relay/src/relay.ts

// @ts-ignore
import DHT from "@hyperswarm/dht";
// @ts-ignore
import { relay } from "@hyperswarm/dht-relay";
// @ts-ignore
import Stream from "@hyperswarm/dht-relay/ws";
import express, { Express } from "express";
import config from "./config.js";
import * as http from "http";
import * as https from "https";
import * as tls from "tls";
import * as acme from "acme-client";
import { Buffer } from "buffer";
import { intervalToDuration } from "date-fns";
import cron from "node-cron";
import { get as getDHT } from "./dht.js";
import WS from "ws";
// @ts-ignore
import {
  createIndependentFileSmall,
  IndependentFileSmall,
  openIndependentFileSmall,
  overwriteIndependentFileSmall,
} from "./file.js";
import log from "loglevel";
import { AddressInfo } from "net";
import { sprintf } from "sprintf-js";
import { dynImport } from "./util.js";

let sslCtx: tls.SecureContext = tls.createSecureContext();
const sslParams: tls.SecureContextOptions = { cert: "", key: "" };

let acmeClient: acme.Client;

let app: Express;
let router = express.Router();

let seedPhraseToSeed: typeof import("libskynet").seedPhraseToSeed;

const FILE_CERT_NAME = "/lumeweb/relay/ssl.crt";
const FILE_KEY_NAME = "/lumeweb/relay/ssl.key";
const FILE_ACCOUNT_KEY_NAME = "/lumeweb/relay/account.key";

export async function start() {
  seedPhraseToSeed = (await dynImport("libskynet")).seedPhraseToSeed;

  const relayPort = config.uint("port");
  app = express();
  app.use(function (req, res, next) {
    router(req, res, next);
  });

  let httpsServer = https.createServer({
    SNICallback(servername, cb) {
      cb(null, sslCtx);
    },
  });

  let httpServer = http.createServer(app);

  cron.schedule("0 * * * *", setupSSl.bind(null, false));

  await new Promise((resolve) => {
    httpServer.listen(80, "0.0.0.0", function () {
      const address = httpServer.address() as AddressInfo;
      log.info("HTTP Server started on ", `${address.address}:${address.port}`);
      resolve(null);
    });
  });
  const dht = await getDHT();

  let wsServer = new WS.Server({ server: httpsServer });

  wsServer.on("connection", (socket: any) => {
    relay(dht, new Stream(false, socket));
  });

  await new Promise((resolve) => {
    httpsServer.listen(relayPort, "0.0.0.0", function () {
      const address = httpsServer.address() as AddressInfo;
      log.info(
        "DHT Relay Server started on ",
        `${address.address}:${address.port}`
      );
      resolve(null);
    });
  });

  await setupSSl(true);
}

async function setupSSl(bootup: boolean) {
  let sslCert = await getSslCert();
  let sslKey = await getSslKey();
  let certInfo;
  let exists = false;
  let domainValid = false;
  let dateValid = false;
  let configDomain = config.str("domain");

  if (sslCert && sslKey) {
    sslParams.cert = Buffer.from((sslCert as IndependentFileSmall).fileData);
    sslParams.key = Buffer.from((sslKey as IndependentFileSmall).fileData);
    certInfo = await getCertInfo();
    exists = true;
  }

  if (exists) {
    const expires = certInfo?.notAfter as Date;
    let duration = intervalToDuration({ start: new Date(), end: expires });
    let daysLeft = (duration.months as number) * 30 + (duration.days as number);

    if (daysLeft > 30) {
      dateValid = true;
    }

    if (certInfo?.domains.commonName === configDomain) {
      domainValid = true;
    }

    if (
      Boolean(isSSlStaging()) !==
      Boolean(certInfo?.issuer.commonName.toLowerCase().includes("staging"))
    ) {
      domainValid = false;
    }
  }

  if (dateValid && domainValid) {
    if (bootup) {
      sslCtx = tls.createSecureContext(sslParams);
      log.info(`Loaded SSL Certificate for ${configDomain}`);
    }
    return;
  }

  await createOrRenewSSl(
    sslCert as IndependentFileSmall,
    sslKey as IndependentFileSmall
  );
}

