https://acme-staging-v02.api.letsencrypt.org/directory',
+        store: leStore, // handles saving of config, accounts, and certificates
+        challenges: { 'http-01': leChallenge }, // handles /.well-known/acme-challege keys and tokens
+        challengeType: 'http-01', // default to this challenge type
+        debug: false,
+        log: function () {
+            logger === null || logger === void 0 ? void 0 : logger.info(arguments, 'Lets encrypt debugger');
+        },
+    });
+    // Check in-memory cache of certificates for the named domain
+    const cert = await le.check({ domains: [domain] });
+    const opts = {
+        domains: [domain],
+        email: email,
+        agreeTos: true,
+        rsaKeySize: 2048, // 2048 or higher
+        challengeType: 'http-01',
+    };
+    if (cert) {
+        if (renew) {
+            logger && logger.info('renewing cert for ' + domain);
+            opts.duplicate = true;
+            return le.renew(opts, cert).catch(function (err) {
+                logger && logger.error(err, 'Error renewing certificates for ', domain);
+            });
+        }
+        else {
+            logger && logger.info('Using cached cert for ' + domain);
+            return cert;
+        }
+    }
+    else {
+        // Register Certificate manually
+        logger === null || logger === void 0 ? void 0 : logger.info('Manually registering certificate for %s', domain);
+        return le.register(opts).catch(function (err) {
+            logger === null || logger === void 0 ? void 0 : logger.error(err, 'Error registering LetsEncrypt certificates');
+        });
+    }
+}
+export { init, getCertificates };
+//# sourceMappingURL=letsencrypt.js.map

package/dist/letsencrypt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"letsencrypt.js","sourceRoot":"","sources":["../lib/letsencrypt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAmC,YAAY,EAAE,MAAM,MAAM,CAAC;AACrE,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,MAAM,IAAI,CAAC;AAGpB,OAAO,aAAa,MAAM,kCAAkC,CAAC;AAE7D;;;;;;;;GAQG;AACH,IAAI,aAAa,GAAG,EAAE,CAAC;AACvB,MAAM,WAAW,GAAG,iDAAiD,CAAC;AAEtE,SAAS,IAAI,CAAC,QAAgB,EAAE,IAAY,EAAE,MAAmC;IAC/E,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,6CAA6C,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE5E,aAAa,GAAG;QACd,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,kCAAkC;QAC/C,aAAa,EAAE,oCAAoC;QACnD,QAAQ,EAAE,+BAA+B;QACzC,SAAS,EAAE,gCAAgC;QAE3C,OAAO,EAAE,gCAAgC;QACzC,OAAO,EAAE,gCAAgC;QAEzC,WAAW;QACX,KAAK,EAAE,KAAK;KACb,CAAC;IAEF,0GAA0G;IAC1G,OAAO,YAAY,CAAC,UAAU,GAAoB,EAAE,GAAmB;QACrE,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,qBAAqB;YAC3C,GAAG,CAAC,GAAG,EAAE,CAAC;YACV,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,8BAA8B;QACtG,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,yCAAyC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;YACjE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,YAAY;YAClC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,gDAAgD,EAAE,QAAQ,CAAC,CAAC;QAEzE,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,GAAU,EAAE,KAAU;YAChD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAC7B,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAClB,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,eAAe,CAC5B,MAAc,EACd,KAAa,EACb,YAAoB,EACpB,UAAmB,EACnB,KAAc,EACd,MAAmC;IAEnC,MAAM,EAAE,GAAG,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC;IAE/C,kBAAkB;IAClB,MAAM,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzE,0BAA0B;IAC1B,MAAM,WAAW,GAAG,aAAa,CAAC,MAAM,CAAC;QACvC,YAAY,EAAE,YAAY;QAC1B,WAAW;QACX,KAAK,EAAE,KAAK;KACb,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACnB,MAAM,EAAE,UAAU;YAChB,CAAC,CAAC,gDAAgD;YAClD,CAAC,CAAC,wDAAwD;QAC5D,KAAK,EAAE,OAAO,EAAE,uDAAuD;QACvE,UAAU,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,qDAAqD;QAC7F,aAAa,EAAE,SAAS,EAAE,iCAAiC;QAC3D,KAAK,EAAE,KAAK;QACZ,GAAG,EAAE;YACH,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;QACnD,CAAC;KACF,CAAC,CAAC;IAEH,6DAA6D;IAC7D,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEnD,MAAM,IAAI,GAON;QACF,OAAO,EAAE,CAAC,MAAM,CAAC;QACjB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,IAAI,EAAE,iBAAiB;QACnC,aAAa,EAAE,SAAS;KACzB,CAAC;IAEF,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACtB,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,UAAU,GAAU;gBACpD,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,wBAAwB,GAAG,MAAM,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;SAAM,CAAC;QACN,gCAAgC;QAChC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,yCAAyC,EAAE,MAAM,CAAC,CAAC;QAChE,OAAO,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,UAAU,GAAU;YACjD,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC,GAAG,EAAE,4CAA4C,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC"}

