2021-06-11 20:07:40 +08:00
|
|
|
'use strict';
|
|
|
|
|
2021-06-15 15:47:18 +08:00
|
|
|
const config = require('wild-config');
|
2021-06-11 20:07:40 +08:00
|
|
|
const log = require('npmlog');
|
|
|
|
const Joi = require('joi');
|
|
|
|
const AcmeChallenge = require('../acme/acme-challenge');
|
|
|
|
const { asyncifyJson, validationErrors, getHostname, normalizeIp } = require('../tools');
|
|
|
|
|
2021-09-04 20:32:27 +08:00
|
|
|
module.exports = (db, server, routeOptions) => {
|
|
|
|
routeOptions = routeOptions || {};
|
|
|
|
|
2021-06-11 20:07:40 +08:00
|
|
|
const acmeChallenge = AcmeChallenge.create({ db: db.database });
|
|
|
|
|
|
|
|
server.get(
|
|
|
|
{ name: 'acmeToken', path: '/.well-known/acme-challenge/:token' },
|
|
|
|
asyncifyJson(async (req, res, next) => {
|
|
|
|
res.charSet('utf-8');
|
|
|
|
|
|
|
|
const ip = normalizeIp(res.socket.remoteAddress);
|
|
|
|
const domain = getHostname(req);
|
|
|
|
|
|
|
|
const schema = Joi.object().keys({
|
|
|
|
token: Joi.string().empty('').max(256).required()
|
|
|
|
});
|
|
|
|
|
|
|
|
const result = schema.validate(req.params, {
|
|
|
|
abortEarly: false,
|
|
|
|
convert: true,
|
|
|
|
allowUnknown: true
|
|
|
|
});
|
|
|
|
|
|
|
|
if (result.error) {
|
|
|
|
res.status(400);
|
|
|
|
res.json({
|
|
|
|
error: result.error.message,
|
|
|
|
code: 'InputValidationError',
|
|
|
|
details: validationErrors(result)
|
|
|
|
});
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
|
|
|
const token = result.value.token;
|
|
|
|
|
|
|
|
let challenge;
|
|
|
|
try {
|
|
|
|
challenge = await acmeChallenge.get({
|
|
|
|
challenge: {
|
|
|
|
token,
|
|
|
|
identifier: { value: domain }
|
|
|
|
}
|
|
|
|
});
|
|
|
|
} catch (err) {
|
|
|
|
log.error('ACME', `Error verifying challenge ${domain}: ${token} (${ip}, ${req.url}) ${err.message}`);
|
|
|
|
|
|
|
|
let resErr = new Error(`Failed to verify authentication token`);
|
|
|
|
resErr.responseCode = 500;
|
|
|
|
throw resErr;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!challenge || !challenge.keyAuthorization) {
|
|
|
|
log.error('ACME', `Unknown challenge ${domain}: ${token} (${ip}, ${req.url})`);
|
|
|
|
|
|
|
|
let err = new Error(`Unknown challenge`);
|
|
|
|
err.responseCode = 404;
|
|
|
|
throw err;
|
|
|
|
}
|
|
|
|
|
|
|
|
res.statusCode = 200;
|
|
|
|
res.setHeader('Content-Type', 'text/plain');
|
|
|
|
res.end(challenge.keyAuthorization);
|
|
|
|
})
|
|
|
|
);
|
2021-06-15 15:47:18 +08:00
|
|
|
|
2021-09-04 20:32:27 +08:00
|
|
|
if (!routeOptions.disableRedirect) {
|
|
|
|
server.on('NotFound', (req, res, err, cb) => {
|
|
|
|
res.redirect(302, config.acme.agent.redirect, cb);
|
|
|
|
});
|
|
|
|
}
|
2021-06-11 20:07:40 +08:00
|
|
|
};
|