roster-server 1.9.8 → 2.0.0

package/vendor/greenlock-express/sni.js

@@ -0,0 +1,215 @@
+"use strict";
+
+var sni = module.exports;
+var tls = require("tls");
+var servernameRe = /^[a-z0-9\.\-]+$/i;
+
+// a nice, round, irrational number - about every 6¼ hours
+var refreshOffset = Math.round(Math.PI * 2 * (60 * 60 * 1000));
+// and another, about 15 minutes
+var refreshStagger = Math.round(Math.PI * 5 * (60 * 1000));
+// and another, about 30 seconds
+var smallStagger = Math.round(Math.PI * (30 * 1000));
+
+//secureOpts.SNICallback = sni.create(greenlock, secureOpts);
+sni.create = function(greenlock, secureOpts) {
+    var _cache = {};
+    var defaultServername = greenlock.servername || "";
+
+    if (secureOpts.cert) {
+        // Note: it's fine if greenlock.servername is undefined,
+        // but if the caller wants this to auto-renew, they should define it
+        _cache[defaultServername] = {
+            refreshAt: 0,
+            secureContext: tls.createSecureContext(secureOpts)
+        };
+    }
+
+    return getSecureContext;
+
+    function notify(ev, args) {
+        try {
+            // TODO _notify() or notify()?
+            (greenlock.notify || greenlock._notify)(ev, args);
+        } catch (e) {
+            console.error(e);
+            console.error(ev, args);
+        }
+    }
+
+    function getSecureContext(servername, cb) {
+        //console.log("debug sni", servername);
+        if ("string" !== typeof servername) {
+            // this will never happen... right? but stranger things have...
+            console.error("[sanity fail] non-string servername:", servername);
+            cb(new Error("invalid servername"), null);
+            return;
+        }
+
+        var secureContext = getCachedContext(servername);
+        if (secureContext) {
+            //console.log("debug sni got cached context", servername, getCachedMeta(servername));
+            cb(null, secureContext);
+            return;
+        }
+
+        getFreshContext(servername)
+            .then(function(secureContext) {
+                if (secureContext) {
+                    //console.log("debug sni got fresh context", servername, getCachedMeta(servername));
+                    cb(null, secureContext);
+                    return;
+                }
+
+                // Note: this does not replace tlsSocket.setSecureContext()
+                // as it only works when SNI has been sent
+                //console.log("debug sni got default context", servername, getCachedMeta(servername));
+                if (!/PROD/.test(process.env.ENV) || /DEV|STAG/.test(process.env.ENV)) {
+                    // Change this once
+                    // A) the 'notify' message passing is verified fixed in cluster mode
+                    // B) we have a good way to let people know their server isn't configured
+                    console.debug("debug: ignoring servername " + JSON.stringify(servername));
+                    console.debug("       (it's probably either missing from your config, or a bot)");
+                    notify("servername_unknown", {
+                        servername: servername
+                    });
+                }
+                cb(null, getDefaultContext());
+            })
+            .catch(function(err) {
+                if (!err.context) {
+                    err.context = "sni_callback";
+                }
+                notify("error", err);
+                //console.log("debug sni error", servername, err);
+                cb(err);
+            });
+    }
+
+    function getCachedMeta(servername) {
+        var meta = _cache[servername];
+        if (!meta) {
+            if (!_cache[wildname(servername)]) {
+                return null;
+            }
+        }
+        return meta;
+    }
+
+    function getCachedContext(servername) {
+        var meta = getCachedMeta(servername);
+        if (!meta) {
+            return null;
+        }
+
+        // always renew in background
+        if (!meta.refreshAt || Date.now() >= meta.refreshAt) {
+            getFreshContext(servername).catch(function(e) {
+                if (!e.context) {
+                    e.context = "sni_background_refresh";
+                }
+                notify("error", e);
+            });
+        }
+
+        // under normal circumstances this would never be expired
+        // and, if it is expired, something is so wrong it's probably
+        // not worth wating for the renewal - it has probably failed
+        return meta.secureContext;
+    }
+
+    function getFreshContext(servername) {
+        var meta = getCachedMeta(servername);
+        if (!meta && !validServername(servername)) {
+            if ((servername && !/PROD/.test(process.env.ENV)) || /DEV|STAG/.test(process.env.ENV)) {
+                // Change this once
+                // A) the 'notify' message passing is verified fixed in cluster mode
+                // B) we have a good way to let people know their server isn't configured
+                console.debug("debug: invalid servername " + JSON.stringify(servername));
+                console.debug("       (it's probably just a bot trolling for vulnerable servers)");
+                notify("servername_invalid", {
+                    servername: servername
+                });
+            }
+            return Promise.resolve(null);
+        }
+
+        if (meta) {
+            // prevent stampedes
+            meta.refreshAt = Date.now() + randomRefreshOffset();
+        }
+
+        // TODO don't get unknown certs at all, rely on auto-updates from greenlock
+        // Note: greenlock.get() will return an existing fresh cert or issue a new one
+        return greenlock.get({ servername: servername }).then(function(result) {
+            var meta = getCachedMeta(servername);
+            if (!meta) {
+                meta = _cache[servername] = { secureContext: { _valid: false } };
+            }
+            // prevent from being punked by bot trolls
+            meta.refreshAt = Date.now() + smallStagger;
+
+            // nothing to do
+            if (!result) {
+                return null;
+            }
+
+            // we only care about the first one
+            var pems = result.pems;
+            var site = result.site;
+            if (!pems || !pems.cert) {
+                // nothing to do
+                // (and the error should have been reported already)
+                return null;
+            }
+
+            meta = {
+                refreshAt: Date.now() + randomRefreshOffset(),
+                secureContext: tls.createSecureContext({
+                    // TODO support passphrase-protected privkeys
+                    key: pems.privkey,
+                    cert: pems.cert + "\n" + pems.chain + "\n"
+                })
+            };
+            meta.secureContext._valid = true;
+
+            // copy this same object into every place
+            (result.altnames || site.altnames || [result.subject || site.subject]).forEach(function(altname) {
+                _cache[altname] = meta;
+            });
+
+            return meta.secureContext;
+        });
+    }
+
+    function getDefaultContext() {
+        return getCachedContext(defaultServername);
+    }
+};
+
+// whenever we need to know when to refresh next
+function randomRefreshOffset() {
+    var stagger = Math.round(refreshStagger / 2) - Math.round(Math.random() * refreshStagger);
+    return refreshOffset + stagger;
+}
+
+function validServername(servername) {
+    // format and (lightly) sanitize sni so that users can be naive
+    // and not have to worry about SQL injection or fs discovery
+
+    servername = (servername || "").toLowerCase();
+    // hostname labels allow a-z, 0-9, -, and are separated by dots
+    // _ is sometimes allowed, but not as a "hostname", and not by Let's Encrypt ACME
+    // REGEX // https://www.codeproject.com/Questions/1063023/alphanumeric-validation-javascript-without-regex
+    return servernameRe.test(servername) && -1 === servername.indexOf("..");
+}
+
+function wildname(servername) {
+    return (
+        "*." +
+        servername
+            .split(".")
+            .slice(1)
+            .join(".")
+    );
+}

