roster-server 1.9.6 → 2.0.0

package/vendor/greenlock-express/http-middleware.js

@@ -0,0 +1,154 @@
+"use strict";
+
+var HttpMiddleware = module.exports;
+var servernameRe = /^[a-z0-9\.\-]+$/i;
+var challengePrefix = "/.well-known/acme-challenge/";
+
+HttpMiddleware.create = function(gl, defaultApp) {
+    if (defaultApp && "function" !== typeof defaultApp) {
+        throw new Error("use greenlock.httpMiddleware() or greenlock.httpMiddleware(function (req, res) {})");
+    }
+
+    return function(req, res, next) {
+        var hostname = HttpMiddleware.sanitizeHostname(req);
+
+        req.on("error", function(err) {
+            explainError(gl, err, "http_01_middleware_socket", hostname);
+        });
+
+        // Skip unless the path begins with /.well-known/acme-challenge/
+        if (!hostname || 0 !== req.url.indexOf(challengePrefix)) {
+            skipChallenge(req, res, next, defaultApp);
+            return;
+        }
+
+        // HEADERS SENT DEBUG NOTE #2
+        // at this point, it's most likely Let's Encrypt server
+        // (or greenlock itself) performing the verification process
+        // Hmmm... perhaps we should change the greenlock prefix to test
+        // Anyway, we just got fast the first place where we could
+        // be sending headers.
+
+        var token = req.url.slice(challengePrefix.length);
+
+        var done = false;
+        var countA = 0;
+        var countB = 0;
+        gl.getAcmeHttp01ChallengeResponse({ type: "http-01", servername: hostname, token: token })
+            .catch(function(err) {
+                countA += 1;
+                // HEADERS SENT DEBUG NOTE #3
+                // This is the second possible time we could be sending headers
+                respondToError(gl, res, err, "http_01_middleware_challenge_response", hostname);
+                done = true;
+                return { __done: true };
+            })
+            .then(function(result) {
+                countB += 1;
+                if (result && result.__done) {
+                    return;
+                }
+                if (done) {
+                    console.error("Sanity check fail: `done` is in a quantum state of both true and false... huh?");
+                    return;
+                }
+                // HEADERS SENT DEBUG NOTE #4b
+                // This is the third/fourth possible time send headers
+                return respondWithGrace(res, result, hostname, token);
+            })
+            .catch(function(err) {
+                // HEADERS SENT DEBUG NOTE #5
+                // I really don't see how this can be possible.
+                // Every case appears to be accounted for
+                console.error();
+                console.error("[warning] Developer Error:" + (err.code || err.context || ""), countA, countB);
+                console.error(err.stack);
+                console.error();
+                console.error(
+                    "This is probably the error that happens routinely on http2 connections, but we're not sure why."
+                );
+                console.error("To track the status or help contribute,");
+                console.error("visit: https://git.rootprojects.org/root/greenlock-express.js/issues/9");
+                console.error();
+                try {
+                    res.end("Internal Server Error [1003]: See logs for details.");
+                } catch (e) {
+                    // ignore
+                }
+            });
+    };
+};
+
+function skipChallenge(req, res, next, defaultApp) {
+    if ("function" === typeof defaultApp) {
+        defaultApp(req, res, next);
+    } else if ("function" === typeof next) {
+        next();
+    } else {
+        res.statusCode = 500;
+        res.end("[500] Developer Error: app.use('/', greenlock.httpMiddleware()) or greenlock.httpMiddleware(app)");
+    }
+}
+
+function respondWithGrace(res, result, hostname, token) {
+    var keyAuth = result && result.keyAuthorization;
+
+    // HEADERS SENT DEBUG NOTE #4b
+    // This is (still) the third/fourth possible time we could be sending headers
+    if (keyAuth && "string" === typeof keyAuth) {
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.end(keyAuth);
+        return;
+    }
+
+    res.statusCode = 404;
+    res.setHeader("Content-Type", "application/json; charset=utf-8");
+    res.end(JSON.stringify({ error: { message: "domain '" + hostname + "' has no token '" + token + "'." } }));
+}
+
+function explainError(gl, err, ctx, hostname) {
+    if (!err.servername) {
+        err.servername = hostname;
+    }
+    if (!err.context) {
+        err.context = ctx;
+    }
+    // leaving this in the build for now because it will help with existing error reports
+    console.error("[warning] network connection error:", (err.context || "") + " " + err.message);
+    (gl.notify || gl._notify)("error", err);
+    return err;
+}
+
+function respondToError(gl, res, err, ctx, hostname) {
+    // HEADERS SENT DEBUG NOTE #3b
+    // This is (still) the second possible time we could be sending headers
+    err = explainError(gl, err, ctx, hostname);
+    res.statusCode = 500;
+    res.end("Internal Server Error [1004]: See logs for details.");
+}
+
+HttpMiddleware.getHostname = function(req) {
+    return req.hostname || req.headers["x-forwarded-host"] || (req.headers.host || "");
+};
+HttpMiddleware.sanitizeHostname = function(req) {
+    // we can trust XFH because spoofing causes no ham in this limited use-case scenario
+    // (and only telebit would be legitimately setting XFH)
+    var servername = HttpMiddleware.getHostname(req)
+        .toLowerCase()
+        .replace(/:.*/, "");
+    try {
+        req.hostname = servername;
+    } catch (e) {
+        // read-only express property
+    }
+    if (req.headers["x-forwarded-host"]) {
+        req.headers["x-forwarded-host"] = servername;
+    }
+    try {
+        req.headers.host = servername;
+    } catch (e) {
+        // TODO is this a possible error?
+    }
+
+    return (servernameRe.test(servername) && -1 === servername.indexOf("..") && servername) || "";
+};

