dergeorg/SmartShopper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Email Login

Browse Source
This commit is contained in:
Georg Reisinger
2019-02-24 19:27:42 +01:00
parent f853a2bf0f
commit 3baf79e8f6
39 changed files with 3246 additions and 2982 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
express-server/greenlock-https/demo.js
View File

@ -10,28 +10,34 @@ var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST change this to a valid email address
,
email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST NOT build clients that accept the ToS without asking the user
,
agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
,
approvedDomains: ['example.com', 'www.example.com']
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
,
configDir: '~/.config/acme/'
// Get notified of important updates and help me make greenlock better
, communityMember: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
//, debug: true
});
@ -45,8 +51,8 @@ var greenlock = Greenlock.create({
var redirectHttps = require('redirect-https')();
var acmeChallengeHandler = greenlock.middleware(function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end('<h1>Hello, ⚠️ Insecure World!</h1><a>Visit Secure Site</a>'
+ '<script>document.querySelector("a").href=window.location.href.replace(/^http/i, "https");</script>'
res.end('<h1>Hello, ⚠️ Insecure World!</h1><a>Visit Secure Site</a>' +
'<script>document.querySelector("a").href=window.location.href.replace(/^http/i, "https");</script>'
);
});
require('http').createServer(acmeChallengeHandler).listen(80, function () {
@ -61,7 +67,10 @@ require('http').createServer(acmeChallengeHandler).listen(80, function () {
// spdy is a drop-in replacement for the https API
var spdyOptions = Object.assign({}, greenlock.tlsOptions);
spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
spdyOptions.spdy = {
protocols: ['h2', 'http/1.1'],
plain: false
};
var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end('<h1>Hello, 🔐 Secure World!</h1>');
@ -72,4 +81,4 @@ server.on('error', function (err) {
server.on('listening', function () {
console.log("Listening for SPDY/http2/https requests on", this.address());
});
server.listen(443);
server.listen(443);

37
express-server/greenlock-https/force-renew.js
View File

@ -6,24 +6,31 @@ require('../').create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, email: 'john.doe@example.com'
,
email: 'john.doe@example.com'
, agreeTos: true
,
agreeTos: true
, approvedDomains: [ 'example.com', 'www.example.com' ]
,
approvedDomains: ['example.com', 'www.example.com']
, app: require('express')().use('/', function (req, res) {
res.end('Hello, World!');
})
,
app: require('express')().use('/', function (req, res) {
res.end('Hello, World!');
})
, renewWithin: (91 * 24 * 60 * 60 * 1000)
, renewBy: (90 * 24 * 60 * 60 * 1000)
,
renewWithin: (91 * 24 * 60 * 60 * 1000),
renewBy: (90 * 24 * 60 * 60 * 1000)
// Get notified of important updates and help me make greenlock better
, communityMember: true
, debug: true
}).listen(80, 443);
// Get notified of important updates and help me make greenlock better
,
communityMember: true,
debug: true
}).listen(80, 443);

44
express-server/greenlock-https/http2.js
View File

@ -8,28 +8,34 @@ var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST change this to a valid email address
,
email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST NOT build clients that accept the ToS without asking the user
,
agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
,
approvedDomains: ['example.com', 'www.example.com']
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
,
configDir: '~/.config/acme/'
// Get notified of important updates and help me make greenlock better
, communityMember: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
//, debug: true
});
@ -63,12 +69,12 @@ server.on('error', function (err) {
server.on('stream', function (stream, headers) {
console.log(headers);
stream.respond({
'content-type': 'text/html'
, ':status': 200
'content-type': 'text/html',
':status': 200
});
stream.end('Hello, HTTP2 World!');
});
server.on('listening', function () {
console.log("Listening for http2 requests on", this.address());
});
server.listen(443);
server.listen(443);

6
express-server/greenlock-https/my-express-app.js
View File

@ -9,7 +9,9 @@ app.use('/', function (req, res) {
});
// DO NOT DO app.listen() unless we're testing this directly
if (require.main === module) { app.listen(3000); }
if (require.main === module) {
app.listen(3000);
}
// Instead do export the app:
module.exports = app;
module.exports = app;