package/vendor/greenlock-express/worker.js

@@ -0,0 +1,73 @@
+"use strict";
+
+var Worker = module.exports;
+// *very* generous, but well below the http norm of 120
+var messageTimeout = 30 * 1000;
+var msgPrefix = "greenlock:";
+
+Worker.create = function() {
+    var greenlock = {};
+    ["getAcmeHttp01ChallengeResponse", "get", "notify", "_notify"].forEach(function(k) {
+        greenlock[k] = function(args) {
+            return rpc(k, args);
+        };
+    });
+
+    var worker = {
+        ready: function(fn) {
+            var servers = require("./servers.js").create(greenlock);
+            fn(servers);
+            return worker;
+        },
+        master: function() {
+            // ignore
+            return worker;
+        },
+        serve: function(fn) {
+            // keeping backwards compat
+            if (1 === fn.length) {
+                worker.ready(fn);
+                return;
+            }
+            // serving the express app, right away
+            worker.ready(function(glx) {
+                glx.serveApp(fn);
+            });
+        }
+    };
+    return worker;
+};
+
+function rpc(funcname, msg) {
+    return new Promise(function(resolve, reject) {
+        var rnd = Math.random()
+            .toString()
+            .slice(2)
+            .toString(16);
+        var id = msgPrefix + rnd;
+        var timeout;
+
+        function getResponse(msg) {
+            if (msg._id !== id) {
+                return;
+            }
+            process.removeListener("message", getResponse);
+            clearTimeout(timeout);
+            resolve(msg._result);
+        }
+
+        // TODO keep a single listener than just responds
+        // via a collection of callbacks? or leave as is?
+        process.on("message", getResponse);
+        process.send({
+            _id: id,
+            _funcname: funcname,
+            _input: msg
+        });
+
+        timeout = setTimeout(function() {
+            process.removeListener("message", getResponse);
+            reject(new Error("worker rpc request timeout"));
+        }, messageTimeout);
+    });
+}