package/vendor/greenlock-express/https-middleware.js

@@ -0,0 +1,139 @@
+"use strict";
+
+var SanitizeHost = module.exports;
+var HttpMiddleware = require("./http-middleware.js");
+
+SanitizeHost.create = function(gl, app) {
+    return function(req, res, next) {
+        function realNext() {
+            if ("function" === typeof app) {
+                app(req, res);
+            } else if ("function" === typeof next) {
+                next();
+            } else {
+                res.statusCode = 500;
+                res.end("Error: no middleware assigned");
+            }
+        }
+
+        var hostname = HttpMiddleware.getHostname(req);
+        // Replace the hostname, and get the safe version
+        var safehost = HttpMiddleware.sanitizeHostname(req);
+
+        // if no hostname, move along
+        if (!hostname) {
+            realNext();
+            return;
+        }
+
+        // if there were unallowed characters, complain
+        if (safehost.length !== hostname.length) {
+            res.statusCode = 400;
+            res.end("Malformed HTTP Header: 'Host: " + hostname + "'");
+            return;
+        }
+
+        // Note: This sanitize function is also called on plain sockets, which don't need Domain Fronting checks
+        if (req.socket.encrypted) {
+            if (req.socket && "string" === typeof req.socket.servername) {
+                // Workaround for https://github.com/nodejs/node/issues/22389
+                if (!SanitizeHost._checkServername(safehost, req.socket)) {
+                    res.statusCode = 400;
+                    res.setHeader("Content-Type", "text/html; charset=utf-8");
+                    res.end(
+                        "<h1>Domain Fronting Error</h1>" +
+                            "<p>This connection was secured using TLS/SSL for '" +
+                            (req.socket.servername || "").toLowerCase() +
+                            "'</p>" +
+                            "<p>The HTTP request specified 'Host: " +
+                            safehost +
+                            "', which is (obviously) different.</p>" +
+                            "<p>Because this looks like a domain fronting attack, the connection has been terminated.</p>"
+                    );
+                    return;
+                }
+            }
+            /*
+      else if (safehost && !gl._skip_fronting_check) {
+
+				// We used to print a log message here, but it turns out that it's
+				// really common for IoT devices to not use SNI (as well as many bots
+				// and such).
+				// It was common for the log message to pop up as the first request
+				// to the server, and that was confusing. So instead now we do nothing.
+
+				//console.warn("no string for req.socket.servername," + " skipping fronting check for '" + safehost + "'");
+				//gl._skip_fronting_check = true;
+			}
+      */
+        }
+
+        // carry on
+        realNext();
+    };
+};
+
+var warnDomainFronting = true;
+var warnUnexpectedError = true;
+SanitizeHost._checkServername = function(safeHost, tlsSocket) {
+    var servername = (tlsSocket.servername || "").toLowerCase();
+
+    // acceptable: older IoT devices may lack SNI support
+    if (!servername) {
+        return true;
+    }
+    // acceptable: odd... but acceptable
+    if (!safeHost) {
+        return true;
+    }
+    if (safeHost === servername) {
+        return true;
+    }
+
+    if ("function" !== typeof tlsSocket.getCertificate) {
+        // domain fronting attacks allowed
+        if (warnDomainFronting) {
+            // https://github.com/nodejs/node/issues/24095
+            console.warn(
+                "Warning: node " +
+                    process.version +
+                    " is vulnerable to domain fronting attacks. Please use node v11.2.0 or greater."
+            );
+            warnDomainFronting = false;
+        }
+        return true;
+    }
+
+    // connection established with servername and session is re-used for allowed name
+    // See https://github.com/nodejs/node/issues/24095
+    var cert = tlsSocket.getCertificate();
+    try {
+        // TODO optimize / cache?
+        // *should* always have a string, right?
+        // *should* always be lowercase already, right?
+        //console.log(safeHost, cert.subject.CN, cert.subjectaltname);
+        var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
+        if (isSubject) {
+            return true;
+        }
+
+        var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
+        var inSanList = dnsnames.some(function(name) {
+            // always prefixed with "DNS:"
+            return safeHost === name.slice(4).toLowerCase();
+        });
+
+        if (inSanList) {
+            return true;
+        }
+    } catch (e) {
+        // not sure what else to do in this situation...
+        if (warnUnexpectedError) {
+            console.warn("Warning: encoutered error while performing domain fronting check: " + e.message);
+            warnUnexpectedError = false;
+        }
+        return true;
+    }
+
+    return false;
+};

