roster-server 2.2.10 → 2.3.0

package/vendor/greenlock/bin/lib/flags.js

@@ -0,0 +1,385 @@
+'use strict';
+
+var Flags = module.exports;
+var log = require('lemonlog')('greenlock-flags');
+
+var pkgRoot = process.cwd();
+//var Init = require('../../lib/init.js');
+
+// These are ALL options
+// The individual CLI files each select a subset of them
+Flags.flags = function(mconf, myOpts) {
+    // Current Manager Config
+    if (!mconf) {
+        mconf = {};
+    }
+
+    // Extra Override Options
+    if (!myOpts) {
+        myOpts = {};
+    }
+
+    return {
+        all: [
+            false,
+            'search all site configs rather than by --subject or --servernames',
+            'boolean'
+        ],
+        'agree-to-terms': [
+            false,
+            "agree to the Let's Encrypts Subscriber Agreement and Greenlock Terms of Use",
+            'boolean'
+        ],
+        subject: [
+            false,
+            'the "subject" (primary domain) of the certificate',
+            'string'
+        ],
+        altnames: [
+            false,
+            'the "subject alternative names" (additional domains) on the certificate, the first of which MUST be the subject',
+            'string'
+        ],
+        servername: [
+            false,
+            'a name that matches a subject or altname',
+            'string'
+        ],
+        servernames: [
+            false,
+            'a list of names that matches a subject or altname',
+            'string'
+        ],
+        cluster: [false, 'initialize with cluster mode on', 'boolean', false],
+        'renew-offset': [
+            false,
+            "time to wait until renewing the cert such as '45d' (45 days after being issued) or '-3w' (3 weeks before expiration date)",
+            'string',
+            mconf.renewOffset
+        ],
+        'customer-email': [
+            false,
+            "the email address of the owner of the domain or site (not necessarily the Let's Encrypt or ACME subscriber)",
+            'string'
+        ],
+        'subscriber-email': [
+            false,
+            "the email address of the Let's Encrypt or ACME Account subscriber (not necessarily the domain owner)",
+            'string'
+        ],
+        'config-dir': [
+            false,
+            'the directory in which config.json and other config and storage files should be written',
+            'string'
+        ],
+        'maintainer-email': [
+            false,
+            'the maintainance contact for security and critical bug notices',
+            'string'
+        ],
+        'account-key-type': [
+            false,
+            "either 'P-256' (ECDSA) or 'RSA-2048'  - although other values are technically supported, they don't make sense and won't work with many services (More bits != More security)",
+            'string',
+            mconf.accountKeyType
+        ],
+        'server-key-type': [
+            false,
+            "either 'RSA-2048' or 'P-256' (ECDSA) - although other values are technically supported, they don't make sense and won't work with many services (More bits != More security)",
+            'string',
+            mconf.serverKeyType
+        ],
+        store: [
+            false,
+            'the module name or file path of the store module to use',
+            'string'
+            //mconf.store.module
+        ],
+        'store-xxxx': [
+            false,
+            'an option for the chosen store module, such as --store-apikey or --store-bucket',
+            'bag'
+        ],
+        manager: [
+            false,
+            'the module name or file path of the manager module to use',
+            'string',
+            '@greenlock/manager'
+        ],
+        'manager-xxxx': [
+            false,
+            'an option for the chosen manager module, such as --manager-apikey or --manager-dburl',
+            'bag'
+        ],
+        challenge: [
+            false,
+            'the module name or file path of the HTTP-01, DNS-01, or TLS-ALPN-01 challenge module to use',
+            'string',
+            ''
+            /*
+                Object.keys(mconf.challenges)
+                    .map(function(typ) {
+                        return mconf.challenges[typ].module;
+                    })
+                    .join(',')
+                */
+        ],
+        'challenge-xxxx': [
+            false,
+            'an option for the chosen challenge module, such as --challenge-apikey or --challenge-bucket',
+            'bag'
+        ],
+        'challenge-json': [
+            false,
+            'a JSON string containing all option for the chosen challenge module (instead of --challenge-xxxx)',
+            'json',
+            '{}'
+        ],
+        'challenge-http-01': [
+            false,
+            'the module name or file path of the HTTP-01 to add',
+            'string'
+            //(mconf.challenges['http-01'] || {}).module
+        ],
+        'challenge-http-01-xxxx': [
+            false,
+            'an option for the chosen challenge module, such as --challenge-http-01-apikey or --challenge-http-01-bucket',
+            'bag'
+        ],
+        'challenge-dns-01': [
+            false,
+            'the module name or file path of the DNS-01 to add',
+            'string'
+            //(mconf.challenges['dns-01'] || {}).module
+        ],
+        'challenge-dns-01-xxxx': [
+            false,
+            'an option for the chosen challenge module, such as --challenge-dns-01-apikey or --challenge-dns-01-bucket',
+            'bag'
+        ],
+        'challenge-tls-alpn-01': [
+            false,
+            'the module name or file path of the DNS-01 to add',
+            'string'
+            //(mconf.challenges['tls-alpn-01'] || {}).module
+        ],
+        'challenge-tls-alpn-01-xxxx': [
+            false,
+            'an option for the chosen challenge module, such as --challenge-tls-alpn-01-apikey or --challenge-tls-alpn-01-bucket',
+            'bag'
+        ],
+        'force-save': [
+            false,
+            "save all options for this site, even if it's the same as the defaults",
+            'boolean',
+            myOpts.forceSave || false
+        ]
+    };
+};
+
+Flags.init = async function(myOpts) {