async function createOrRenewSSl(
  oldCert?: IndependentFileSmall,
  oldKey?: IndependentFileSmall
) {
  const existing = oldCert && oldKey;

  log.info(
    sprintf(
      "%s SSL Certificate for %s",
      existing ? "Renewing" : "Creating",
      config.str("domain")
    )
  );

  let accountKey: boolean | IndependentFileSmall | Buffer = await getSslFile(
    FILE_ACCOUNT_KEY_NAME
  );

  if (accountKey) {
    accountKey = Buffer.from((accountKey as IndependentFileSmall).fileData);
  }

  if (!accountKey) {
    accountKey = await acme.forge.createPrivateKey();
    await createIndependentFileSmall(
      getSeed(),
      FILE_ACCOUNT_KEY_NAME,
      accountKey
    );
  }

  acmeClient = new acme.Client({
    accountKey: accountKey as Buffer,
    directoryUrl: isSSlStaging()
      ? acme.directory.letsencrypt.staging
      : acme.directory.letsencrypt.production,
  });

  const [certificateKey, certificateRequest] = await acme.forge.createCsr({
    commonName: config.str("domain"),
  });
  try {
    sslParams.cert = await acmeClient.auto({
      csr: certificateRequest,
      termsOfServiceAgreed: true,
      challengeCreateFn: async (authz, challenge, keyAuthorization) => {
        router.get(
          `/.well-known/acme-challenge/${challenge.token}`,
          (req, res) => {
            res.send(keyAuthorization);
          }
        );
      },
      challengeRemoveFn: async () => {
        router = express.Router();
      },
      challengePriority: ["http-01"],
    });
    sslParams.cert = Buffer.from(sslParams.cert);
  } catch (e: any) {
    console.error((e as Error).message);
    process.exit(1);
  }
  sslParams.key = certificateKey;
  sslCtx = tls.createSecureContext(sslParams);

  await saveSsl(oldCert, oldKey);
}

async function saveSsl(
  oldCert?: IndependentFileSmall,
  oldKey?: IndependentFileSmall
): Promise<void> {
  const seed = getSeed();

  log.info(`Saving SSL Certificate for ${config.str("domain")}`);

  if (oldCert) {
    await overwriteIndependentFileSmall(
      oldCert,
      Buffer.from(sslParams.cert as any)
    );
  } else {
    await createIndependentFileSmall(
      seed,
      FILE_CERT_NAME,
      Buffer.from(sslParams.cert as any)
    );
  }

  if (oldKey) {
    await overwriteIndependentFileSmall(
      oldKey,
      Buffer.from(sslParams.key as any)
    );
  } else {
    await createIndependentFileSmall(
      seed,
      FILE_KEY_NAME,
      Buffer.from(sslParams.key as any)
    );
  }
}

async function getCertInfo() {
  return acme.forge.readCertificateInfo(sslParams.cert as Buffer);
}

async function getSslCert(): Promise<IndependentFileSmall | boolean> {
  return getSslFile(FILE_CERT_NAME);
}

async function getSslKey(): Promise<IndependentFileSmall | boolean> {
  return getSslFile(FILE_KEY_NAME);
}

async function getSslFile(
  name: string
): Promise<IndependentFileSmall | boolean> {
  let seed = getSeed();

  let [file, err] = await openIndependentFileSmall(seed, name);

  if (err) {
    return false;
  }

  return file;
}

function getSeed(): Uint8Array {
  let [seed, err] = seedPhraseToSeed(config.str("seed"));

