@small-tech/auto-encrypt 3.1.0 → 4.0.0

package/README.md

@@ -2,12 +2,20 @@
 
 Adds automatic provisioning and renewal of [Let’s Encrypt](https://letsencrypt.org) TLS certificates with [OCSP Stapling](https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling) to [Node.js](https://nodejs.org) [https](https://nodejs.org/dist/latest-v12.x/docs/api/https.html) servers (including [Express.js](https://expressjs.com/), etc.)
 
+Implements the subset of RFC 8555 – Automatic Certificate Management Environment (ACME) – necessary for a client to support TLS certificate provisioning from Let’s Encrypt using HTTP-01 challenges.
+
 ## How it works
 
 The first time your web site is hit, it will take a couple of seconds to load as your Let’s Encrypt TLS certificates are automatically provisioned for you. From there on, your certificates will be seamlessly renewed 30 days before their expiry date.
 
 When not provisioning certificates, Auto Encrypt will also forward HTTP calls to HTTPS on your server.
 
+## Compatibility
+
+All tests pass on Node.js LTS (18.2+).
+
+[Tests fail on Node.js 19 (socket hang up error).](https://codeberg.org/small-tech/auto-encrypt/issues/3)
+
 ## Installation
 
 ```sh
@@ -19,31 +27,30 @@ npm i @small-tech/auto-encrypt
 ### Instructions
 
 1. Import the module:
-
-    ```js
-    import AutoEncrypt from '@small-tech/auto-encrypt'
-    ```
+   
+   ```js
+   import AutoEncrypt from '@small-tech/auto-encrypt'
+   ```
 
 2. Prefix your server creation code with a reference to the Auto Encrypt class:
-
-    ```js
-    // const server = https.createServer(…) becomes
-    const server = AutoEncrypt.https.createServer(…)
-    ```
+   
+   ```js
+   // const server = https.createServer(…) becomes
+   const server = AutoEncrypt.https.createServer(…)
+   ```
 
 3. When done, close your server as you would normally:
-
-    ```js
-    server.close(() => {
-      console.log('The server is now closed.')
-    })
-    ```
+   
+   ```js
+   server.close(() => {
+     console.log('The server is now closed.')
+   })
+   ```
 
 ### Example
 
 The following code creates an HTTPS server running on port 443 with [OCSP Stapling](https://letsencrypt.org/docs/integration-guide/#implement-ocsp-stapling) that automatically provisions and renews TLS certificates from [Let’s Encrypt](https://letsencrypt.org) for the domains _<hostname>_ and _www.<hostname>_.
 
-
 ```js
 import AutoEncrypt from '@small-tech/auto-encrypt'
 
@@ -94,9 +101,9 @@ const server = AutoEncrypt.https.createServer(options, listener)
 
 Here is the full list of Auto Encrypt options (all optional) and their defaults:
 
-  - `domains`: the hostname of the current computer and the www subdomain at that hostname.
-  - `server`: it will use the production server (which has [rate limits](https://letsencrypt.org/docs/rate-limits/)). Valid values are `AutoEncrypt.server.(PEBBLE|STAGING|PRODUCTION)`.
-  - `settingsPath`: _~/.small-tech.org/auto-encrypt/_
+- `domains`: the hostname of the current computer and the www subdomain at that hostname.
+- `server`: it will use the production server (which has [rate limits](https://letsencrypt.org/docs/rate-limits/)). Valid values are `AutoEncrypt.server.(PEBBLE|STAGING|PRODUCTION)`.
+- `settingsPath`: _~/.small-tech.org/auto-encrypt/_
 
 ## Making a graceful exit
 
@@ -174,10 +181,9 @@ Auto Encrypt does one thing and one thing well: it automatically provisions a Le
 
 Auto Encrypt __does not_ and __will not__:
 
-  - Implement wildcard certificates. For most [small tech](https://small-tech.org/about/#small-technology) needs (personal web sites and web apps), you will likely need no more than two domains (the root domain and, due to historic and conventional reasons, the www subdomain). You will definitely not need more than the 100 domains that are supported per certificate. If you do, chances are you are looking to use Auto Encrypt in a startup or corporate setting, which is not what its for.
-
-  - Implement DNS-01 or any other methods that cannot be fully automated.
+- Implement wildcard certificates. For most [small tech](https://small-tech.org/about/#small-technology) needs (personal web sites and web apps), you will likely need no more than two domains (the root domain and, due to historic and conventional reasons, the www subdomain). You will definitely not need more than the 100 domains that are supported per certificate. If you do, chances are you are looking to use Auto Encrypt in a startup or corporate setting, which is not what its for.
 
