dergeorg/SmartShopper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fehler behoben

Browse Source
This commit is contained in:
Lukas Nowy
2018-12-16 23:55:39 +01:00
parent dfb2a725c7
commit befb44764d
11 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
express-server/greenlock-https/demo.js Normal file
View File

@ -0,0 +1,75 @@
'use strict';
// npm install spdy@3.x
//var Greenlock = require('greenlock-express')
var Greenlock = require('../');
var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
});
////////////////////////
// http-01 Challenges //
////////////////////////
// http-01 challenge happens over http/1.1, not http2
var redirectHttps = require('redirect-https')();
var acmeChallengeHandler = greenlock.middleware(function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end('<h1>Hello, ⚠️ Insecure World!</h1><a>Visit Secure Site</a>'
+ '<script>document.querySelector("a").href=window.location.href.replace(/^http/i, "https");</script>'
);
});
require('http').createServer(acmeChallengeHandler).listen(80, function () {
console.log("Listening for ACME http-01 challenges on", this.address());
});
////////////////////////
// http2 via SPDY h2 //
////////////////////////
// spdy is a drop-in replacement for the https API
var spdyOptions = Object.assign({}, greenlock.tlsOptions);
spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
var server = require('spdy').createServer(spdyOptions, require('express')().use('/', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end('<h1>Hello, 🔐 Secure World!</h1>');
}));
server.on('error', function (err) {
console.error(err);
});
server.on('listening', function () {
console.log("Listening for SPDY/http2/https requests on", this.address());
});
server.listen(443);

29
express-server/greenlock-https/force-renew.js Normal file
View File

@ -0,0 +1,29 @@
'use strict';
//require('greenlock-express')
require('../').create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, email: 'john.doe@example.com'
, agreeTos: true
, approvedDomains: [ 'example.com', 'www.example.com' ]
, app: require('express')().use('/', function (req, res) {
res.end('Hello, World!');
})
, renewWithin: (91 * 24 * 60 * 60 * 1000)
, renewBy: (90 * 24 * 60 * 60 * 1000)
// Get notified of important updates and help me make greenlock better
, communityMember: true
, debug: true
}).listen(80, 443);

74
express-server/greenlock-https/http2.js Normal file
View File

@ -0,0 +1,74 @@
'use strict';
//var Greenlock = require('greenlock-express')
var Greenlock = require('../');
var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
});
////////////////////////
// http-01 Challenges //
////////////////////////
// http-01 challenge happens over http/1.1, not http2
var redirectHttps = require('redirect-https')();
var acmeChallengeHandler = greenlock.middleware(redirectHttps);
require('http').createServer(acmeChallengeHandler).listen(80, function () {
console.log("Listening for ACME http-01 challenges on", this.address());
});
////////////////////////
// node.js' http2 api //
////////////////////////
// http2 is a new API with which you would use hapi or koa, not express
var server = require('http2').createSecureServer(greenlock.tlsOptions);
server.on('error', function (err) {
console.error(err);
});
// WARNING: Because the middleware don't handle this API style,
// the Host headers are unmodified and potentially dangerous
// (ex: Host: Robert'); DROP TABLE Students;)
server.on('stream', function (stream, headers) {
console.log(headers);
stream.respond({
'content-type': 'text/html'
, ':status': 200
});
stream.end('Hello, HTTP2 World!');
});
server.on('listening', function () {
console.log("Listening for http2 requests on", this.address());
});
server.listen(443);

15
express-server/greenlock-https/my-express-app.js Normal file
View File

@ -0,0 +1,15 @@
'use strict';
var express = require('express');
var app = express();
app.use('/', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end('Hello, World!\n\n💚 🔒.js');
});
// DO NOT DO app.listen() unless we're testing this directly
if (require.main === module) { app.listen(3000); }
// Instead do export the app:
module.exports = app;

