tlsd 2.11.0 → 2.11.2

package/README.md

@@ -25,7 +25,7 @@ run it this way:
 
 	npx tlsd
 
-This way you can just use it to serve your local project in dev or production mode.
+This way you can just use it to serve your local project in dev or TLS mode.
 
 
 ## tlsd init
@@ -65,7 +65,7 @@ Adds a domain to Greenlock so that you can serve site with HTTPS:
 Displays the current version of tlsd
 
 
-### Production Mode
+### TLS Mode
 
 In HTTPS mode, you must specify the dir containing links/dirs for domains to serve
 it will run on HTTP on 80 (redirecting to 443), HTTPS on 443, and magically
@@ -79,9 +79,7 @@ You must also add your domain to greenlock before running nodes or it won't be r
 
 	npx greenlock add --subject example.com --altnames example.com,www.example.com
 
-Production mode serves files with Letsencrypt SSL certs magically.
-
-The browser reload feature does not operate in production mode.
+TLS mode serves files with Letsencrypt SSL certs magically.
 
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tlsd",
-  "version": "2.11.0",
+  "version": "2.11.2",
   "description": "A server for web app prototyping with HTTPS and Websockets",
   "main": "tlsd.js",
   "bin": {

package/tlsd.js

@@ -1,8 +1,6 @@
 
-/*
-Copyright 2023 Sleepless Software Inc.
-All Rights Reserved
-*/
+//Copyright 2024 Sleepless Software Inc.
+//All Rights Reserved
 
 const { path, http, https, fs, crypto, tls, } = require( "allcore" );
 
@@ -10,6 +8,11 @@ const connect = require( "connect" );
 const websocket = require( "websocket" );
 const serveStatic = require( "serve-static" )
 
+const body_parser = require( "body-parser" ).json( { limit: "10mb" } );
+const compression = require( "compression" )();
+const cors = require( "cors" )();
+const queryString = require( "querystring" );
+
 require( "sleepless" ).globalize();
 
 const L = log5.mkLog( "TLSD: " );
@@ -23,7 +26,7 @@ function usage() {
 	const base = path.basename( module.filename );
 	log(
 `Usage:
-    Production mode:
+    TLS mode:
     	DOMAINS_ROOT=./my_domains MAINTAINER_EMAIL=foo@bar.com VERBOSITY=4  node ` + base + `
     Dev mode:
     	node ` + base + ` site_root listen_port verbosity
@@ -33,7 +36,7 @@ function usage() {
 }
 
 let seq = 0;
-const next_seq = function() {
+function next_seq() {
 	seq += 1;
 	return seq;
 }
@@ -41,7 +44,7 @@ const next_seq = function() {
 
 // Handles incoming RPC msgs.
 // Tries to load the rpc handler module from root and if successful, passes the msg to it
-const rpc_handler = function( root, msg, xport, _okay, _fail ) {
+function rpc_handler( root, msg, xport, _okay, _fail ) {
 
 	let ll = toInt( msg.log_level );
     if( ll > 0 ) {
@@ -91,7 +94,7 @@ const rpc_handler = function( root, msg, xport, _okay, _fail ) {
 
 // Glue function to call rpc handler module and then return response
 // via the websockets msg object
-const ws_msg_handler = function( root, msg ) {
+function ws_msg_handler( root, msg ) {
 	rpc_handler( root, msg.msg, "WS", data => {
 		msg.reply( data );
 	}, error => {
@@ -101,115 +104,113 @@ const ws_msg_handler = function( root, msg ) {
 };
 