48
express-server/greenlock-https/production.js
View File

@ -9,26 +9,30 @@ var greenlock = require('../').create({
// Let's Encrypt v2 is ACME draft 11
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
server: 'https://acme-v02.api.letsencrypt.org/directory'
, version: 'draft-11'
// You MUST have write access to save certs
, configDir: '~/.config/acme/'
server: 'https://acme-v02.api.letsencrypt.org/directory',
version: 'draft-11'
// You MUST have write access to save certs
,
configDir: '~/.config/acme/'
// The previous 'simple' example set these values statically,
// but this example uses approveDomains() to set them dynamically
//, email: 'none@see.note.above'
//, agreeTos: false
// The previous 'simple' example set these values statically,
// but this example uses approveDomains() to set them dynamically
//, email: 'none@see.note.above'
//, agreeTos: false
// approveDomains is the right place to check a database for
// email addresses with domains and agreements and such
, approveDomains: approveDomains
// approveDomains is the right place to check a database for
// email addresses with domains and agreements and such
,
approveDomains: approveDomains
, app: require('./my-express-app.js')
,
app: require('./my-express-app.js')
// Get notified of important updates and help me make greenlock better
, communityMember: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
//, debug: true
});
@ -52,7 +56,10 @@ function approveDomains(opts, certs, cb) {
}
fooCheckDb(opts.domains, function (err, agree, email) {
if (err) { cb(err); return; }
if (err) {
cb(err);
return;
}
// Services SHOULD automatically accept the ToS and use YOUR email
// Clients MUST NOT accept the ToS without asking the user
@ -64,7 +71,10 @@ function approveDomains(opts, certs, cb) {
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
cb(null, { options: opts, certs: certs });
cb(null, {
options: opts,
certs: certs
});
});
}
@ -75,7 +85,7 @@ function approveDomains(opts, certs, cb) {
function fooCheckDb(domains, cb) {
// This is an oversimplified example of how we might implement a check in
// our database if we have different rules for different users and domains
var domains = [ 'example.com', 'www.example.com' ];
var domains = ['example.com', 'www.example.com'];
var userEmail = 'john.doe@example.com';
var userAgrees = true;
var passCheck = opts.domains.every(function (domain) {
@ -87,4 +97,4 @@ function fooCheckDb(domains, cb) {
} else {
cb(null, userAgrees, userEmail);
}
}
}

43
express-server/greenlock-https/quickstart.js
View File

@ -8,29 +8,36 @@ require('../greenlock.js').create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'lukas.n912@gmail.com'
// You MUST change this to a valid email address
,
email: 'lukas.n912@gmail.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST NOT build clients that accept the ToS without asking the user
,
agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'www.smartshopper.cf', 'smartshopper.cf']
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
,
approvedDomains: ['www.smartshopper.cf', 'smartshopper.cf']
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
,
configDir: '~/.config/acme/'
, app: app
,
app: app
// Get notified of important updates and help me make greenlock better
, communityMember: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
//, debug: true
}).listen(7000, 443);
}).listen(7000, 443);

