querysub 0.490.0 → 0.491.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -28,7 +28,8 @@
28
28
  "Bash(yarn ssh-a-claude *)",
29
29
  "WebSearch",
30
30
  "WebFetch(domain:blog.cloudflare.com)",
31
- "WebFetch(domain:developers.cloudflare.com)"
31
+ "WebFetch(domain:developers.cloudflare.com)",
32
+ "PowerShell(yarn type *)"
32
33
  ]
33
34
  }
34
35
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "querysub",
3
- "version": "0.490.0",
3
+ "version": "0.491.0",
4
4
  "main": "index.js",
5
5
  "license": "MIT",
6
6
  "note1": "note on node-forge fork, see https://github.com/digitalbazaar/forge/issues/744 for details",
@@ -1,5 +1,6 @@
1
1
  import acme from "acme-client";
2
- import { generateRSAKeyPair, parseCert, privateKeyToPem } from "sliftutils/misc/https/certs";
2
+ import crypto from "crypto";
3
+ import { parseCert } from "sliftutils/misc/https/certs";
3
4
  import { cache, lazy } from "socket-function/src/caching";
4
5
  import { hasDNSWritePermissions, setRecord } from "../-b-authorities/dnsAuthority";
5
6
  import { magenta } from "socket-function/src/formatting/logColors";
@@ -13,6 +14,8 @@ import { timeInMinute } from "socket-function/src/misc";
13
14
  const archives = lazy(() => getArchives(`https_certs_3/`));
14
15
  // Expire EXPIRATION_THRESHOLD% of the way through the certificate's lifetime
15
16
  const EXPIRATION_THRESHOLD = 0.4;
17
+ // Let's Encrypt only accepts RSA or ECDSA account keys (not Ed25519, which is all sliftutils/certs generates).
18
+ const ACCOUNT_KEY_MODULUS_BITS = 2048;
16
19
 
17
20
  export const getHTTPSKeyCert = cache(async (domain: string): Promise<{ key: string; cert: string }> => {
18
21
  if (!await hasDNSWritePermissions()) {
@@ -112,13 +115,20 @@ let getAccountKey: () => string = lazy(() => {
112
115
  let keyCache = accountKeyCache.value;
113
116
  if (!keyCache) {
114
117
  console.log(`Generating new letsencrypt account key`);
115
- const keyPair = generateRSAKeyPair();
116
- keyCache = { key: privateKeyToPem(keyPair.privateKey) };
118
+ keyCache = { key: generateRSAPrivateKeyPem() };
117
119
  accountKeyCache.value = keyCache;
118
120
  }
119
121
  return keyCache.key;
120
122
  });
121
123
 
124
+ function generateRSAPrivateKeyPem(): string {
125
+ return crypto.generateKeyPairSync("rsa", {
126
+ modulusLength: ACCOUNT_KEY_MODULUS_BITS,
127
+ publicKeyEncoding: { type: "spki", format: "pem" },
128
+ privateKeyEncoding: { type: "pkcs8", format: "pem" },
129
+ }).privateKey;
130
+ }
131
+
122
132
  async function generateCert(config: {
123
133
  accountKey: string;
124
134
  domain: string;
@@ -906,7 +906,7 @@ export class Querysub {
906
906
  globalThis.remapImportRequestsClientside = globalThis.remapImportRequestsClientside || [];
907
907
  globalThis.remapImportRequestsClientside.push(async (args) => {
908
908
  try {
909
- let key: typeof identityStorageKey = "machineCA_11";
909
+ let key: typeof identityStorageKey = "machineCA_14";
910
910
  let storageValueJSON = localStorage.getItem(key);
911
911
  if (!storageValueJSON) return args;
912
912
  let storageValue = JSON.parse(storageValueJSON) as IdentityStorageType;
package/tsconfig.json CHANGED
@@ -18,10 +18,23 @@
18
18
  "types": [
19
19
  "node",
20
20
  ],
21
+ "paths": {
22
+ "socket-function": [
23
+ "./node_modules/socket-function"
24
+ ],
25
+ "socket-function/*": [
26
+ "./node_modules/socket-function/*"
27
+ ]
28
+ },
21
29
  "experimentalDecorators": true,
22
30
  "emitDecoratorMetadata": false,
23
31
  "skipLibCheck": true,
24
32
  "inlineSourceMap": true,
25
33
  "inlineSources": true,
26
- }
34
+ },
35
+ "exclude": [
36
+ "node_modules",
37
+ "database-storage",
38
+ "sliftutils"
39
+ ]
27
40
  }