+- Implement DNS-01 or any other methods that cannot be fully automated.
 
 ## Staging and production server behaviour and rate limits
 
@@ -191,29 +197,28 @@ If you do use the staging environment, be aware that browsers will reject the st
 
 Needless to say, do not add the fake certificate root to the same trust store you use for your everyday browsing.
 
-
 ## Related projects
 
 From lower-level to higher-level:
 
 ### Auto Encrypt Localhost
 
-  - Source: https://source.small-tech.org/site.js/lib/auto-encrypt-localhost
-  - Package: [@small-tech/auto-encrypt-localhost](https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost)
+- Source: https://source.small-tech.org/site.js/lib/auto-encrypt-localhost
+- Package: [@small-tech/auto-encrypt-localhost](https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost)
 
 Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Express.js, etc.) using [mkcert](https://github.com/FiloSottile/mkcert/).
 
 ### HTTPS
 
-  - Source: https://source.small-tech.org/site.js/lib/https
-  - Package: [@small-tech/https](https://www.npmjs.com/package/@small-tech/https)
+- Source: https://source.small-tech.org/site.js/lib/https
+- Package: [@small-tech/https](https://www.npmjs.com/package/@small-tech/https)
 
 A drop-in [standard Node.js HTTPS module](https://nodejs.org/dist/latest-v12.x/docs/api/https.html) replacement with both automatic development-time (localhost) certificates via Auto Encrypt Localhost and automatic production certificates via Auto Encrypt.
 
 ### Site.js
 
-  - Web site: https://sitejs.org
-  - Source: https://source.small-tech.org/site.js/app
+- Web site: https://sitejs.org
+- Source: https://source.small-tech.org/site.js/app
 
 A complete [small technology](https://small-tech.org/about/#small-technology) tool for developing, testing, and deploying a secure static or dynamic personal web site or app with zero configuration.
 

package/index.js

@@ -24,6 +24,11 @@ import Throws from './lib/util/Throws.js'
 import HttpServer from './lib/HttpServer.js'
 import log from './lib/util/log.js'
 
+// This reverts IP address sort order to pre-Node 17 behaviour.
+// See https://github.com/nodejs/node/issues/40537
+import dns from 'node:dns'
+dns.setDefaultResultOrder('ipv4first')
+
 // Custom errors thrown by the autoEncrypt function.
 const throws = new Throws({
   [Symbol.for('BusyProvisioningCertificateError')]:

package/lib/HttpServer.js

@@ -18,7 +18,7 @@
 //   B. At all other times:
 //   ======================
 //
-//   Forwards http requests to https requests using a 302 redirect.
+//   Forwards http requests to https requests using a 307 redirect.
 //
 // Copyright © 2020 Aral Balkan, Small Technology Foundation.
 // License: AGPLv3 or later.
@@ -27,7 +27,6 @@
 
 import http from 'http'
 import encodeUrl from 'encodeurl'
-import enableDestroy from 'server-destroy'
 import log from './util/log.js'
 
 export default class HttpServer {
@@ -120,18 +119,13 @@ export default class HttpServer {
         response.end()
       }
     })
-
-    // Enable server to be destroyed without waiting for any existing connections to close.
-    // (While there shouldn’t be any existing connections and while the likelihood of someone
-    // trying to denial-of-service this very low, it’s still the right thing to do.)
-    enableDestroy(this.server)
   }
 
   set challengeServer (state) {
     if (state) {
       log(`   🔒    ❨auto-encrypt❩ HTTP server is now only responding to Let’s Encrypt challenges.`)
     } else {
-      log(`   🔒    ❨auto-encrypt❩ HTTP server is now forwarding HTTP requests to HTTPS (302).`)
+      log(`   🔒    ❨auto-encrypt❩ HTTP server is now forwarding HTTP requests to HTTPS (307).`)
     }
     this.#isChallengeServer = state
   }
@@ -156,16 +150,16 @@ export default class HttpServer {
 
   async destroy () {
     // Starts killing all connections and closes the server.
-    this.server.destroy()
+    this.server.closeAllConnections()
 