 
-// Return a handler function that implements default (basic) functionality.
-// XXX This has got to be inefficient at best, as it's creating a
-// connect app on every request. No idea how much of this gets optimized
-// out by V8.
-const basic_handler = function( root ) {
-
-	const app = connect();
-
-	app.use( require( "body-parser" ).json( { limit: "10mb" } ) );
-	app.use( require( "compression" )() );
-	app.use( require( "cors" )() );	// allow requests from other domains
-
-	// populate req.query
-	app.use( function( req, res, next ) {
-		req.query = require( "querystring" ).parse( req._parsedUrl.query );
-		next();
-	} );
-
-	// logger
-	app.use( function( req, res, next ) {
-		const host = req.headers[ "host" ];
-		let { method, url, query, body } = req;
-		url = url.split( "?" ).shift();
-		I( host + ": " + method + " " + o2j(url) + " " + o2j( query, null, 2 ) + "/" + o2j( body, null, 2 ) );
-		next();
-	} );
-
-	// Intercept and service POST requests for "/rpc"
-	app.use( function( req, res, next ) {
-
-		let { method, url, query, body } = req;
-
-		url = url.split( "?" ).shift();
-
-		// if not an rpc request, pass on to static
-		if( url != "/rpc" && url != "/rpc/" ) {
-			next();
-			return
-		}
-
-		// Only allow POSTS to /rpc in production mode.
-		// In dev mode, GET is allowed as well with query args.
-		let input = body;
-		if( method != "POST" ) {
-			if( ! ( method == "GET" && dev_mode ) ) {
-				W( "GET /rpc is disallowed in production mode" );
-				res.writeHead( 405 ); // Method Not Allowed
-				res.end();
-				return;
-			}
-			input = query;
-		}
-
-		// Set up callbacks
-		const done = ( error, data ) => {
-			res.writeHead( 200, {
-				"Content-Type": "application/json",
-				"Cache-Control": "no-store",
-			});
-			res.write( o2j( data ) );
-			res.end();
-		};
-		const okay = ( data ) => { done( null, data ); };
-		// XXX wrong
-		const fail = ( error, body ) => { done( error, body ); };
+// -----------------------
 
-		// Summon the rpc handler for the domain root.
-		rpc_handler( root, input, "REST", okay, fail );
 
-	} );
+// Handler that populates the req.query var with what's in query args
+function populate_query( req, res, next ) {
+    req.query = queryString.parse( req._parsedUrl.query );
+    next();
+}
 
+// Simple logging handler
+function logger( req, res, next ) {
+    const host = req.headers[ "host" ];
+    let { method, url, query, body } = req;
+    url = url.split( "?" ).shift();
+    I( host + ": " + method + " " + o2j( url ) + " " + o2j( query, null, 2 ) + "/" + o2j( body, null, 2 ) );
+    next();
+}
 
-	// Serve my (tlsd's) own static files
-	// This is primarily so that GET /rpc/rpc.js can return the client-side code for 
-	// sending WS RPC messages (similar to how socket.io works) and providing the
-    // browser hot-reload feature (which requires WS RPC)
-	app.use( serveStatic( __dirname + "/rpc_static" ) );
+// Creates and returns a handler function that intercepts and services
+// POST requests to "/rpc" endpoint.
+function rpc_post( root ) {
+    return function( req, res, next ) {
+        let { method, url, query, body } = req;
 
+        url = url.split( "?" ).shift();
+        if( url != "/rpc" && url != "/rpc/" ) {
+            next();
+            return
+        }
 
-	// Serve static files for the domain
-	app.use( serveStatic( root + "/static" ) );
+        // Only allow POSTS in TLS mode.
+        // In dev mode, GET is allowed as well with query args.
+        let input = body;
+        if( method != "POST" ) {
+            if( ! ( method == "GET" && dev_mode ) ) {
+                W( "GET /rpc is disallowed in TLS mode" );
+                res.writeHead( 405 ); // Method Not Allowed
+                res.end();
+                return;
+            }
+            input = query;
+        }
 
+        // Set up callbacks
+        const done = ( error, data ) => {
+            res.writeHead( 200, {
+                "Content-Type": "application/json",
+                "Cache-Control": "no-store",
+            });
+            res.write( o2j( data ) );
+            res.end();
+        };
+        const okay = ( data ) => { done( null, data ); };
+        // XXX wrong
+        const fail = ( error, body ) => { done( error, body ); };
+
+        // Summon the rpc handler for the domain root.
+        rpc_handler( root, input, "REST", okay, fail );
+    };
+}
 