84
express-server/greenlock-https/remote-access.js
View File

@ -10,7 +10,7 @@
//
var email = 'john.doe@gmail.com';
var domains = [ 'example.com' ];
var domains = ['example.com'];
var agreeLeTos = true;
//var secret = "My Little Brony";
var secret = require('crypto').randomBytes(16).toString('hex');
@ -18,18 +18,21 @@ var secret = require('crypto').randomBytes(16).toString('hex');
require('../').create({
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, email: email
, agreeTos: agreeLeTos
, approveDomains: domains
, configDir: '~/.config/acme/'
, app: remoteAccess(secret)
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
,
email: email,
agreeTos: agreeLeTos,
approveDomains: domains,
configDir: '~/.config/acme/',
app: remoteAccess(secret)
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
}).listen(3000, 8443);
@ -38,20 +41,39 @@ function remoteAccess(secret) {
var basicAuth = require('express-basic-auth');
var serveIndex = require('serve-index');
var rootIndex = serveIndex('/', { hidden: true, icons: true, view: 'details' });
var rootFs = express.static('/', { dotfiles: 'allow', redirect: true, index: false });
var rootIndex = serveIndex('/', {
hidden: true,
icons: true,
view: 'details'
});
var rootFs = express.static('/', {
dotfiles: 'allow',
redirect: true,
index: false
});
var userIndex = serveIndex(require('os').homedir(), { hidden: true, icons: true, view: 'details' });
var userFs = express.static(require('os').homedir(), { dotfiles: 'allow', redirect: true, index: false });
var userIndex = serveIndex(require('os').homedir(), {
hidden: true,
icons: true,
view: 'details'
});
var userFs = express.static(require('os').homedir(), {
dotfiles: 'allow',
redirect: true,
index: false
});
var app = express();
var realm = 'Login Required';
var myAuth = basicAuth({
users: { 'root': secret, 'user': secret }
, challenge: true
, realm: realm
, unauthorizedResponse: function (/*req*/) {
users: {
'root': secret,
'user': secret
},
challenge: true,
realm: realm,
unauthorizedResponse: function ( /*req*/ ) {
return 'Unauthorized <a href="/">Home</a>';
}
});
@ -59,9 +81,9 @@ function remoteAccess(secret) {
app.get('/', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end(
'<a href="/browse/">View Files</a>'
+ '&nbsp; | &nbsp;'
+ '<a href="/logout/">Logout</a>'
'<a href="/browse/">View Files</a>' +
'&nbsp; | &nbsp;' +
'<a href="/logout/">Logout</a>'
);
});
app.use('/logout', function (req, res) {
@ -73,8 +95,18 @@ function remoteAccess(secret) {
});
app.use('/browse', myAuth);
app.use('/browse', function (req, res, next) {
if ('root' === req.auth.user) { rootFs(req, res, function () { rootIndex(req, res, next); }); return; }
if ('user' === req.auth.user) { userFs(req, res, function () { userIndex(req, res, next); }); return; }
if ('root' === req.auth.user) {
rootFs(req, res, function () {
rootIndex(req, res, next);
});
return;
}
if ('user' === req.auth.user) {
userFs(req, res, function () {
userIndex(req, res, next);
});
return;
}
res.end('Sad Panda');
});
@ -92,4 +124,4 @@ function remoteAccess(secret) {
console.log('');
return app;
}
}

45
express-server/greenlock-https/spdy.js
View File

@ -10,28 +10,34 @@ var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST change this to a valid email address
,
email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST NOT build clients that accept the ToS without asking the user
,
agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
,
approvedDomains: ['example.com', 'www.example.com']
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/' // MUST have write access
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
,
configDir: '~/.config/acme/' // MUST have write access
// Get notified of important updates and help me make greenlock better
, communityMember: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true
//, debug: true
//, debug: true
});
@ -56,7 +62,10 @@ require('http').createServer(acmeChallengeHandler).listen(80, function () {
// spdy is a drop-in replacement for the https API
var spdyOptions = Object.assign({}, greenlock.tlsOptions);
spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
spdyOptions.spdy = {
protocols: ['h2', 'http/1.1'],
plain: false
};
var myApp = require('./my-express-app.js');
var server = require('spdy').createServer(spdyOptions, myApp);
server.on('error', function (err) {
@ -65,4 +74,4 @@ server.on('error', function (err) {
server.on('listening', function () {
console.log("Listening for SPDY/http2/https requests on", this.address());
});
server.listen(443);
server.listen(443);

