coolaj86/telebit.js
1
2
Fork 1
Code Issues 48 Pull Requests 3 Releases Activity

MAJOR: Updates for Authenticated Web UI and CLI #30

Open
coolaj86 wants to merge 77 commits from next into master
pull from: next
merge into: coolaj86:master
Conversation 0 Commits 77 Files Changed 28 +33 -33
1 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ae452367c0 - Show all commits

66
bin/telebitd.js
View File

@ -374,47 +374,47 @@ controllers.relay = function (req, res) {
}; };
controllers._nonces = {}; controllers._nonces = {};
controllers._requireNonce = function (req, res, next) { controllers._requireNonce = function (req, res, next) {
var nonce = req.jws && req.jws.protected && req.jws.protected.nonce; var nonce = req.jws && req.jws.protected && req.jws.protected.nonce;
var active = (Date.now() - controllers._nonces[nonce]) < (4 * 60 * 60 * 1000); var active = (Date.now() - controllers._nonces[nonce]) < (4 * 60 * 60 * 1000);
if (!active) { if (!active) {
// TODO proper headers and error message // TODO proper headers and error message
res.end({ "error": "invalid or expired nonce", "error_code": "ENONCE" }); res.end({ "error": "invalid or expired nonce", "error_code": "ENONCE" });
return; return;
} }
delete controllers._nonces[nonce]; delete controllers._nonces[nonce];
controllers._issueNonce(req, res); controllers._issueNonce(req, res);
next(); next();
}; };
controllers._issueNonce = function (req, res) { controllers._issueNonce = function (req, res) {
var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64')); var nonce = toUrlSafe(crypto.randomBytes(16).toString('base64'));
// TODO associate with a TLS session // TODO associate with a TLS session
controllers._nonces[nonce] = Date.now(); controllers._nonces[nonce] = Date.now();
res.headers.set("Replay-Nonce", nonce); res.headers.set("Replay-Nonce", nonce);
return nonce; return nonce;
}; };
controllers.newNonce = function (req, res) { controllers.newNonce = function (req, res) {
res.statusCode = 200; res.statusCode = 200;
res.headers.set("Cache-Control", "max-age=0, no-cache, no-store"); res.headers.set("Cache-Control", "max-age=0, no-cache, no-store");
// TODO // TODO
//res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT"); //res.headers.set("Date", "Sun, 10 Mar 2019 08:04:45 GMT");
// is this the expiration of the nonce itself? methinks maybe so // is this the expiration of the nonce itself? methinks maybe so
//res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT"); //res.headers.set("Expires", "Sun, 10 Mar 2019 08:04:45 GMT");
// TODO use one of the registered domains // TODO use one of the registered domains
//var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index" //var indexUrl = "https://acme-staging-v02.api.letsencrypt.org/index"
var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined); var port = (state.config.ipc && state.config.ipc.port || state._ipc.port || undefined);
var indexUrl = "http://localhost:" + port + "/index"; var indexUrl = "http://localhost:" + port + "/index";
res.headers.set("Link", "Link: <" + indexUrl + ">;rel=\"index\""); res.headers.set("Link", "Link: <" + indexUrl + ">;rel=\"index\"");
res.headers.set("Pragma", "no-cache"); res.headers.set("Pragma", "no-cache");
//res.headers.set("Strict-Transport-Security", "max-age=604800"); //res.headers.set("Strict-Transport-Security", "max-age=604800");
res.headers.set("X-Frame-Options", "DENY"); res.headers.set("X-Frame-Options", "DENY");
res.end(""); res.end("");
}; };
controllers.newAccount = function (req, res) { controllers.newAccount = function (req, res) {
controllers._requireNonce(req, res, function () { controllers._requireNonce(req, res, function () {
res.statusCode = 500; res.statusCode = 500;
res.end("not implemented yet"); res.end("not implemented yet");
}); });
}; };
function jsonEggspress(req, res, next) { function jsonEggspress(req, res, next) {
@ -845,14 +845,14 @@ function handleApi() {
} }
// TODO turn strings into regexes to match beginnings // TODO turn strings into regexes to match beginnings
app.use('/acme', function acmeCors(req, res, next) { app.use('/acme', function acmeCors(req, res, next) {
// Taken from New-Nonce // Taken from New-Nonce
res.headers.set("Access-Control-Allow-Headers", "Content-Type"); res.headers.set("Access-Control-Allow-Headers", "Content-Type");
res.headers.set("Access-Control-Allow-Origin", "*"); res.headers.set("Access-Control-Allow-Origin", "*");
res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location"); res.headers.set("Access-Control-Expose-Headers", "Link, Replay-Nonce, Location");
res.headers.set("Access-Control-Max-Age", "86400"); res.headers.set("Access-Control-Max-Age", "86400");
next(); next();
}); });
app.use('/acme/new-nonce', controllers.newNonce); app.use('/acme/new-nonce', controllers.newNonce);
app.use('/acme/new-acct', controllers.newAccount); app.use('/acme/new-acct', controllers.newAccount);
app.use(/\b(relay)\b/, controllers.relay); app.use(/\b(relay)\b/, controllers.relay);