jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

lint

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-02-01 15:43:59 +01:00
parent 54add73d2a
commit c2a7e0f092
1 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/acme2.js
+22 -21
View File
@@ -79,7 +79,7 @@ Acme2.prototype.sendSignedRequest = async function (url, payload) {
assert.strictEqual(typeof this.accountKey, 'string'); assert.strictEqual(typeof this.accountKey, 'string');
const that = this; const that = this;
let header = { const header = {
url: url, url: url,
alg: 'RS256' alg: 'RS256'
}; };
@@ -104,7 +104,7 @@ Acme2.prototype.sendSignedRequest = async function (url, payload) {
const nonce = response.headers['Replay-Nonce'.toLowerCase()]; const nonce = response.headers['Replay-Nonce'.toLowerCase()];
if (!nonce) throw new BoxError(BoxError.ACME_ERROR, 'No nonce in response'); if (!nonce) throw new BoxError(BoxError.ACME_ERROR, 'No nonce in response');
debug('sendSignedRequest: using nonce %s for url %s', nonce, url); debug(`sendSignedRequest: using nonce ${nonce} for url ${url}`);
const protected64 = b64(JSON.stringify(_.extend({ }, header, { nonce: nonce }))); const protected64 = b64(JSON.stringify(_.extend({ }, header, { nonce: nonce })));
@@ -197,9 +197,8 @@ Acme2.prototype.newOrder = async function () {
if (result.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, `Forbidden sending new order: ${result.body.detail}`); if (result.status === 403) throw new BoxError(BoxError.ACCESS_DENIED, `Forbidden sending new order: ${result.body.detail}`);
if (result.status !== 201) throw new BoxError(BoxError.ACME_ERROR, `Failed to send new order. Expecting 201, got ${result.statusCode} ${JSON.stringify(result.body)}`); if (result.status !== 201) throw new BoxError(BoxError.ACME_ERROR, `Failed to send new order. Expecting 201, got ${result.statusCode} ${JSON.stringify(result.body)}`);
debug(`newOrder: created order ${this.cn} %j`, result.body);
const order = result.body, orderUrl = result.headers.location; const order = result.body, orderUrl = result.headers.location;
debug(`newOrder: created order ${this.cn} order: ${JSON.stringify(result.body)} orderUrl: ${orderUrl}`);
if (!Array.isArray(order.authorizations)) throw new BoxError(BoxError.ACME_ERROR, 'invalid authorizations in order'); if (!Array.isArray(order.authorizations)) throw new BoxError(BoxError.ACME_ERROR, 'invalid authorizations in order');
if (typeof order.finalize !== 'string') throw new BoxError(BoxError.ACME_ERROR, 'invalid finalize in order'); if (typeof order.finalize !== 'string') throw new BoxError(BoxError.ACME_ERROR, 'invalid finalize in order');
@@ -233,22 +232,22 @@ Acme2.prototype.waitForOrder = async function (orderUrl) {
Acme2.prototype.getKeyAuthorization = function (token) { Acme2.prototype.getKeyAuthorization = function (token) {
assert(typeof this.accountKey, 'string'); assert(typeof this.accountKey, 'string');
let jwk = { const jwk = {
e: b64(Buffer.from([0x01, 0x00, 0x01])), // Exponent - 65537 e: b64(Buffer.from([0x01, 0x00, 0x01])), // Exponent - 65537
kty: 'RSA', kty: 'RSA',
n: b64(getModulus(this.accountKey)) n: b64(getModulus(this.accountKey))
}; };
let shasum = crypto.createHash('sha256'); const shasum = crypto.createHash('sha256');
shasum.update(JSON.stringify(jwk)); shasum.update(JSON.stringify(jwk));
let thumbprint = urlBase64Encode(shasum.digest('base64')); const thumbprint = urlBase64Encode(shasum.digest('base64'));
return token + '.' + thumbprint; return token + '.' + thumbprint;
}; };
Acme2.prototype.notifyChallengeReady = async function (challenge) { Acme2.prototype.notifyChallengeReady = async function (challenge) {
assert.strictEqual(typeof challenge, 'object'); // { type, status, url, token } assert.strictEqual(typeof challenge, 'object'); // { type, status, url, token }
debug('notifyChallengeReady: %s was met', challenge.url); debug(`notifyChallengeReady: ${challenge.url} was met`);
const keyAuthorization = this.getKeyAuthorization(challenge.token); const keyAuthorization = this.getKeyAuthorization(challenge.token);
@@ -264,7 +263,7 @@ Acme2.prototype.notifyChallengeReady = async function (challenge) {
Acme2.prototype.waitForChallenge = async function (challenge) { Acme2.prototype.waitForChallenge = async function (challenge) {
assert.strictEqual(typeof challenge, 'object'); assert.strictEqual(typeof challenge, 'object');
debug('waitingForChallenge: %j', challenge); debug(`waitingForChallenge: ${JSON.stringify(challenge)}`);
await promiseRetry({ times: 15, interval: 20000, debug }, async () => { await promiseRetry({ times: 15, interval: 20000, debug }, async () => {
debug('waitingForChallenge: getting status'); debug('waitingForChallenge: getting status');
@@ -295,7 +294,7 @@ Acme2.prototype.signCertificate = async function (finalizationUrl, csrPem) {
csr: b64(csrDer) csr: b64(csrDer)
}; };
debug('signCertificate: sending sign request'); debug(`signCertificate: sending sign request to ${finalizationUrl}`);