90
express-server/greenlock-https/production.js Normal file
View File

@ -0,0 +1,90 @@
'use strict';
//
// My Secure Server
//
//var greenlock = require('greenlock-express')
var greenlock = require('../').create({
// Let's Encrypt v2 is ACME draft 11
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
server: 'https://acme-v02.api.letsencrypt.org/directory'
, version: 'draft-11'
// You MUST have write access to save certs
, configDir: '~/.config/acme/'
// The previous 'simple' example set these values statically,
// but this example uses approveDomains() to set them dynamically
//, email: 'none@see.note.above'
//, agreeTos: false
// approveDomains is the right place to check a database for
// email addresses with domains and agreements and such
, approveDomains: approveDomains
, app: require('./my-express-app.js')
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
});
var server = greenlock.listen(80, 443);
//
// My Secure Database Check
//
function approveDomains(opts, certs, cb) {
// Only one domain is listed with *automatic* registration via SNI
// (it's an array because managed registration allows for multiple domains,
// which was the case in the simple example)
console.log(opts.domains);
// The domains being approved for the first time are listed in opts.domains
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = [certs.subject].concat(certs.altnames);
}
fooCheckDb(opts.domains, function (err, agree, email) {
if (err) { cb(err); return; }
// Services SHOULD automatically accept the ToS and use YOUR email
// Clients MUST NOT accept the ToS without asking the user
opts.agreeTos = agree;
opts.email = email;
// NOTE: you can also change other options such as `challengeType` and `challenge`
// (this would be helpful if you decided you wanted wildcard support as a domain altname)
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
cb(null, { options: opts, certs: certs });
});
}
//
// My User / Domain Database
//
function fooCheckDb(domains, cb) {
// This is an oversimplified example of how we might implement a check in
// our database if we have different rules for different users and domains
var domains = [ 'example.com', 'www.example.com' ];
var userEmail = 'john.doe@example.com';
var userAgrees = true;
var passCheck = opts.domains.every(function (domain) {
return -1 !== domains.indexOf(domain);
});
if (!passCheck) {
cb(new Error('domain not allowed'));
} else {
cb(null, userAgrees, userEmail);
}
}

36
express-server/greenlock-https/quickstart.js Normal file
View File

@ -0,0 +1,36 @@
'use strict';
var app = require('../app');
//require('greenlock-express')
require('../greenlock.js').create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'lukas.n912@gmail.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'www.smartshopper.cf', 'smartshopper.cf']
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/'
, app: app
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
}).listen(7000, 443);

95
express-server/greenlock-https/remote-access.js Normal file
View File

@ -0,0 +1,95 @@
'use strict';
//
// WARNING: Not for noobs
// Try the simple example first
//
//
// This demo is used with tunnel-server.js and tunnel-client.js
//
var email = 'john.doe@gmail.com';
var domains = [ 'example.com' ];
var agreeLeTos = true;
//var secret = "My Little Brony";
var secret = require('crypto').randomBytes(16).toString('hex');
require('../').create({
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, email: email
, agreeTos: agreeLeTos
, approveDomains: domains
, configDir: '~/.config/acme/'
, app: remoteAccess(secret)
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
}).listen(3000, 8443);
function remoteAccess(secret) {
var express = require('express');
var basicAuth = require('express-basic-auth');
var serveIndex = require('serve-index');
var rootIndex = serveIndex('/', { hidden: true, icons: true, view: 'details' });
var rootFs = express.static('/', { dotfiles: 'allow', redirect: true, index: false });
var userIndex = serveIndex(require('os').homedir(), { hidden: true, icons: true, view: 'details' });
var userFs = express.static(require('os').homedir(), { dotfiles: 'allow', redirect: true, index: false });
var app = express();
var realm = 'Login Required';
var myAuth = basicAuth({
users: { 'root': secret, 'user': secret }
, challenge: true
, realm: realm
, unauthorizedResponse: function (/*req*/) {
return 'Unauthorized <a href="/">Home</a>';
}
});
app.get('/', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end(
'<a href="/browse/">View Files</a>'
+ '&nbsp; | &nbsp;'
+ '<a href="/logout/">Logout</a>'
);
});
app.use('/logout', function (req, res) {
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.setHeader('WWW-Authenticate', 'Basic realm="' + realm + '"');
res.statusCode = 401;
//res.setHeader('Location', '/');
res.end('Logged out &nbsp; | &nbsp; <a href="/">Home</a>');
});
app.use('/browse', myAuth);
app.use('/browse', function (req, res, next) {
if ('root' === req.auth.user) { rootFs(req, res, function () { rootIndex(req, res, next); }); return; }
if ('user' === req.auth.user) { userFs(req, res, function () { userIndex(req, res, next); }); return; }
res.end('Sad Panda');
});
console.log('');
console.log('');
console.log('Usernames are\n');
console.log('\troot');
console.log('\tuser');
console.log('');
console.log('Password (for both) is\n');
console.log('\t' + secret);
console.log('');
console.log("Shhhh... It's a secret to everybody!");
console.log('');
console.log('');
return app;
}