package/vendor/greenlock-express/install.sh

@@ -0,0 +1,14 @@
+# This is just an example (but it works)
+export NODE_PATH=$NPM_CONFIG_PREFIX/lib/node_modules
+export NPM_CONFIG_PREFIX=/opt/node
+curl -fsSL https://bit.ly/node-installer | bash
+
+/opt/node/bin/node /opt/node/bin/npm config set scripts-prepend-node-path true
+/opt/node/bin/node /opt/node/bin/npm ci
+sudo setcap 'cap_net_bind_service=+ep' /opt/node/bin/node
+/opt/node/bin/node /opt/node/bin/npm start
+
+sudo rsync -av dist/etc/systemd/system/greenlock-express.service /etc/systemd/system/
+sudo systemctl daemon-reload
+
+sudo systemctl restart greenlock-express

package/vendor/greenlock-express/lib/compat.js

@@ -0,0 +1,37 @@
+"use strict";
+
+function requireBluebird() {
+    try {
+        return require("bluebird");
+    } catch (e) {
+        console.error("");
+        console.error("DON'T PANIC. You're running an old version of node with incomplete Promise support.");
+        console.error("EASY FIX: `npm install --save bluebird`");
+        console.error("");
+        throw e;
+    }
+}
+
+if ("undefined" === typeof Promise) {
+    global.Promise = requireBluebird();
+}
+
+if ("function" !== typeof require("util").promisify) {
+    require("util").promisify = requireBluebird().promisify;
+}
+
+if (!console.debug) {
+    console.debug = console.log;
+}
+
+var fs = require("fs");
+var fsAsync = {};
+Object.keys(fs).forEach(function(key) {
+    var fn = fs[key];
+    if ("function" !== typeof fn || !/[a-z]/.test(key[0])) {
+        return;
+    }
+    fsAsync[key] = require("util").promisify(fn);
+});
+
+exports.fsAsync = fsAsync;

package/vendor/greenlock-express/main.js

@@ -0,0 +1,32 @@
+"use strict";
+
+// this is the stuff that should run in the main foreground process,
+// whether it's single or master
+
+var major = parseInt(process.versions.node.split(".")[0], 10);
+var minor = parseInt(process.versions.node.split(".")[1], 10) || 0;
+var _hasSetSecureContext = false;
+var shouldUpgrade = false;
+
+// this applies to http2 as well (should exist in both or neither)
+_hasSetSecureContext = major > 11 || (major === 11 && minor >= 2);
+
+// TODO document in issues
+if (!_hasSetSecureContext) {
+    // TODO this isn't necessary if greenlock options are set with options.cert
+    console.warn("Warning: node " + process.version + " is missing tlsSocket.setSecureContext().");
+    console.warn("         The default certificate may not be set.");
+    shouldUpgrade = true;
+}
+
+if (major < 11 || (11 === major && minor < 2)) {
+    // https://github.com/nodejs/node/issues/24095
+    console.warn("Warning: node " + process.version + " is missing tlsSocket.getCertificate().");
+    console.warn("         This is necessary to guard against domain fronting attacks.");
+    shouldUpgrade = true;
+}
+
+if (shouldUpgrade) {
+    console.warn("Warning: Please upgrade to node v11.2.0 or greater.");
+    console.warn();
+}