const result = await this.sendSignedRequest(finalizationUrl, JSON.stringify(payload)); const result = await this.sendSignedRequest(finalizationUrl, JSON.stringify(payload));
// 429 means we reached the cert limit for this domain // 429 means we reached the cert limit for this domain
@@ -363,18 +362,19 @@ Acme2.prototype.downloadCertificate = async function (certUrl) {
Acme2.prototype.prepareHttpChallenge = async function (authorization) { Acme2.prototype.prepareHttpChallenge = async function (authorization) {
assert.strictEqual(typeof authorization, 'object'); assert.strictEqual(typeof authorization, 'object');
debug('prepareHttpChallenge: challenges: %j', authorization); debug(`prepareHttpChallenge: challenges: ${JSON.stringify(authorization)}`);
let httpChallenges = authorization.challenges.filter(function(x) { return x.type === 'http-01'; }); const httpChallenges = authorization.challenges.filter(function(x) { return x.type === 'http-01'; });
if (httpChallenges.length === 0) throw new BoxError(BoxError.ACME_ERROR, 'no http challenges'); if (httpChallenges.length === 0) throw new BoxError(BoxError.ACME_ERROR, 'no http challenges');
let challenge = httpChallenges[0]; const challenge = httpChallenges[0];
debug('prepareHttpChallenge: preparing for challenge %j', challenge); debug(`prepareHttpChallenge: preparing for challenge ${JSON.stringify(challenge)}`);
let keyAuthorization = this.getKeyAuthorization(challenge.token); const keyAuthorization = this.getKeyAuthorization(challenge.token);
debug('prepareHttpChallenge: writing %s to %s', keyAuthorization, path.join(paths.ACME_CHALLENGES_DIR, challenge.token)); const challengeFilePath = path.join(paths.ACME_CHALLENGES_DIR, challenge.token);
debug(`prepareHttpChallenge: writing ${keyAuthorization} to ${challengeFilePath}`);
if (!safe.fs.writeFileSync(path.join(paths.ACME_CHALLENGES_DIR, challenge.token), keyAuthorization)) throw new BoxError(BoxError.FS_ERROR, `Error writing challenge: ${safe.error.message}`); if (!safe.fs.writeFileSync(challengeFilePath, keyAuthorization)) throw new BoxError(BoxError.FS_ERROR, `Error writing challenge: ${safe.error.message}`);
return challenge; return challenge;
}; };
@@ -382,9 +382,10 @@ Acme2.prototype.prepareHttpChallenge = async function (authorization) {
Acme2.prototype.cleanupHttpChallenge = async function (challenge) { Acme2.prototype.cleanupHttpChallenge = async function (challenge) {
assert.strictEqual(typeof challenge, 'object'); assert.strictEqual(typeof challenge, 'object');
debug('cleanupHttpChallenge: unlinking %s', path.join(paths.ACME_CHALLENGES_DIR, challenge.token)); const challengeFilePath = path.join(paths.ACME_CHALLENGES_DIR, challenge.token);
debug(`cleanupHttpChallenge: unlinking ${challengeFilePath}`);
if (!safe.fs.unlinkSync(path.join(paths.ACME_CHALLENGES_DIR, challenge.token))) throw new BoxError(BoxError.FS_ERROR, `Error unlinking challenge: ${safe.error.message}`); if (!safe.fs.unlinkSync(challengeFilePath)) throw new BoxError(BoxError.FS_ERROR, `Error unlinking challenge: ${safe.error.message}`);
}; };
function getChallengeSubdomain(cn, domain) { function getChallengeSubdomain(cn, domain) {
@@ -407,7 +408,7 @@ function getChallengeSubdomain(cn, domain) {
Acme2.prototype.prepareDnsChallenge = async function (authorization) { Acme2.prototype.prepareDnsChallenge = async function (authorization) {
assert.strictEqual(typeof authorization, 'object'); assert.strictEqual(typeof authorization, 'object');
debug('prepareDnsChallenge: challenges: %j', authorization); debug(`prepareDnsChallenge: challenges: ${JSON.stringify(authorization)}`);
const dnsChallenges = authorization.challenges.filter(function(x) { return x.type === 'dns-01'; }); const dnsChallenges = authorization.challenges.filter(function(x) { return x.type === 'dns-01'; });
if (dnsChallenges.length === 0) throw new BoxError(BoxError.ACME_ERROR, 'no dns challenges'); if (dnsChallenges.length === 0) throw new BoxError(BoxError.ACME_ERROR, 'no dns challenges');
const challenge = dnsChallenges[0]; const challenge = dnsChallenges[0];
@@ -446,7 +447,7 @@ Acme2.prototype.cleanupDnsChallenge = async function (challenge) {
Acme2.prototype.prepareChallenge = async function (authorizationUrl) { Acme2.prototype.prepareChallenge = async function (authorizationUrl) {
assert.strictEqual(typeof authorizationUrl, 'string'); assert.strictEqual(typeof authorizationUrl, 'string');
debug(`prepareChallenge: http: ${this.performHttpAuthorization}`); debug(`prepareChallenge: http: ${this.performHttpAuthorization} authorizationUrl: ${authorizationUrl}`);
const response = await this.postAsGet(authorizationUrl); const response = await this.postAsGet(authorizationUrl);
if (response.status !== 200) throw new BoxError(BoxError.ACME_ERROR, `Invalid response code getting authorization : ${response.status}`); if (response.status !== 200) throw new BoxError(BoxError.ACME_ERROR, `Invalid response code getting authorization : ${response.status}`);