npm - roster-server - Versions diffs - 2.1.2 → 2.1.6 - Mend

roster-server 2.1.2 → 2.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js +50 -11
package/package.json +1 -1
package/test/roster-server.test.js +35 -1

package/index.js CHANGED Viewed

@@ -47,6 +47,45 @@ function hostMatchesWildcard(host, pattern) {
     return h.endsWith('.' + suffix) && h.length > suffix.length;
 }
+function wildcardSubjectForHost(host) {
+    const normalized = (host || '').trim().toLowerCase();
+    const labels = normalized.split('.').filter(Boolean);
+    if (labels.length < 3) return null;
+    return `*.${labels.slice(1).join('.')}`;
+}
+function certDirCandidatesForSubject(subject) {
+    const normalized = (subject || '').trim().toLowerCase();
+    if (!normalized) return [];
+    if (!normalized.startsWith('*.')) return [normalized];
+    const zone = wildcardRoot(normalized);
+    if (!zone) return [normalized];
+    // greenlock-store-fs may persist wildcard subjects under _wildcard_.<zone>
+    return [normalized, `_wildcard_.${zone}`];
+}
+function buildCertLookupCandidates(servername) {
+    const normalized = (servername || '').trim().toLowerCase();
+    if (!normalized) return [];
+    const subjects = [normalized];
+    const wildcardSubject = wildcardSubjectForHost(normalized);
+    if (wildcardSubject) subjects.push(wildcardSubject);
+    const zoneSubject = wildcardRoot(normalized) || (wildcardSubject ? wildcardRoot(wildcardSubject) : null);
+    if (zoneSubject) subjects.push(zoneSubject);
+    const candidates = [];
+    const seen = new Set();
+    for (const subject of subjects) {
+        for (const certDir of certDirCandidatesForSubject(subject)) {
+            if (seen.has(certDir)) continue;
+            seen.add(certDir);
+            candidates.push(certDir);
+        }
+    }
+    return candidates;
+}
 // Virtual Server that completely isolates applications
 class VirtualServer extends EventEmitter {
     constructor(domain) {
@@ -777,16 +816,15 @@ class Roster {
                     }
                     return null;
                 };
-                const zoneSubjectForHost = (servername) => {
-                    const host = normalizeHostInput(servername).trim().toLowerCase();
-                    const labels = host.split('.').filter(Boolean);
-                    if (labels.length < 3) return null;
-                    return labels.slice(1).join('.');
-                };
                 const resolvePemsForServername = (servername) => {
                     const host = normalizeHostInput(servername).trim().toLowerCase();
                     if (!host) return null;
-                    return loadCert(host) || loadCert(zoneSubjectForHost(host));
+                    const candidates = buildCertLookupCandidates(host);
+                    for (const candidate of candidates) {
+                        const pems = loadCert(candidate);
+                        if (pems) return pems;
+                    }
+                    return null;
                 };
                 if (portNum === this.defaultPort) {
@@ -799,8 +837,7 @@ class Roster {
                     if (isBunRuntime) {
                         const primaryDomain = Object.keys(portData.virtualServers)[0];
                         // Greenlock stores certs by subject (e.g. tagnu.com), not by wildcard (*.tagnu.com)
-                        const certSubject = primaryDomain.startsWith('*.') ? wildcardRoot(primaryDomain) : primaryDomain;
-                        const defaultPems = resolvePemsForServername(certSubject);
+                        const defaultPems = resolvePemsForServername(primaryDomain);
                         if (defaultPems) {
                             httpsServer = https.createServer({
@@ -818,7 +855,7 @@ class Roster {
                             }, dispatcher);
                             log.warn(`⚠️  Bun runtime detected: using file-based TLS with SNI for ${primaryDomain} on port ${portNum}`);
                         } else {
-                            log.warn(`⚠️  Bun runtime detected but cert files missing for ${certSubject} (${primaryDomain}); falling back to Greenlock HTTPS server`);
+                            log.warn(`⚠️  Bun runtime detected but cert files missing for ${primaryDomain}; falling back to Greenlock HTTPS server`);
                             httpsServer = glx.httpsServer(tlsOpts, dispatcher);
                         }
                     } else {
@@ -885,4 +922,6 @@ class Roster {
 module.exports = Roster;
 module.exports.wildcardRoot = wildcardRoot;
-module.exports.hostMatchesWildcard = hostMatchesWildcard;
+module.exports.hostMatchesWildcard = hostMatchesWildcard;
+module.exports.wildcardSubjectForHost = wildcardSubjectForHost;
+module.exports.buildCertLookupCandidates = buildCertLookupCandidates;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "roster-server",
-    "version": "2.1.2",
+    "version": "2.1.6",
     "description": "👾 RosterServer - A domain host router to host multiple HTTPS.",
     "main": "index.js",
     "scripts": {

package/test/roster-server.test.js CHANGED Viewed

@@ -7,7 +7,12 @@ const fs = require('fs');
 const http = require('http');
 const os = require('os');
 const Roster = require('../index.js');
-const { wildcardRoot, hostMatchesWildcard } = require('../index.js');
+const {
+    wildcardRoot,
+    hostMatchesWildcard,
+    wildcardSubjectForHost,
+    buildCertLookupCandidates
+} = require('../index.js');
 function closePortServers(roster) {
     if (roster.portServers && typeof roster.portServers === 'object') {
@@ -75,6 +80,35 @@ describe('hostMatchesWildcard', () => {
     });
 });
+describe('wildcardSubjectForHost', () => {
+    it('returns wildcard subject for subdomain hosts', () => {
+        assert.strictEqual(wildcardSubjectForHost('admin.tagnu.com'), '*.tagnu.com');
+        assert.strictEqual(wildcardSubjectForHost('api.eu.example.com'), '*.eu.example.com');
+    });
+    it('returns null for apex hosts', () => {
+        assert.strictEqual(wildcardSubjectForHost('tagnu.com'), null);
+        assert.strictEqual(wildcardSubjectForHost('localhost'), null);
+    });
+});
+describe('buildCertLookupCandidates', () => {
+    it('prioritizes wildcard cert for subdomains and includes apex fallback', () => {
+        assert.deepStrictEqual(
+            buildCertLookupCandidates('admin.tagnu.com'),
+            ['admin.tagnu.com', '*.tagnu.com', '_wildcard_.tagnu.com', 'tagnu.com']
+        );
+    });
+    it('includes wildcard storage path candidates when wildcard subject is provided', () => {
+        assert.deepStrictEqual(
+            buildCertLookupCandidates('*.tagnu.com'),
+            ['*.tagnu.com', '_wildcard_.tagnu.com', 'tagnu.com']
+        );
+    });
+    it('returns only apex subject for apex hosts', () => {
+        assert.deepStrictEqual(buildCertLookupCandidates('tagnu.com'), ['tagnu.com']);
+    });
+});
 describe('Roster', () => {
     describe('parseDomainWithPort', () => {
         it('parses *.example.com with default port', () => {