68
express-server/greenlock-https/spdy.js Normal file
View File

@ -0,0 +1,68 @@
'use strict';
// npm install spdy@3.x
//var Greenlock = require('greenlock-express')
var Greenlock = require('../');
var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
version: 'draft-11'
, server: 'https://acme-v02.api.letsencrypt.org/directory'
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
// You MUST change this to a valid email address
, email: 'jon@example.com'
// You MUST NOT build clients that accept the ToS without asking the user
, agreeTos: true
// You MUST change these to valid domains
// NOTE: all domains will validated and listed on the certificate
, approvedDomains: [ 'example.com', 'www.example.com' ]
// You MUST have access to write to directory where certs are saved
// ex: /home/foouser/acme/etc
, configDir: '~/.config/acme/' // MUST have write access
// Get notified of important updates and help me make greenlock better
, communityMember: true
//, debug: true
});
////////////////////////
// http-01 Challenges //
////////////////////////
// http-01 challenge happens over http/1.1, not http2
var redirectHttps = require('redirect-https')();
var acmeChallengeHandler = greenlock.middleware(redirectHttps);
require('http').createServer(acmeChallengeHandler).listen(80, function () {
console.log("Listening for ACME http-01 challenges on", this.address());
});
////////////////////////
// http2 via SPDY h2 //
////////////////////////
// spdy is a drop-in replacement for the https API
var spdyOptions = Object.assign({}, greenlock.tlsOptions);
spdyOptions.spdy = { protocols: [ 'h2', 'http/1.1' ], plain: false };
var myApp = require('./my-express-app.js');
var server = require('spdy').createServer(spdyOptions, myApp);
server.on('error', function (err) {
console.error(err);
});
server.on('listening', function () {
console.log("Listening for SPDY/http2/https requests on", this.address());
});
server.listen(443);