  if (err) {
    console.error(err);
    process.exit(1);
  }

  return seed;
}

function isSSlStaging() {
  return config.str("ssl-mode") === "staging";
}
*Initial version 2022-06-27 17:53:00 +00:00			`// @ts-ignore`
			`import DHT from "@hyperswarm/dht";`
			`// @ts-ignore`
*Reformat 2022-07-19 22:31:15 +00:00			`import { relay } from "@hyperswarm/dht-relay";`
*Initial version 2022-06-27 17:53:00 +00:00			`// @ts-ignore`
			`import Stream from "@hyperswarm/dht-relay/ws";`
*Reformat 2022-07-19 22:31:15 +00:00			`import express, { Express } from "express";`
*switch to using bcfg 2022-07-05 19:02:07 +00:00			`import config from "./config.js";`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`import * as http from "http";`
			`import * as https from "https";`
			`import * as tls from "tls";`
			`import * as acme from "acme-client";`
*Reformat 2022-07-19 22:31:15 +00:00			`import { Buffer } from "buffer";`
			`import { intervalToDuration } from "date-fns";`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`import cron from "node-cron";`
*Reformat 2022-07-19 22:31:15 +00:00			`import { get as getDHT } from "./dht.js";`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`import WS from "ws";`
			`// @ts-ignore`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`import {`
			`createIndependentFileSmall,`
			`IndependentFileSmall,`
			`openIndependentFileSmall,`
			`overwriteIndependentFileSmall,`
			`} from "./file.js";`
*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`import log from "loglevel";`
			`import { AddressInfo } from "net";`
			`import { sprintf } from "sprintf-js";`
*refactor to use dynamic imports for ESM modules and do so via a helper that bypasses typescript parsing. 2022-08-05 03:33:16 +00:00			`import { dynImport } from "./util.js";`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
			`let sslCtx: tls.SecureContext = tls.createSecureContext();`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`const sslParams: tls.SecureContextOptions = { cert: "", key: "" };`
*Initial version 2022-06-27 17:53:00 +00:00
*Restructure to transpile to commonjs since vercel pkg does not support ESM 2022-07-24 03:16:34 +00:00			`let acmeClient: acme.Client;`
*Fix dht key and use constant 2022-06-27 21:52:20 +00:00
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`let app: Express;`
			`let router = express.Router();`
*Initial version 2022-06-27 17:53:00 +00:00
*refactor to use dynamic imports for ESM modules and do so via a helper that bypasses typescript parsing. 2022-08-05 03:33:16 +00:00			`let seedPhraseToSeed: typeof import("libskynet").seedPhraseToSeed;`

Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`const FILE_CERT_NAME = "/lumeweb/relay/ssl.crt";`
			`const FILE_KEY_NAME = "/lumeweb/relay/ssl.key";`
*Restructure to transpile to commonjs since vercel pkg does not support ESM 2022-07-24 03:16:34 +00:00			`const FILE_ACCOUNT_KEY_NAME = "/lumeweb/relay/account.key";`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00
Switch to using a dynamic dns domain Add letsencrypt support Add afraid.org support Refactor env error checking *Add dynamic ip polling and updating 2022-07-04 21:22:48 +00:00			`export async function start() {`
*refactor to use dynamic imports for ESM modules and do so via a helper that bypasses typescript parsing. 2022-08-05 03:33:16 +00:00			`seedPhraseToSeed = (await dynImport("libskynet")).seedPhraseToSeed;`

*Access port as uint 2022-07-26 00:35:21 +00:00			`const relayPort = config.uint("port");`
*Reformat 2022-07-19 22:31:15 +00:00			`app = express();`
			`app.use(function (req, res, next) {`
			`router(req, res, next);`
			`});`

			`let httpsServer = https.createServer({`
			`SNICallback(servername, cb) {`
			`cb(null, sslCtx);`
			`},`
			`});`

			`let httpServer = http.createServer(app);`

*Only load ssl in setup if it is the bootup process 2022-07-25 07:05:38 +00:00			`cron.schedule("0 * * * *", setupSSl.bind(null, false));`
*Reformat 2022-07-19 22:31:15 +00:00
			`await new Promise((resolve) => {`
			`httpServer.listen(80, "0.0.0.0", function () {`
*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`const address = httpServer.address() as AddressInfo;`
			log.info("HTTP Server started on ", `${address.address}:${address.port}`);
*Reformat 2022-07-19 22:31:15 +00:00			`resolve(null);`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`});`
*Reformat 2022-07-19 22:31:15 +00:00			`});`
			`const dht = await getDHT();`
*Initial version 2022-06-27 17:53:00 +00:00
*Reformat 2022-07-19 22:31:15 +00:00			`let wsServer = new WS.Server({ server: httpsServer });`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
*Reformat 2022-07-19 22:31:15 +00:00			`wsServer.on("connection", (socket: any) => {`
			`relay(dht, new Stream(false, socket));`
			`});`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
*Reformat 2022-07-19 22:31:15 +00:00			`await new Promise((resolve) => {`
			`httpsServer.listen(relayPort, "0.0.0.0", function () {`
*Fix log information 2022-07-26 00:48:06 +00:00			`const address = httpsServer.address() as AddressInfo;`
*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`log.info(`
			`"DHT Relay Server started on ",`
			`${address.address}:${address.port}`
			`);`
*Reformat 2022-07-19 22:31:15 +00:00			`resolve(null);`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`});`
*Reformat 2022-07-19 22:31:15 +00:00			`});`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
*Only load ssl in setup if it is the bootup process 2022-07-25 07:05:38 +00:00			`await setupSSl(true);`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`}`