48
express-server/greenlock-https/vhost.js
View File

@ -1,4 +1,5 @@
#!/usr/bin/env node
'use strict';
///////////////////
@ -21,25 +22,32 @@ var serveStatic = require('serve-static');
//var glx = require('greenlock-express')
var glx = require('../').create({
version: 'draft-11' // Let's Encrypt v2 is ACME draft 11
version: 'draft-11' // Let's Encrypt v2 is ACME draft 11
, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
,
server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, configDir: '~/.config/acme/' // You MUST have access to write to directory where certs
// are saved. ex: /home/foouser/.config/acme
,
configDir: '~/.config/acme/' // You MUST have access to write to directory where certs
// are saved. ex: /home/foouser/.config/acme
, approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the
// domain name here and reject invalid ones
,
approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the
// domain name here and reject invalid ones
, app: myVhostApp // Any node-style http app (i.e. express, koa, hapi, rill)
,
app: myVhostApp // Any node-style http app (i.e. express, koa, hapi, rill)
/* CHANGE TO A VALID EMAIL */
, email:'jon@example.com' // Email for Let's Encrypt account and Greenlock Security
, agreeTos: true // Accept Let's Encrypt ToS
, communityMember: true // Join Greenlock to get important updates, no spam
/* CHANGE TO A VALID EMAIL */
,
email: 'jon@example.com' // Email for Let's Encrypt account and Greenlock Security
,
agreeTos: true // Accept Let's Encrypt ToS
,
communityMember: true // Join Greenlock to get important updates, no spam
//, debug: true
//, debug: true
});
@ -84,7 +92,10 @@ function myApproveDomains(opts, certs, cb) {
// opts.agreeTos = true;
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
cb(null, { options: opts, certs: certs });
cb(null, {
options: opts,
certs: certs
});
});
}
@ -96,6 +107,7 @@ function myApproveDomains(opts, certs, cb) {
// It will also make them lowercase and protect against "domain fronting".
// However, it's up to you to make sure you actually have a domain to serve :)
var servers = {};
function myVhostApp(req, res) {
var hostname = req.headers.host;
var srvpath = path.join(srv, hostname);
@ -104,11 +116,13 @@ function myVhostApp(req, res) {
if (!servers[hostname]) {
try {
fs.accessSync(srvpath);
servers[hostname] = serveStatic(srvpath, { redirect: true });
} catch(e) {
servers[hostname] = serveStatic(srvpath, {
redirect: true
});
} catch (e) {
finalhandler(req, res);
}
}
servers[hostname](req, res, finalhandler(req, res));
}
}

40
express-server/greenlock-https/websockets.js
View File

@ -12,29 +12,35 @@ var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
server: 'https://acme-v02.api.letsencrypt.org/directory'
, version: 'draft-11'
, configDir: '~/.config/acme/'
, app: require('./my-express-app.js')
server: 'https://acme-v02.api.letsencrypt.org/directory',
version: 'draft-11',
configDir: '~/.config/acme/',
app: require('./my-express-app.js')
// You MUST change these to a valid email and domains
, email: 'john.doe@example.com'
, approvedDomains: [ 'example.com', 'www.example.com' ]
, agreeTos: true
// You MUST change these to a valid email and domains
,
email: 'john.doe@example.com',
approvedDomains: ['example.com', 'www.example.com'],
agreeTos: true
// Get notified of important updates and help me make greenlock better
, communityMember: true
, telemetry: true
//, debug: true
// Get notified of important updates and help me make greenlock better
,
communityMember: true,
telemetry: true
//, debug: true
});
var server = greenlock.listen(80, 443);
var WebSocket = require('ws');
var ws = new WebSocket.Server({ server: server });
var ws = new WebSocket.Server({
server: server
});
ws.on('connection', function (ws, req) {
// inspect req.headers.authorization (or cookies) for session info
ws.send("[Secure Echo Server] Hello!\nAuth: '" + (req.headers.authorization || 'none') + "'\n"
+ "Cookie: '" + (req.headers.cookie || 'none') + "'\n");
ws.on('message', function (data) { ws.send(data); });
});
ws.send("[Secure Echo Server] Hello!\nAuth: '" + (req.headers.authorization || 'none') + "'\n" +
"Cookie: '" + (req.headers.cookie || 'none') + "'\n");
ws.on('message', function (data) {
ws.send(data);
});
});