-    // Wait until the server is closed before returning.
     await new Promise((resolve, reject) => {
-      this.server.on('close', () => {
+      this.server.close(error => {
+        if (error) {
+          console.error(error)
+          reject(error)
+        }
         resolve()
       })
-      this.server.on('error', (error) => {
-        reject(error)
-      })
     })
   }
 }

package/lib/test-helpers/index.js

@@ -8,7 +8,6 @@ import fs from 'fs'
 import os from 'os'
 import path from 'path'
 import http from 'http'
-import enableServerDestroy from 'server-destroy'
 import Configuration from '../Configuration.js'
 import LetsEncryptServer from '../LetsEncryptServer.js'
 import Throws from '../util/Throws.js'
@@ -19,7 +18,7 @@ import log from '../util/log.js'
 //
 
 const throws = new Throws({
-  [Symbol.for('MockServerCouldNotBeStartedError')]: details => `Mock server could not be started (${error})`
+  [Symbol.for('MockServerCouldNotBeStartedError')]: error => `Mock server could not be started (${error})`
 })
 
 export class MockServer {
@@ -45,7 +44,6 @@ export class MockServer {
 
   async create () {
     const server = http.createServer(this.#responseHandler)
-    enableServerDestroy(server)
     this.#server = server
     await new Promise((resolve, reject) => {
       try {
@@ -60,12 +58,21 @@ export class MockServer {
   }
 
   async destroy () {
-    this.#server.destroy()
+    this.#server.closeAllConnections()
+    return new Promise((resolve, reject) => {
+      this.#server.close(error => {
+        if (error) {
+          console.error(error)
+          reject(error)
+        }
+        resolve()
+      })
+    })
   }
 }
 
 export async function httpServerWithResponse (mockResponse) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve, _reject) => {
     const server = http.createServer((request, response) => {
       response.statusCode = mockResponse.statusCode
       response.end(mockResponse.body)

package/package.json

@@ -1,7 +1,10 @@
 {
   "name": "@small-tech/auto-encrypt",
-  "version": "3.1.0",
+  "version": "4.0.0",
   "description": "Adds automatic provisioning and renewal of Let’s Encrypt TLS certificates with OCSP Stapling to Node.js https servers (including Express.js, etc.)",
+  "engines": {
+    "node": ">=18.2.0"
+  },
   "keywords": [
     "let's encrypt",
     "acme",
@@ -10,6 +13,7 @@
     "tls",
     "auto encrypt",
     "small tech",
+    "small web",
     "automatic"
   ],
   "author": {
@@ -60,24 +64,20 @@
     ]
   },
   "dependencies": {
-    "bent": "aral/bent#errors-with-response-headers",
+    "bent": "^7.3.12",
     "encodeurl": "^1.0.2",
-    "jose": "^1.24.0",
-    "moment": "^2.24.0",
+    "jose": "^1.28.2",
+    "moment": "^2.29.4",
     "node-forge": "^1.3.1",
-    "ocsp": "^1.2.0",
-    "server-destroy": "^1.0.1"
+    "ocsp": "^1.2.0"
   },
   "devDependencies": {
     "@small-tech/esm-tape-runner": "^1.0.3",
     "@small-tech/node-pebble": "^4.2.4",
     "@small-tech/tap-monkey": "^1.3.0",
-    "c8": "^7.11.3",
-    "dependency-cruiser": "^9.15.1",
-    "esbuild": "^0.8.53",
-    "jsdoc": "^3.6.6",
+    "c8": "^7.12.0",
+    "dependency-cruiser": "^12.3.0",
     "jsdoc-to-markdown": "^6.0.1",
-    "tape": "^5.2.1",
-    "wtfnode": "^0.8.1"
+    "tape": "^5.2.1"
   }
 }