package/dist/proxy.d.ts

@@ -0,0 +1,122 @@
+import { URL } from 'url';
+import http, { IncomingMessage, ServerResponse } from 'http';
+import httpProxy from 'http-proxy';
+import { pino, Logger } from 'pino';
+import { ProxyOptions } from './interfaces/proxy-options.js';
+import { ProxyRoute } from './interfaces/proxy-route.js';
+import { RouteOptions } from './interfaces/route-options.js';
+import { Resolver, ResolverFn } from './interfaces/resolver.js';
+export declare class Redbird {
+    private opts;
+    logger?: Logger;
+    routing: any;
+    resolvers: Resolver[];
+    certs: any;
+    lazyCerts: {
+        [key: string]: {
+            email: string;
+            production: boolean;
+            renewWithin: number;
+        };
+    };
+    private _defaultResolver;
+    private proxy;
+    private agent;
+    private server;
+    private httpsServer;
+    private letsencryptHost;
+    private letsencryptServer;
+    get defaultResolver(): any;
+    constructor(opts?: ProxyOptions);
+    setupHttpProxy(proxy: httpProxy, websocketsUpgrade: any, log: pino.Logger, opts: ProxyOptions): http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>;
+    /**
+     * Special resolver for handling Let's Encrypt ACME challenges.
+     * @param opts
+     */
+    setupLetsencrypt(opts: ProxyOptions): void;
+    setupHttpsProxy(proxy: httpProxy, websocketsUpgrade: any, sslOpts: any): void;
+    addResolver(resolverFn: ResolverFn, priority?: number): this;
+    removeResolver(resolverFn: ResolverFn): this;
+    /**
+    Register a new route.
+  
+    @src {String|URL} A string or a url parsed by node url module.
+    Note that port is ignored, since the proxy just listens to one port.
+  
+    @target {String|URL} A string or a url parsed by node url module.
+    @opts {Object} Route options.
+    */
+    register(opts: {
+        src: string | URL;
+        target: string | URL;
+    } & RouteOptions): Promise<void>;
+    register(src: string, opts: any): Promise<void>;
+    register(src: string | URL, target: string | URL, opts: RouteOptions): Promise<void>;
+    updateCertificates(domain: string, email: string, production: boolean, renewWithin: number, renew?: boolean): Promise<void>;
+    unregister(src: string | URL, target?: string | URL): Redbird;
+    private applyResolvers;
+    /**
+     * Resolves to route
+     * @param host
+     * @param url
+     * @returns {*}
+     */
+    resolve(host: string, url?: string, req?: IncomingMessage): Promise<ProxyRoute | undefined>;
+    getTarget(src: string, req: IncomingMessage, res?: ServerResponse): Promise<void | import("./interfaces/proxy-target-url.js").ProxyTargetUrl>;
+    getSource(req: IncomingMessage): string;
+    close(): Promise<void>;
+    /**
+    Routing table structure. An object with hostname as key, and an array as value.
+    The array has one element per path associated to the given hostname.
+    Every path has a Round-Robin value (rr) and urls array, with all the urls available
+    for this target route.
+  
+    {
+      hostA :
+        [
+          {
+            path: '/',
+            rr: 3,
+            urls: []
+          }
+        ]
+    }
+    */
+    notFound(callback: any): void;
+    shouldRedirectToHttps(target: any): boolean;
+}
+export declare const buildRoute: (route: string | ProxyRoute) => ProxyRoute | null;
+export declare const buildTarget: (target: string | URL, opts?: {
+    ssl?: any;
+    useTargetHostHeader?: boolean;
+}) => {
+    sslRedirect: boolean;
+    useTargetHostHeader: boolean;
+    hash: string;
+    host: string;
+    hostname: string;
+    href: string;
+    origin: string;
+    password: string;
+    pathname: string;
+    port: string;
+    protocol: string;
+    search: string;
+    searchParams: import("url").URLSearchParams;
+    username: string;
+} | {
+    sslRedirect: boolean;
+    useTargetHostHeader: boolean;
+    query: string | null;
+    auth: string | null;
+    hash: string | null;
+    host: string | null;
+    hostname: string | null;
+    href: string;
+    path: string | null;
+    pathname: string | null;
+    protocol: string | null;
+    search: string | null;
+    slashes: boolean | null;
+    port: string | null;
+};