114
express-server/greenlock-https/vhost.js Normal file
View File

@ -0,0 +1,114 @@
#!/usr/bin/env node
'use strict';
///////////////////
// vhost example //
///////////////////
//
// virtual hosting example
//
// The prefix where sites go by name.
// For example: whatever.com may live in /srv/www/whatever.com, thus /srv/www is our path
var srv = '/srv/www/';
var path = require('path');
var fs = require('fs');
var finalhandler = require('finalhandler');
var serveStatic = require('serve-static');
//var glx = require('greenlock-express')
var glx = require('../').create({
version: 'draft-11' // Let's Encrypt v2 is ACME draft 11
, server: 'https://acme-v02.api.letsencrypt.org/directory' // If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
, configDir: '~/.config/acme/' // You MUST have access to write to directory where certs
// are saved. ex: /home/foouser/.config/acme
, approveDomains: myApproveDomains // Greenlock's wraps around tls.SNICallback. Check the
// domain name here and reject invalid ones
, app: myVhostApp // Any node-style http app (i.e. express, koa, hapi, rill)
/* CHANGE TO A VALID EMAIL */
, email:'jon@example.com' // Email for Let's Encrypt account and Greenlock Security
, agreeTos: true // Accept Let's Encrypt ToS
, communityMember: true // Join Greenlock to get important updates, no spam
//, debug: true
});
var server = glx.listen(80, 443);
server.on('listening', function () {
console.info(server.type + " listening on", server.address());
});
// [SECURITY]
// Since v2.4.0+ Greenlock proactively protects against
// SQL injection and timing attacks by rejecting invalid domain names,
// but it's up to you to make sure that you accept opts.domain BEFORE
// an attempt is made to issue a certificate for it.
function myApproveDomains(opts, certs, cb) {
// In this example the filesystem is our "database".
// We check in /srv/www/ for opts.domain (i.e. "example.com") and only proceed if it exists.
console.log(opts.domain);
// Check that the hosting domain exists on the file system.
var hostdir = path.join(srv, opts.domain);
fs.readdir(hostdir, function (err, nodes) {
var e;
if (err || !nodes) {
e = new Error("rejecting '" + opts.domains[0] + "' because '" + hostdir + "' could not be read");
console.error(e);
console.error(err);
cb(e);
return;
}
// You could put a variety of configuration details alongside the vhost folder
// For example, /srv/www/example.com.json could describe the following:
// If you have multiple domains grouped together, you can list them on the same certificate
// opts.domains = [ 'example.com', 'www.example.com', 'api.example.com', 'sso.example.com' ]
// You can also change other options on-the-fly
// (approveDomains is called after the in-memory certificates cache is checked, but before any ACME requests)
// opts.email = "jon@example.com"
// opts.agreeTos = true;
// opts.challengeType = 'http-01';
// opts.challenge = require('le-challenge-fs').create({});
cb(null, { options: opts, certs: certs });
});
}
// [SECURITY]
// Since v2.4.0+ Greenlock Express will proactively protect against
// SQL injection and timing attacks by rejecting invalid domain names
// in Host headers.
// It will also make them lowercase and protect against "domain fronting".
// However, it's up to you to make sure you actually have a domain to serve :)
var servers = {};
function myVhostApp(req, res) {
var hostname = req.headers.host;
var srvpath = path.join(srv, hostname);
console.log('vhost for', req.headers.host);
if (!servers[hostname]) {
try {
fs.accessSync(srvpath);
servers[hostname] = serveStatic(srvpath, { redirect: true });
} catch(e) {
finalhandler(req, res);
}
}
servers[hostname](req, res, finalhandler(req, res));
}

40
express-server/greenlock-https/websockets.js Normal file
View File

@ -0,0 +1,40 @@
'use strict';
////////////////////////
// Greenlock Setup //
////////////////////////
//var Greenlock = require('greenlock-express');
var Greenlock = require('../');
var greenlock = Greenlock.create({
// Let's Encrypt v2 is ACME draft 11
// Note: If at first you don't succeed, stop and switch to staging
// https://acme-staging-v02.api.letsencrypt.org/directory
server: 'https://acme-v02.api.letsencrypt.org/directory'
, version: 'draft-11'
, configDir: '~/.config/acme/'
, app: require('./my-express-app.js')
// You MUST change these to a valid email and domains
, email: 'john.doe@example.com'
, approvedDomains: [ 'example.com', 'www.example.com' ]
, agreeTos: true
// Get notified of important updates and help me make greenlock better
, communityMember: true
, telemetry: true
//, debug: true
});
var server = greenlock.listen(80, 443);
var WebSocket = require('ws');
var ws = new WebSocket.Server({ server: server });
ws.on('connection', function (ws, req) {
// inspect req.headers.authorization (or cookies) for session info
ws.send("[Secure Echo Server] Hello!\nAuth: '" + (req.headers.authorization || 'none') + "'\n"
+ "Cookie: '" + (req.headers.cookie || 'none') + "'\n");
ws.on('message', function (data) { ws.send(data); });
});