@factiii/stack 0.1.99 → 0.1.100
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssl-cert-helper.d.ts","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAU,GAAG,eAAe,
|
|
1
|
+
{"version":3,"file":"ssl-cert-helper.d.ts","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAU,GAAG,eAAe,CA6FtF;AAED;;;;GAIG;AACH,wBAAgB,cAAc,IAAI,OAAO,CASxC"}
|
|
@@ -52,17 +52,51 @@ const fs = __importStar(require("fs"));
|
|
|
52
52
|
*/
|
|
53
53
|
function checkCertificate(domain, warnDays = 7) {
|
|
54
54
|
const certPath = '/etc/letsencrypt/live/' + domain + '/fullchain.pem';
|
|
55
|
-
|
|
55
|
+
// Try reading cert file directly (may fail without root on macOS)
|
|
56
|
+
let canReadFile = fs.existsSync(certPath);
|
|
57
|
+
// Fallback: try with sudo (cert dirs are often root-only on macOS)
|
|
58
|
+
if (!canReadFile) {
|
|
59
|
+
try {
|
|
60
|
+
(0, child_process_1.execSync)('sudo test -f "' + certPath + '"', { stdio: 'pipe', timeout: 5000 });
|
|
61
|
+
canReadFile = true;
|
|
62
|
+
}
|
|
63
|
+
catch {
|
|
64
|
+
// sudo not available or file truly doesn't exist
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
if (!canReadFile) {
|
|
68
|
+
// Final fallback: check via openssl s_client (network-based, no file perms needed)
|
|
69
|
+
try {
|
|
70
|
+
const sslOutput = (0, child_process_1.execSync)('echo | openssl s_client -connect ' + domain + ':443 -servername ' + domain + ' 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null', { encoding: 'utf8', timeout: 10000 });
|
|
71
|
+
const match = sslOutput.match(/notAfter=(.+)/);
|
|
72
|
+
if (match && match[1]) {
|
|
73
|
+
const expiryDate = new Date(match[1]);
|
|
74
|
+
const daysUntilExpiry = Math.floor((expiryDate.getTime() - Date.now()) / (1000 * 60 * 60 * 24));
|
|
75
|
+
return {
|
|
76
|
+
exists: true,
|
|
77
|
+
valid: daysUntilExpiry > warnDays,
|
|
78
|
+
expiresInDays: daysUntilExpiry,
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
// SSL not serving — cert truly doesn't exist
|
|
84
|
+
}
|
|
56
85
|
return { exists: false, valid: false };
|
|
57
86
|
}
|
|
87
|
+
// Read cert with sudo if needed
|
|
88
|
+
const readCmd = fs.existsSync(certPath)
|
|
89
|
+
? 'openssl x509'
|
|
90
|
+
: 'sudo openssl x509';
|
|
91
|
+
const fileArg = ' -in "' + certPath + '"';
|
|
58
92
|
try {
|
|
59
93
|
// Check if cert is valid for at least warnDays more
|
|
60
94
|
const checkSeconds = warnDays * 24 * 60 * 60;
|
|
61
|
-
(0, child_process_1.execSync)('
|
|
95
|
+
(0, child_process_1.execSync)(readCmd + ' -checkend ' + checkSeconds + ' -noout' + fileArg, {
|
|
62
96
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
63
97
|
});
|
|
64
98
|
// Get exact expiration for reporting
|
|
65
|
-
const expiryOutput = (0, child_process_1.execSync)('
|
|
99
|
+
const expiryOutput = (0, child_process_1.execSync)(readCmd + ' -enddate -noout' + fileArg, {
|
|
66
100
|
encoding: 'utf8',
|
|
67
101
|
});
|
|
68
102
|
const expiryMatch = expiryOutput.match(/notAfter=(.+)/);
|
|
@@ -77,7 +111,7 @@ function checkCertificate(domain, warnDays = 7) {
|
|
|
77
111
|
// openssl returns non-zero if cert expires within checkSeconds
|
|
78
112
|
// Try to get the actual expiry date for the error message
|
|
79
113
|
try {
|
|
80
|
-
const expiryOutput = (0, child_process_1.execSync)('
|
|
114
|
+
const expiryOutput = (0, child_process_1.execSync)(readCmd + ' -enddate -noout' + fileArg, {
|
|
81
115
|
encoding: 'utf8',
|
|
82
116
|
});
|
|
83
117
|
const expiryMatch = expiryOutput.match(/notAfter=(.+)/);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssl-cert-helper.js","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBH,
|
|
1
|
+
{"version":3,"file":"ssl-cert-helper.js","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBH,4CA6FC;AAOD,wCASC;AA9HD,iDAAyC;AACzC,uCAAyB;AASzB;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,MAAc,EAAE,WAAmB,CAAC;IACnE,MAAM,QAAQ,GAAG,wBAAwB,GAAG,MAAM,GAAG,gBAAgB,CAAC;IAEtE,kEAAkE;IAClE,IAAI,WAAW,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1C,mEAAmE;IACnE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,gBAAgB,GAAG,QAAQ,GAAG,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9E,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;QACnD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,mFAAmF;QACnF,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,wBAAQ,EACxB,mCAAmC,GAAG,MAAM,GAAG,mBAAmB,GAAG,MAAM,GAAG,yDAAyD,EACvI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CACrC,CAAC;YACF,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/C,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACtC,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;gBACF,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,eAAe,GAAG,QAAQ;oBACjC,aAAa,EAAE,eAAe;iBAC/B,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6CAA6C;QAC/C,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,mBAAmB,CAAC;IACxB,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,GAAG,CAAC;IAE1C,IAAI,CAAC;QACH,oDAAoD;QACpD,MAAM,YAAY,GAAG,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QAC7C,IAAA,wBAAQ,EAAC,OAAO,GAAG,aAAa,GAAG,YAAY,GAAG,SAAS,GAAG,OAAO,EAAE;YACrE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,qCAAqC;QACrC,MAAM,YAAY,GAAG,IAAA,wBAAQ,EAAC,OAAO,GAAG,kBAAkB,GAAG,OAAO,EAAE;YACpE,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACxD,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,0DAA0D;QAC1D,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAA,wBAAQ,EAAC,OAAO,GAAG,kBAAkB,GAAG,OAAO,EAAE;gBACpE,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;gBACF,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,KAAK;oBACZ,aAAa,EAAE,eAAe;oBAC9B,KAAK,EAAE,0BAA0B,GAAG,eAAe,GAAG,OAAO;iBAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,cAAc;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,6DAA6D,EAAE;YACrF,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,eAAe,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|