2022-06-27 17:53:00 +00:00
|
|
|
// @ts-ignore
|
|
|
|
import DHT from "@hyperswarm/dht";
|
|
|
|
// @ts-ignore
|
2022-07-19 22:31:15 +00:00
|
|
|
import { relay } from "@hyperswarm/dht-relay";
|
2022-06-27 17:53:00 +00:00
|
|
|
// @ts-ignore
|
|
|
|
import Stream from "@hyperswarm/dht-relay/ws";
|
2022-07-19 22:31:15 +00:00
|
|
|
import express, { Express } from "express";
|
2022-07-05 19:02:07 +00:00
|
|
|
import config from "./config.js";
|
2022-07-19 22:24:53 +00:00
|
|
|
import * as http from "http";
|
|
|
|
import * as https from "https";
|
|
|
|
import * as tls from "tls";
|
|
|
|
import * as acme from "acme-client";
|
2022-07-19 22:31:15 +00:00
|
|
|
import { Buffer } from "buffer";
|
|
|
|
import { intervalToDuration } from "date-fns";
|
2022-07-19 22:24:53 +00:00
|
|
|
import cron from "node-cron";
|
2022-07-19 22:31:15 +00:00
|
|
|
import { get as getDHT } from "./dht.js";
|
2022-07-19 22:24:53 +00:00
|
|
|
import WS from "ws";
|
|
|
|
// @ts-ignore
|
2022-07-22 23:53:11 +00:00
|
|
|
import {
|
|
|
|
createIndependentFileSmall,
|
|
|
|
IndependentFileSmall,
|
|
|
|
openIndependentFileSmall,
|
|
|
|
overwriteIndependentFileSmall,
|
|
|
|
} from "./file.js";
|
|
|
|
import { seedPhraseToSeed } from "libskynet";
|
2022-07-24 00:24:19 +00:00
|
|
|
import log from "loglevel";
|
|
|
|
import { AddressInfo } from "net";
|
|
|
|
import { sprintf } from "sprintf-js";
|
2022-07-19 22:24:53 +00:00
|
|
|
|
|
|
|
let sslCtx: tls.SecureContext = tls.createSecureContext();
|
2022-07-22 23:53:11 +00:00
|
|
|
const sslParams: tls.SecureContextOptions = { cert: "", key: "" };
|
2022-06-27 17:53:00 +00:00
|
|
|
|
2022-07-24 03:16:34 +00:00
|
|
|
let acmeClient: acme.Client;
|
2022-06-27 21:52:20 +00:00
|
|
|
|
2022-07-19 22:24:53 +00:00
|
|
|
let app: Express;
|
|
|
|
let router = express.Router();
|
2022-06-27 17:53:00 +00:00
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
const FILE_CERT_NAME = "/lumeweb/relay/ssl.crt";
|
|
|
|
const FILE_KEY_NAME = "/lumeweb/relay/ssl.key";
|
2022-07-24 03:16:34 +00:00
|
|
|
const FILE_ACCOUNT_KEY_NAME = "/lumeweb/relay/account.key";
|
2022-07-22 23:53:11 +00:00
|
|
|
|
|
|
|
type SslData = { crt: IndependentFileSmall; key: IndependentFileSmall };
|
|
|
|
|
2022-07-04 21:22:48 +00:00
|
|
|
export async function start() {
|
2022-07-26 00:35:21 +00:00
|
|
|
const relayPort = config.uint("port");
|
2022-07-19 22:31:15 +00:00
|
|
|
app = express();
|
|
|
|
app.use(function (req, res, next) {
|
|
|
|
router(req, res, next);
|
|
|
|
});
|
|
|
|
|
|
|
|
let httpsServer = https.createServer({
|
|
|
|
SNICallback(servername, cb) {
|
|
|
|
cb(null, sslCtx);
|
|
|
|
},
|
|
|
|
});
|
|
|
|
|
|
|
|
let httpServer = http.createServer(app);
|
|
|
|
|
2022-07-25 07:05:38 +00:00
|
|
|
cron.schedule("0 * * * *", setupSSl.bind(null, false));
|
2022-07-19 22:31:15 +00:00
|
|
|
|
|
|
|
await new Promise((resolve) => {
|
|
|
|
httpServer.listen(80, "0.0.0.0", function () {
|
2022-07-24 00:24:19 +00:00
|
|
|
const address = httpServer.address() as AddressInfo;
|
|
|
|
log.info("HTTP Server started on ", `${address.address}:${address.port}`);
|
2022-07-19 22:31:15 +00:00
|
|
|
resolve(null);
|
2022-07-19 22:24:53 +00:00
|
|
|
});
|
2022-07-19 22:31:15 +00:00
|
|
|
});
|
|
|
|
const dht = await getDHT();
|
2022-06-27 17:53:00 +00:00
|
|
|
|
2022-07-19 22:31:15 +00:00
|
|
|
let wsServer = new WS.Server({ server: httpsServer });
|
2022-07-19 22:24:53 +00:00
|
|
|
|
2022-07-19 22:31:15 +00:00
|
|
|
wsServer.on("connection", (socket: any) => {
|
|
|
|
relay(dht, new Stream(false, socket));
|
|
|
|
});
|