*Only load ssl in setup if it is the bootup process 2022-07-25 07:05:38 +00:00			`async function setupSSl(bootup: boolean) {`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`let sslCert = await getSslCert();`
			`let sslKey = await getSslKey();`
			`let certInfo;`
			`let exists = false;`
			`let domainValid = false;`
			`let dateValid = false;`
*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`let configDomain = config.str("domain");`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00
			`if (sslCert && sslKey) {`
			`sslParams.cert = Buffer.from((sslCert as IndependentFileSmall).fileData);`
			`sslParams.key = Buffer.from((sslKey as IndependentFileSmall).fileData);`
			`certInfo = await getCertInfo();`
			`exists = true;`
			`}`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`if (exists) {`
			`const expires = certInfo?.notAfter as Date;`
*Reformat 2022-07-19 22:31:15 +00:00			`let duration = intervalToDuration({ start: new Date(), end: expires });`
			`let daysLeft = (duration.months as number) * 30 + (duration.days as number);`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00
*Reformat 2022-07-19 22:31:15 +00:00			`if (daysLeft > 30) {`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`dateValid = true;`
			`}`

*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`if (certInfo?.domains.commonName === configDomain) {`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`domainValid = true;`
Refactoring Reformat *Fix hsd node bootup 2022-07-19 22:24:53 +00:00			`}`
*Add xor on staging mode and the letsencrypt cert to reprocess if we are live with a staging cert or on staging mode with a live cert. 2022-07-23 01:10:14 +00:00
			`if (`
			`Boolean(isSSlStaging()) !==`
			`Boolean(certInfo?.issuer.commonName.toLowerCase().includes("staging"))`
			`) {`
			`domainValid = false;`
			`}`
*Reformat 2022-07-19 22:31:15 +00:00			`}`

Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`if (dateValid && domainValid) {`
*Only load ssl in setup if it is the bootup process 2022-07-25 07:05:38 +00:00			`if (bootup) {`
			`sslCtx = tls.createSecureContext(sslParams);`
			log.info(`Loaded SSL Certificate for ${configDomain}`);
			`}`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`return;`
			`}`

			`await createOrRenewSSl(`
			`sslCert as IndependentFileSmall,`
			`sslKey as IndependentFileSmall`
			`);`
			`}`

			`async function createOrRenewSSl(`
			`oldCert?: IndependentFileSmall,`
			`oldKey?: IndependentFileSmall`
			`) {`
*Add dedicated logging library 2022-07-24 00:24:19 +00:00			`const existing = oldCert && oldKey;`

			`log.info(`
			`sprintf(`
			`"%s SSL Certificate for %s",`
			`existing ? "Renewing" : "Creating",`
			`config.str("domain")`
			`)`
			`);`

*Restructure to transpile to commonjs since vercel pkg does not support ESM 2022-07-24 03:16:34 +00:00			`let accountKey: boolean \| IndependentFileSmall \| Buffer = await getSslFile(`
			`FILE_ACCOUNT_KEY_NAME`
			`);`

			`if (accountKey) {`
			`accountKey = Buffer.from((accountKey as IndependentFileSmall).fileData);`
			`}`

			`if (!accountKey) {`
			`accountKey = await acme.forge.createPrivateKey();`
			`await createIndependentFileSmall(`
			`getSeed(),`
			`FILE_ACCOUNT_KEY_NAME,`
			`accountKey`
			`);`
			`}`