-	// finally, if serveStatic can't service the request,
-	// look for a 404/ dir and redirect to that if present
-	app.use( function( req, res, next ) {
-		// I can't just return a redirect here because if the /404 doesn't exist,
-		// I will just go into a redirect loop, so I have to test to see if the
-		// dir exists, and then if so, redirect to it, otherwise, just return 404.
-		let { url, } = req;
-        let p = root + "/static/404";
-		is_dir( p, so => {
-			if( so ) {
-                let p404 = "/404/?original_path=" + encodeURIComponent( url );
-				res.writeHead( 302, { "Location": p404, } );
+// Handler for tlsd's own static files.
+// This is so that "GET /rpc/rpc.js" can return the client-side code for 
+// sending WS RPC messages (similar to how socket.io works).
+const rpc_static = serveStatic( __dirname + "/rpc_static" );
+
+
+// Creates and returns a handler that checks for "/404" at root.
+// If found, it redirects to it, otherwise it responds with 404.
+function not_found( root ) {
+    return function( req, res, next ) {
+        // Can't just do a redirect here because if /404 doesn't exist, it will
+        // just go into a redirect loop. So test to see if the dir exists first.
+        let path = root + "/static/404";
+        is_dir( path, so => {
+            if( so ) {
+                let p404 = "/404/?original_path=" + encodeURIComponent( req.url );
+                res.writeHead( 302, { "Location": p404, } );    // redirect to path
             } else {
-				res.writeHead( 404 );
+                res.writeHead( 404 );
             }
-			res.end();
-		} );
-	} );
+            res.end();
+        } );
+    }
+}
 
+// Create and return a connect app/function that implements
+// default (basic) functionality.
+function basic_handler( root ) {
+	const app = connect();
+	app.use( body_parser );
+	app.use( compression );
+	app.use( cors );        // allow requests from other domains
+	app.use( populate_query );
+	app.use( logger );
+    app.use( rpc_post( root ) );
+	app.use( rpc_static );
+	app.use( serveStatic( root + "/static" ) ); // static files for domain
+    app.use( not_found( root ) );
 	return app;
-
 }
 
 
+const cached_basic_handlers = {};
+
 // Handle REST calls (as opposed to websocket messages)
-const rest_handler = function( root, req, rsp ) {
+function rest_handler( root, req, rsp ) {
 
 	I( req.headers[ "host" ] + ": " + req.method + " " + req.url );
 	D( "rest_handler root: " + root );
@@ -233,21 +234,31 @@ const rest_handler = function( root, req, rsp ) {
 		D( "Using custom REST handler loaded from "+root );
 		call( handler );
 	} catch( err ) {
-		// custom handler load attempt threw an exception
-		const handler = basic_handler( root );
+		// attempt to load custom handler threw an exception
+
+        let handler = cached_basic_handlers[ root ];
+        if( ! handler ) {
+            handler = basic_handler( root );
+            cached_basic_handlers[ root ] = handler;
+        }
+
 		D( "Using basic REST handler" );
 		call( handler );
 	}
 };
 
 
+// -----------------------
+
+
 // tracked websocket connections
 const ws_connections = {};
 
 
-const ws_attach = function( httpServer, msg_handler ) {
+// Associate a websocket message handler (msg_handler) to a webserver instance (server)
+function ws_attach( server, msg_handler ) {
 
-	const wsd = new websocket.server( { httpServer, autoAcceptConnections: false, } );
+	const wsd = new websocket.server( { httpServer: server, autoAcceptConnections: false, } );
 
 	wsd.on( "request", function( wsreq ) {
 		V( "WS: connection request from "+wsreq.remoteAddress+" "+wsreq.resource )
@@ -256,7 +267,7 @@ const ws_attach = function( httpServer, msg_handler ) {
 
 		const socket = wsreq.accept( null, wsreq.origin );
 
-		const name = "ws-client-"+next_seq();       // XXX just use the websocket id
+		const name = "ws-conn-"+next_seq();       // XXX just use the websocket id
 
 		// send msg to connected client
 		const send = function( msg , cb ) {
@@ -318,84 +329,6 @@ const ws_attach = function( httpServer, msg_handler ) {
 };
 