2022-07-19 22:24:53 +00:00
|
|
|
|
2022-07-19 22:31:15 +00:00
|
|
|
await new Promise((resolve) => {
|
|
|
|
httpsServer.listen(relayPort, "0.0.0.0", function () {
|
2022-07-24 00:24:19 +00:00
|
|
|
const address = httpServer.address() as AddressInfo;
|
|
|
|
log.info(
|
|
|
|
"DHT Relay Server started on ",
|
|
|
|
`${address.address}:${address.port}`
|
|
|
|
);
|
2022-07-19 22:31:15 +00:00
|
|
|
resolve(null);
|
2022-07-19 22:24:53 +00:00
|
|
|
});
|
2022-07-19 22:31:15 +00:00
|
|
|
});
|
2022-07-19 22:24:53 +00:00
|
|
|
|
2022-07-25 07:05:38 +00:00
|
|
|
await setupSSl(true);
|
2022-07-19 22:24:53 +00:00
|
|
|
}
|
|
|
|
|
2022-07-25 07:05:38 +00:00
|
|
|
async function setupSSl(bootup: boolean) {
|
2022-07-22 23:53:11 +00:00
|
|
|
let sslCert = await getSslCert();
|
|
|
|
let sslKey = await getSslKey();
|
|
|
|
let certInfo;
|
|
|
|
let exists = false;
|
|
|
|
let domainValid = false;
|
|
|
|
let dateValid = false;
|
2022-07-24 00:24:19 +00:00
|
|
|
let configDomain = config.str("domain");
|
2022-07-22 23:53:11 +00:00
|
|
|
|
|
|
|
if (sslCert && sslKey) {
|
|
|
|
sslParams.cert = Buffer.from((sslCert as IndependentFileSmall).fileData);
|
|
|
|
sslParams.key = Buffer.from((sslKey as IndependentFileSmall).fileData);
|
|
|
|
certInfo = await getCertInfo();
|
|
|
|
exists = true;
|
|
|
|
}
|
2022-07-19 22:24:53 +00:00
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
if (exists) {
|
|
|
|
const expires = certInfo?.notAfter as Date;
|
2022-07-19 22:31:15 +00:00
|
|
|
let duration = intervalToDuration({ start: new Date(), end: expires });
|
|
|
|
let daysLeft = (duration.months as number) * 30 + (duration.days as number);
|
2022-07-19 22:24:53 +00:00
|
|
|
|
2022-07-19 22:31:15 +00:00
|
|
|
if (daysLeft > 30) {
|
2022-07-22 23:53:11 +00:00
|
|
|
dateValid = true;
|
|
|
|
}
|
|
|
|
|
2022-07-24 00:24:19 +00:00
|
|
|
if (certInfo?.domains.commonName === configDomain) {
|
2022-07-22 23:53:11 +00:00
|
|
|
domainValid = true;
|
2022-07-19 22:24:53 +00:00
|
|
|
}
|
2022-07-23 01:10:14 +00:00
|
|
|
|
|
|
|
if (
|
|
|
|
Boolean(isSSlStaging()) !==
|
|
|
|
Boolean(certInfo?.issuer.commonName.toLowerCase().includes("staging"))
|
|
|
|
) {
|
|
|
|
domainValid = false;
|
|
|
|
}
|
2022-07-19 22:31:15 +00:00
|
|
|
}
|
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
if (dateValid && domainValid) {
|
2022-07-25 07:05:38 +00:00
|
|
|
if (bootup) {
|
|
|
|
sslCtx = tls.createSecureContext(sslParams);
|
|
|
|
log.info(`Loaded SSL Certificate for ${configDomain}`);
|
|
|
|
}
|
2022-07-22 23:53:11 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
await createOrRenewSSl(
|
|
|
|
sslCert as IndependentFileSmall,
|
|
|
|
sslKey as IndependentFileSmall
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
async function createOrRenewSSl(
|
|
|
|
oldCert?: IndependentFileSmall,
|
|
|
|
oldKey?: IndependentFileSmall
|
|
|
|
) {
|
2022-07-24 00:24:19 +00:00
|
|
|
const existing = oldCert && oldKey;
|
|
|
|
|
|
|
|
log.info(
|
|
|
|
sprintf(
|
|
|
|
"%s SSL Certificate for %s",
|
|
|
|
existing ? "Renewing" : "Creating",
|
|
|
|
config.str("domain")
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
2022-07-24 03:16:34 +00:00
|
|
|
let accountKey: boolean | IndependentFileSmall | Buffer = await getSslFile(
|
|
|
|
FILE_ACCOUNT_KEY_NAME
|
|
|
|
);
|
|
|
|
|
|
|
|
if (accountKey) {
|
|
|
|
accountKey = Buffer.from((accountKey as IndependentFileSmall).fileData);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!accountKey) {
|
|
|
|
accountKey = await acme.forge.createPrivateKey();
|
|
|
|
await createIndependentFileSmall(
