Rewrite lets-encrypt support to use greenlock-express

beakerbrowser · May 9, 2017 · 6401250 · 6401250
1 parent 913863e
commit 6401250
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 65 deletions.
diff --git a/bin.js b/bin.js
@@ -1,8 +1,21 @@
 require('./nodecompat')
 var config = require('./lib/config')
 var createApp = require('./index')
+var log = require('debug')('LE')
 
 var app = createApp(config)
-app.listen(config.port, () => {
-  console.log(`server started on http://127.0.0.1:${config.port}`)
-})
+if (config.letsencrypt) {
+  var greenlockExpress = require('greenlock-express')
+  var debug = (!process.env.NODE_ENV || process.env.NODE_ENV === 'debug')
+  server = greenlockExpress.create({
+    server: debug ? 'staging' : 'https://acme-v01.api.letsencrypt.org/directory',
+    debug,
+    approveDomains: app.approveDomains,
+    app,
+    log
+  }).listen(80, 443)
+} else {
+  app.listen(config.port, () => {
+    console.log(`server started on http://127.0.0.1:${config.port}`)
+  })
+}
diff --git a/config.defaults.yml b/config.defaults.yml
@@ -2,6 +2,7 @@ dir: ./.hypercloud
 brandname: Hypercloud
 hostname: hypercloud.local
 port: 8080
+letsencrypt: false
 ui: hypercloud-ui-vanilla
 sites: false
 rateLimiting: true
@@ -38,9 +39,4 @@ email:
 sessions:
   algorithm: HS256
   secret: THIS MUST BE REPLACED!
-  expiresIn: 1h
-
-# lets encrypt
-letsencrypt:
-  debug: true
-  configDir: ./.letsencrypt
+  expiresIn: 1h
diff --git a/index.js b/index.js
@@ -10,7 +10,6 @@ var sse = require('express-server-sent-events')
 var Hypercloud = require('./lib')
 var customValidators = require('./lib/validators')
 var customSanitizers = require('./lib/sanitizers')
-var letsEncrypt = require('./lib/lets-encrypt')
 var packageJson = require('./package.json')
 
 module.exports = function (config) {
@@ -22,6 +21,7 @@ module.exports = function (config) {
   var app = express()
   app.cloud = cloud
   app.config = config
+  app.approveDomains = approveDomains(cloud, config)
 
   app.locals = {
     session: false, // default session value
@@ -50,7 +50,6 @@ module.exports = function (config) {
 
   if (config.sites) {
     var httpGatewayApp = express()
-    httpGatewayApp.use('/', letsEncrypt(config))
     httpGatewayApp.get('/.well-known/dat', cloud.api.archiveFiles.getDNSFile)
     if (config.sites === 'per-archive') {
       httpGatewayApp.get('*', cloud.api.archiveFiles.getFile)
@@ -173,3 +172,35 @@ function addConfigHelpers (config) {
     return userRecord.diskUsage / config.getUserDiskQuota(userRecord)
   }
 }
+
+function approveDomains (config, cloud) {
+  return async (options, certs, cb) => {
+    var {domain} = options
+    options.agreeTos = true
+    options.email = config.letsencrypt.email
+
+    // toplevel domain?
+    if (domain === config.hostname) {
+      return cb(null, {options, certs})
+    }
+
+    // try looking up the site
+    try {
+      var archiveName
+      var userName
+      var domainParts = domain.split('.')
+      if (config.sites === 'per-user') {
+        archiveName = userName = domainParts[0]
+      } else if (config.sites === 'per-archive') {
+        archiveName = domainParts[0]
+        userName = domainParts[1]
+      }
+      var userRecord = await cloud.usersDB.getByUsername(userName)
+      var archiveRecord = userRecord.archives.find(a => a.name === archiveName)
+      if (archiveRecord) {
+        return cb(null, {options, certs})
+      }
+    } catch (e) {}
+    cb(new Error('Invalid domain'))
+  }
+}
diff --git a/lib/lets-encrypt.js b/lib/lets-encrypt.js
diff --git a/package.json b/package.json
@@ -41,16 +41,12 @@
     "express-server-sent-events": "^1.1.0",
     "express-validator": "^3.1.2",
     "get-folder-size": "^1.0.0",
-    "greenlock": "^2.1.15",
+    "greenlock-express": "^2.0.11",
     "hypercloud-ui-vanilla": "^1.0.0",
     "hyperdrive": "^9.2.0",
     "identify-filetype": "^1.0.0",
     "js-yaml": "^3.7.0",
     "jsonwebtoken": "^7.2.1",
-    "le-acme-core": "^2.1.0",
-    "le-challenge-sni": "^2.0.1",
-    "le-sni-auto": "^2.1.1",
-    "le-store-certbot": "^2.0.5",
     "level": "^1.5.0",
     "level-promise": "^2.1.1",
     "level-simple-indexes": "^2.2.0",