 
-
-/*
-const build_sass = function( path ) {
-    const sass = require( "sass" );
-    const result = sass.compile( path );
-    fs.writeFileSync( path + ".css", result.css, "utf8" );
-};
-
-const auto_builders = [
-    [ /\.(sass|scss)$/, build_sass ],
-];
-
-// Do auto-build processes (dev mode only)
-const auto_build = function( paths ) {
-
-    for( let path of paths ) {
-        for( const bldr of auto_builders ) {
-            if( bldr[ 0 ].test( path ) ) {
-                bldr[ 1 ]( path );
-            }
-        }
-
-    }
-
-};
-
-
-// Engage the filesystem watcher (dev mode only)
-const enable_fs_watch = function( root ) {
-
-    let paths_noted = {};
-
-    let hot_reload_tid = null;
-    let hot_reload_count = 0;
-
-    function hot_reload_tick() {
-        hot_reload_count -= 1;     // reduce count by 1
-        if( hot_reload_count <= 0 ) {
-            // counter reached 0
-            clearInterval( hot_reload_tid );   // turn off the ticker
-            hot_reload_tid = null;
-
-            auto_build( Object.keys( paths_noted ) );
-            paths_noted = {};
-
-            // send RELOAD msg to all client that have an active ws connection
-            for( let conn of Object.values( ws_connections ) ) {
-                conn.send( { msg: "RELOAD" } );     // send RELOAD msg to browser
-            }
-        }
-    }
-
-    function note( evt, path ) {
-        // A change of some sort was seen
-        // Hundreds of these can happen very rapidly, so the timer stuff
-        // above is used to delay sending the RELOAD command until 
-        // a second or so has passed without any more calls to this function
-
-        paths_noted[ path ] = evt;  // XXX
-        //D( "noted fs change: [" + evt + "] " + path );
-
-        hot_reload_count = 5;
-        if( hot_reload_tid === null ) {
-            // ticker isn't running, so start it
-            hot_reload_tid = setInterval( hot_reload_tick, 200 );
-        }
-
-    };
-
-    // tell OS to start watching for any changes in root
-    fs.watch( root, { recursive: true, }, function( evt, path ) {
-        note( evt, root + "/" + path );
-    } );
-
-};
-*/
-
-
 // -----------------------
 
 const argv = process.argv;
@@ -407,7 +340,7 @@ if( argv.length == 2 ) {
 	if( DOMAINS_ROOT && MAINTAINER_EMAIL && VERBOSITY ) {
 		L( toInt( VERBOSITY ) );
 
-		I( "=== PRODUCTION MODE ===" );
+		I( "=== TLS MODE ===" );
 		V( "DOMAINS_ROOT: " + DOMAINS_ROOT );
 		V( "MAINTAINER_EMAIL: " + MAINTAINER_EMAIL );
 		V( "VERBOSITY: " + VERBOSITY );
@@ -417,12 +350,11 @@ if( argv.length == 2 ) {
 			maintainerEmail: MAINTAINER_EMAIL,
 			configDir: "./greenlock.d",
 			cluster: false,
-			//notify
 		} ).ready( glx => {
 
-			var httpd = glx.httpsServer();
+			var server = glx.httpsServer();
 
-			ws_attach( httpd, ( msg, conn, domain ) => {
+			ws_attach( server, ( msg, conn, domain ) => {
 				const root = path.resolve( DOMAINS_ROOT + "/" + domain );
 				ws_msg_handler( root, msg );
             } );
@@ -456,22 +388,17 @@ if( argv.length == 5 ) {
 		V( "SITE_ROOT: " + SITE_ROOT );
 		V( "PORT: " + PORT );
 
-		const httpd = http.createServer( ( req, res ) => {
+		const server = http.createServer( ( req, res ) => {
 			rest_handler( SITE_ROOT, req, res );
 		} );
 
-        // XXX call ws_attach *before* calling listen() ?
-		httpd.listen( toInt( PORT ), () => {
-
-			ws_attach( httpd, ( msg, conn, domain ) => {
-				ws_msg_handler( SITE_ROOT, msg );
-			} );
+        ws_attach( server, ( msg, conn, domain ) => {
+            ws_msg_handler( SITE_ROOT, msg );
+        } );
 
-            // enable the file system watch, which handles hot-reload and auto-build
-            // enable_fs_watch( SITE_ROOT );
+		server.listen( toInt( PORT ), () => {
 
 			I( "Listening on " + PORT + " & serving from " + SITE_ROOT );
-
 		} );
 
 	} else {