+    var Greenlock = require('../../');
+
+    // this is a copy, so it's safe to modify
+    var greenlock = Greenlock.create({
+        packageRoot: pkgRoot,
+        _mustPackage: true,
+        _init: true,
+        _bin_mode: true
+    });
+    var mconf = await greenlock.manager.defaults();
+    var flagOptions = Flags.flags(mconf, myOpts);
+    return {
+        flagOptions,
+        greenlock,
+        mconf
+    };
+};
+
+Flags.mangleFlags = function(flags, mconf, sconf, extras) {
+    if (extras) {
+        if (extras.forceSave) {
+            flags.forceSave = true;
+        }
+    }
+    //console.log('debug a:', flags);
+
+    if ('altnames' in flags) {
+        flags.altnames = (flags.altnames || '').split(/[,\s]+/).filter(Boolean);
+    }
+    if ('servernames' in flags) {
+        flags.servernames = (flags.servernames || '')
+            .split(/[,\s]+/)
+            .filter(Boolean);
+    }
+
+    var store;
+    if (flags.store) {
+        store = flags.storeOpts;
+        store.module = flags.store;
+        flags.store = store;
+    } else {
+        delete flags.store;
+    }
+    delete flags.storeOpts;
+
+    // If this is additive, make an object to hold all values
+    var isAdditive = [
+        ['http-01', 'Http01'],
+        ['dns-01', 'Dns01'],
+        ['tls-alpn-01', 'TlsAlpn01']
+    ].some(function(types) {
+        var typCamel = types[1];
+        var modname = 'challenge' + typCamel;
+        if (flags[modname]) {
+            if (!flags.challenges) {
+                flags.challenges = {};
+            }
+            return true;
+        }
+    });
+    if (isAdditive && sconf) {
+        // copy over the old
+        var schallenges = sconf.challenges || {};
+        Object.keys(schallenges).forEach(function(k) {
+            if (!flags.challenges[k]) {
+                flags.challenges[k] = schallenges[k];
+            }
+        });
+    }
+
+    var typ;
+    var challenge;
+    if (flags.challenge) {
+        // this varient of the flag is exclusive
+        flags.challenges = {};
+        isAdditive = false;
+
+        if (/http-01/.test(flags.challenge)) {
+            typ = 'http-01';
+        } else if (/dns-01/.test(flags.challenge)) {
+            typ = 'dns-01';
+        } else if (/tls-alpn-01/.test(flags.challenge)) {
+            typ = 'tls-alpn-01';
+        }
+
+        var modname = 'challenge';
+        var optsname = 'challengeOpts';
+        challenge = flags[optsname];
+        // JSON may already have module name
+        if (challenge.module) {
+            if (flags[modname] && challenge.module !== flags[modname]) {
+                log.error('Challenge module names do not match: %s vs %s', challenge.module, flags[modname]);
+                process.exit(1);
+            }
+        } else {
+            challenge.module = flags[modname];
+        }
+        flags.challenges[typ] = challenge;
+
+        var chall = mconf.challenges[typ];
+        if (chall && challenge.module === chall.module) {
+            var keys = Object.keys(challenge);
+            var same =
+                !keys.length ||
+                keys.every(function(k) {
+                    return chall[k] === challenge[k];
+                });
+            if (same && !flags.forceSave) {
+                delete flags.challenges;
+            }
+        }
+    }
+    delete flags.challenge;
+    delete flags.challengeOpts;
+
+    // Add each of the values, including the existing
+    [
+        ['http-01', 'Http01'],
+        ['dns-01', 'Dns01'],
+        ['tls-alpn-01', 'TlsAlpn01']
+    ].forEach(function(types) {
+        var typ = types[0];
+        var typCamel = types[1];
+        var modname = 'challenge' + typCamel;
+        var optsname = 'challenge' + typCamel + 'Opts';
+        var chall = mconf.challenges[typ];
+        var challenge = flags[optsname];
+
+        // this variant of the flag is additive
+        if (isAdditive && chall && flags.forceSave) {
+            if (flags.challenges && !flags.challenges[typ]) {
+                flags.challenges[typ] = chall;
+            }
+        }
+
+        if (!flags[modname]) {
+            delete flags[modname];
+            delete flags[optsname];
+            return;
+        }
+
+        // JSON may already have module name
+        if (challenge.module) {
+            if (flags[modname] && challenge.module !== flags[modname]) {
+                log.error('Challenge module names do not match: %s vs %s', challenge.module, flags[modname]);
+                process.exit(1);
+            }
+        } else {
+            challenge.module = flags[modname];
+        }
+        if (flags[modname]) {
+            if (!flags.challenges) {
+                flags.challenges = {};
+            }
+            flags.challenges[typ] = challenge;
+        }
+
+        // Check to see if this is already what's set in the defaults
+        if (chall && challenge.module === chall.module) {
+            var keys = Object.keys(challenge);
+            // Check if all of the options are also the same
+            var same =
+                !keys.length ||
+                keys.every(function(k) {
+                    return chall[k] === challenge[k];
+                });
+            if (same && !flags.forceSave) {
+                // If it's already the global, don't make it the per-site
+                delete flags[modname];
+                delete flags[optsname];
+            }
+        }
+
+        delete flags[modname];
+        delete flags[optsname];
+    });
+
+    [
+        ['accountKeyType', [/256/, /384/, /EC/], 'EC-P256'],
+        ['serverKeyType', [/RSA/], 'RSA-2048']
+    ].forEach(function(k) {
+        var key = k[0];
+        var vals = k[1];
+        var val = flags[key];
+        if (val) {
+            if (
+                !vals.some(function(v) {
+                    return v.test(val);
+                })
+            ) {
+                flags[key] = k[2];
+                log.warn("%s value '%s' not allowed; using default '%s'", key, val, k[2]);
+            }
+        }
+    });
+
+    Object.keys(flags).forEach(function(k) {
+        if (flags[k] === mconf[k] && !flags.forceSave) {
+            delete flags[k];
+        }
+    });
+
+    //console.log('debug z:', flags);
+    delete flags.forceSave;
+};