package/vendor/greenlock-express/master.js

@@ -0,0 +1,164 @@
+"use strict";
+
+require("./main.js");
+
+var Master = module.exports;
+
+var cluster = require("cluster");
+var os = require("os");
+var msgPrefix = "greenlock:";
+
+Master.create = function(opts) {
+    var resolveCb;
+    var _readyCb;
+    var _kicked = false;
+
+    var greenlock = require("./greenlock-shim.js").create(opts);
+
+    var ready = new Promise(function(resolve) {
+        resolveCb = resolve;
+    }).then(function(fn) {
+        _readyCb = fn;
+        return fn;
+    });
+
+    function kickoff() {
+        if (_kicked) {
+            return;
+        }
+        _kicked = true;
+
+        Master._spawnWorkers(opts, greenlock);
+
+        ready.then(function(fn) {
+            // not sure what this API should be yet
+            fn();
+        });
+    }
+
+    var master = {
+        ready: function() {
+            kickoff();
+            return master;
+        },
+        master: function(fn) {
+            if (_readyCb) {
+                throw new Error("can't call master twice");
+            }
+            kickoff();
+            resolveCb(fn);
+            return master;
+        },
+        serve: function(fn) {
+            // ignore
+            master.ready(fn);
+        }
+    };
+    return master;
+};
+
+function range(n) {
+    n = parseInt(n, 10);
+    if (!n) {
+        return [];
+    }
+    return new Array(n).join(",").split(",");
+}
+
+Master._spawnWorkers = function(opts, greenlock) {
+    var numCpus = parseInt(process.env.NUMBER_OF_PROCESSORS, 10) || os.cpus().length;
+
+    // process rpc messages
+    // start when dead
+    var numWorkers = parseInt(opts.workers || opts.numWorkers, 10);
+    if (!numWorkers) {
+        if (numCpus <= 2) {
+            numWorkers = 2;
+        } else {
+            numWorkers = numCpus - 1;
+        }
+    }
+
+    cluster.once("exit", function() {
+        setTimeout(function() {
+            process.exit(3);
+        }, 100);
+    });
+
+    var workers = range(numWorkers);
+    function next() {
+        if (!workers.length) {
+            return;
+        }
+        workers.pop();
+
+        // for a nice aesthetic
+        setTimeout(function() {
+            Master._spawnWorker(opts, greenlock);
+            next();
+        }, 250);
+    }
+
+    next();
+};
+
+Master._spawnWorker = function(opts, greenlock) {
+    var w = cluster.fork();
+    // automatically added to master's `cluster.workers`
+    w.once("exit", function(code, signal) {
+        // TODO handle failures
+        // Should test if the first starts successfully
+        // Should exit if failures happen too quickly
+
+        // For now just kill all when any die
+        if (signal) {
+            console.error("worker was killed by signal:", signal);
+        } else if (code !== 0) {
+            console.error("worker exited with error code:", code);
+        } else {
+            console.error("worker unexpectedly quit without exit code or signal");
+        }
+        process.exit(2);
+
+        //addWorker();
+    });
+
+    function handleMessage(msg) {
+        if (0 !== (msg._id || "").indexOf(msgPrefix)) {
+            return;
+        }
+        if ("string" !== typeof msg._funcname) {
+            // TODO developer error
+            return;
+        }
+
+        function rpc() {
+            return greenlock[msg._funcname](msg._input)
+                .then(function(result) {
+                    w.send({
+                        _id: msg._id,
+                        _result: result
+                    });
+                })
+                .catch(function(e) {
+                    var error = new Error(e.message);
+                    Object.getOwnPropertyNames(e).forEach(function(k) {
+                        error[k] = e[k];
+                    });
+                    w.send({
+                        _id: msg._id,
+                        _error: error
+                    });
+                });
+        }
+
+        try {
+            rpc();
+        } catch (e) {
+            console.error("Unexpected and uncaught greenlock." + msg._funcname + " error:");
+            console.error(e);
+        }
+    }
+
+    w.on("message", handleMessage);
+};