			`acmeClient = new acme.Client({`
			`accountKey: accountKey as Buffer,`
			`directoryUrl: isSSlStaging()`
			`? acme.directory.letsencrypt.staging`
			`: acme.directory.letsencrypt.production,`
			`});`

*Reformat 2022-07-19 22:31:15 +00:00			`const [certificateKey, certificateRequest] = await acme.forge.createCsr({`
*Remove relay prefix from settings 2022-07-22 23:55:09 +00:00			`commonName: config.str("domain"),`
*Reformat 2022-07-19 22:31:15 +00:00			`});`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`try {`
			`sslParams.cert = await acmeClient.auto({`
			`csr: certificateRequest,`
			`termsOfServiceAgreed: true,`
			`challengeCreateFn: async (authz, challenge, keyAuthorization) => {`
			`router.get(`
			`/.well-known/acme-challenge/${challenge.token}`,
			`(req, res) => {`
			`res.send(keyAuthorization);`
			`}`
			`);`
			`},`
			`challengeRemoveFn: async () => {`
			`router = express.Router();`
			`},`
			`challengePriority: ["http-01"],`
			`});`
			`sslParams.cert = Buffer.from(sslParams.cert);`
			`} catch (e: any) {`
			`console.error((e as Error).message);`
			`process.exit(1);`
			`}`
*Reformat 2022-07-19 22:31:15 +00:00			`sslParams.key = certificateKey;`
			`sslCtx = tls.createSecureContext(sslParams);`

Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`await saveSsl(oldCert, oldKey);`
			`}`

			`async function saveSsl(`
			`oldCert?: IndependentFileSmall,`
			`oldKey?: IndependentFileSmall`
			`): Promise<void> {`
			`const seed = getSeed();`

*Add dedicated logging library 2022-07-24 00:24:19 +00:00			log.info(`Saving SSL Certificate for ${config.str("domain")}`);

Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`if (oldCert) {`
			`await overwriteIndependentFileSmall(`
			`oldCert,`
			`Buffer.from(sslParams.cert as any)`
			`);`
			`} else {`
			`await createIndependentFileSmall(`
			`seed,`
			`FILE_CERT_NAME,`
			`Buffer.from(sslParams.cert as any)`
			`);`
			`}`

			`if (oldKey) {`
			`await overwriteIndependentFileSmall(`
			`oldKey,`
			`Buffer.from(sslParams.key as any)`
			`);`
			`} else {`
			`await createIndependentFileSmall(`
			`seed,`
			`FILE_KEY_NAME,`
			`Buffer.from(sslParams.key as any)`
			`);`
			`}`
			`}`

			`async function getCertInfo() {`
			`return acme.forge.readCertificateInfo(sslParams.cert as Buffer);`
			`}`

			`async function getSslCert(): Promise<IndependentFileSmall \| boolean> {`
			`return getSslFile(FILE_CERT_NAME);`
			`}`
*Restructure to transpile to commonjs since vercel pkg does not support ESM 2022-07-24 03:16:34 +00:00
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00			`async function getSslKey(): Promise<IndependentFileSmall \| boolean> {`
			`return getSslFile(FILE_KEY_NAME);`
			`}`

			`async function getSslFile(`
			`name: string`
			`): Promise<IndependentFileSmall \| boolean> {`
			`let seed = getSeed();`

			`let [file, err] = await openIndependentFileSmall(seed, name);`

			`if (err) {`
			`return false;`
			`}`

			`return file;`
			`}`

			`function getSeed(): Uint8Array {`
*Remove relay prefix from settings 2022-07-22 23:55:09 +00:00			`let [seed, err] = seedPhraseToSeed(config.str("seed"));`
Refactor SSL support to store to skynet as independent files Introduce ssl-mode config option to use staging letsencrypt 2022-07-22 23:53:11 +00:00
			`if (err) {`
			`console.error(err);`
			`process.exit(1);`
			`}`

			`return seed;`
*Initial version 2022-06-27 17:53:00 +00:00			`}`
*Add method to check if we are in staging mode for ssl 2022-07-23 01:09:06 +00:00
			`function isSSlStaging() {`
			`return config.str("ssl-mode") === "staging";`
			`}`