package/vendor/greenlock/bin/remove.js

@@ -0,0 +1,46 @@
+'use strict';
+
+var log = require('lemonlog')('greenlock-remove');
+var args = process.argv.slice(3);
+var cli = require('./lib/cli.js');
+//var path = require('path');
+//var pkgpath = path.join(__dirname, '..', 'package.json');
+//var pkgpath = path.join(process.cwd(), 'package.json');
+
+var Flags = require('./lib/flags.js');
+
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
+    var myFlags = {};
+    ['subject'].forEach(function(k) {
+        myFlags[k] = flagOptions[k];
+    });
+
+    cli.parse(myFlags);
+    cli.main(function(argList, flags) {
+        Flags.mangleFlags(flags, mconf);
+        main(argList, flags, greenlock);
+    }, args);
+});
+
+async function main(_, flags, greenlock) {
+    if (!flags.subject) {
+        log.error('Provide --subject (valid domain)');
+        process.exit(1);
+        return;
+    }
+
+    greenlock
+        .remove(flags)
+        .catch(function(err) {
+            log.error('Remove failed:', err.message);
+            process.exit(1);
+        })
+        .then(function(site) {
+            if (!site) {
+                log.info('No config found for', flags.subject);
+                process.exit(1);
+                return;
+            }
+            log.info('Deleted config for %s:', flags.subject, site);
+        });
+}

package/vendor/greenlock/bin/tmpl/app.tmpl.js

@@ -0,0 +1,9 @@
+'use strict';
+
+// Here's a vanilla HTTP app to start,
+// but feel free to replace it with Express, Koa, etc
+var app = function(req, res) {
+    res.end('Hello, Encrypted World!');
+};
+
+module.exports = app;

package/vendor/greenlock/bin/tmpl/cluster.tmpl.js

@@ -0,0 +1,30 @@
+'use strict';
+
+require('greenlock-express')
+    .init(function() {
+        // var pkg = require('./package.json');
+
+        return {
+            // where to find .greenlockrc and set default paths
+            packageRoot: __dirname,
+
+            // name & version for ACME client user agent
+            //packageAgent: pkg.name + '/' + pkg.version,
+
+            // contact for security and critical bug notices
+            //maintainerEmail: pkg.author,
+
+            // where to look for configuration
+            configDir: './greenlock.d',
+
+            // whether or not to run at cloudscale
+            cluster: true
+        };
+    })
+    .ready(function(glx) {
+        var app = require('./app.js');
+
+        // Serves on 80 and 443
+        // Get's SSL certificates magically!
+        glx.serveApp(app);
+    });

package/vendor/greenlock/bin/tmpl/greenlock.tmpl.js

@@ -0,0 +1,13 @@
+'use strict';
+
+var pkg = require('./package.json');
+module.exports = require('@root/greenlock').create({
+    // name & version for ACME client user agent
+    packageAgent: pkg.name + '/' + pkg.version,
+
+    // contact for security and critical bug notices
+    //maintainerEmail: pkg.author,
+
+    // where to find .greenlockrc and set default paths
+    packageRoot: __dirname
+});

package/vendor/greenlock/bin/tmpl/server.tmpl.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var app = require('./app.js');
+
+require('greenlock-express')
+    .init({
+        packageRoot: __dirname,
+
+        // contact for security and critical bug notices
+        //maintainerEmail: pkg.author,
+
+        // where to look for configuration
+        configDir: './greenlock.d',
+
+        // whether or not to run at cloudscale
+        cluster: false
+    })
+    // Serves on 80 and 443
+    // Get's SSL certificates magically!
+    .serve(app);

package/vendor/greenlock/bin/update.js

@@ -0,0 +1,62 @@
+'use strict';
+
+var log = require('lemonlog')('greenlock-update');
+var args = process.argv.slice(3);
+var cli = require('./lib/cli.js');
+var Flags = require('./lib/flags.js');
+
+Flags.init().then(function({ flagOptions, greenlock, mconf }) {
+    var myFlags = {};
+    [
+        'subject',
+        'altnames',
+        'renew-offset',
+        'subscriber-email',
+        'customer-email',
+        'server-key-type',
+        'challenge-http-01',
+        'challenge-http-01-xxxx',
+        'challenge-dns-01',
+        'challenge-dns-01-xxxx',
+        'challenge-tls-alpn-01',
+        'challenge-tls-alpn-01-xxxx',
+        'challenge',
+        'challenge-xxxx',
+        'challenge-json',
+        'force-save'
+    ].forEach(function(k) {
+        myFlags[k] = flagOptions[k];
+    });
+
+    cli.parse(myFlags);
+    cli.main(async function(argList, flags) {
+        var sconf = await greenlock._config({ servername: flags.subject });
+        Flags.mangleFlags(flags, mconf, sconf);
+        main(argList, flags, greenlock);
+    }, args);
+});
+
+async function main(_, flags, greenlock) {
+    if (!flags.subject) {
+        log.error('Provide --subject (valid domain)');
+        process.exit(1);
+        return;
+    }
+
+    greenlock
+        .update(flags)
+        .catch(function(err) {
+            log.error('Update failed:', err.message);
+            process.exit(1);
+        })
+        .then(function() {
+            return greenlock._config({ servername: flags.subject }).then(function(site) {
+                if (!site) {
+                    log.error('No config found for', flags.subject);
+                    process.exit(1);
+                    return;
+                }
+                log.info('Updated site config:', site);
+            });
+        });
+}