|
|
|
|
getSeed(),
|
|
|
|
FILE_ACCOUNT_KEY_NAME,
|
|
|
|
accountKey
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
acmeClient = new acme.Client({
|
|
|
|
accountKey: accountKey as Buffer,
|
|
|
|
directoryUrl: isSSlStaging()
|
|
|
|
? acme.directory.letsencrypt.staging
|
|
|
|
: acme.directory.letsencrypt.production,
|
|
|
|
});
|
|
|
|
|
2022-07-19 22:31:15 +00:00
|
|
|
const [certificateKey, certificateRequest] = await acme.forge.createCsr({
|
2022-07-22 23:55:09 +00:00
|
|
|
commonName: config.str("domain"),
|
2022-07-19 22:31:15 +00:00
|
|
|
});
|
2022-07-22 23:53:11 +00:00
|
|
|
try {
|
|
|
|
sslParams.cert = await acmeClient.auto({
|
|
|
|
csr: certificateRequest,
|
|
|
|
termsOfServiceAgreed: true,
|
|
|
|
challengeCreateFn: async (authz, challenge, keyAuthorization) => {
|
|
|
|
router.get(
|
|
|
|
`/.well-known/acme-challenge/${challenge.token}`,
|
|
|
|
(req, res) => {
|
|
|
|
res.send(keyAuthorization);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
},
|
|
|
|
challengeRemoveFn: async () => {
|
|
|
|
router = express.Router();
|
|
|
|
},
|
|
|
|
challengePriority: ["http-01"],
|
|
|
|
});
|
|
|
|
sslParams.cert = Buffer.from(sslParams.cert);
|
|
|
|
} catch (e: any) {
|
|
|
|
console.error((e as Error).message);
|
|
|
|
process.exit(1);
|
|
|
|
}
|
2022-07-19 22:31:15 +00:00
|
|
|
sslParams.key = certificateKey;
|
|
|
|
sslCtx = tls.createSecureContext(sslParams);
|
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
await saveSsl(oldCert, oldKey);
|
|
|
|
}
|
|
|
|
|
|
|
|
async function saveSsl(
|
|
|
|
oldCert?: IndependentFileSmall,
|
|
|
|
oldKey?: IndependentFileSmall
|
|
|
|
): Promise<void> {
|
|
|
|
const seed = getSeed();
|
|
|
|
|
2022-07-24 00:24:19 +00:00
|
|
|
log.info(`Saving SSL Certificate for ${config.str("domain")}`);
|
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
if (oldCert) {
|
|
|
|
await overwriteIndependentFileSmall(
|
|
|
|
oldCert,
|
|
|
|
Buffer.from(sslParams.cert as any)
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
await createIndependentFileSmall(
|
|
|
|
seed,
|
|
|
|
FILE_CERT_NAME,
|
|
|
|
Buffer.from(sslParams.cert as any)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (oldKey) {
|
|
|
|
await overwriteIndependentFileSmall(
|
|
|
|
oldKey,
|
|
|
|
Buffer.from(sslParams.key as any)
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
await createIndependentFileSmall(
|
|
|
|
seed,
|
|
|
|
FILE_KEY_NAME,
|
|
|
|
Buffer.from(sslParams.key as any)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async function getCertInfo() {
|
|
|
|
return acme.forge.readCertificateInfo(sslParams.cert as Buffer);
|
|
|
|
}
|
|
|
|
|
|
|
|
async function getSslCert(): Promise<IndependentFileSmall | boolean> {
|
|
|
|
return getSslFile(FILE_CERT_NAME);
|
|
|
|
}
|
2022-07-24 03:16:34 +00:00
|
|
|
|
2022-07-22 23:53:11 +00:00
|
|
|
async function getSslKey(): Promise<IndependentFileSmall | boolean> {
|
|
|
|
return getSslFile(FILE_KEY_NAME);
|
|
|
|
}
|
|
|
|
|
|
|
|
async function getSslFile(
|
|
|
|
name: string
|
|
|
|
): Promise<IndependentFileSmall | boolean> {
|
|
|
|
let seed = getSeed();
|
|
|
|
|
|
|
|
let [file, err] = await openIndependentFileSmall(seed, name);
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return file;
|
|
|
|
}
|
|
|
|
|
|
|
|
function getSeed(): Uint8Array {
|
2022-07-22 23:55:09 +00:00
|
|
|
let [seed, err] = seedPhraseToSeed(config.str("seed"));
|
2022-07-22 23:53:11 +00:00
|
|
|
|
|
|
|
if (err) {
|
|
|
|
console.error(err);
|
|
|
|
process.exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
return seed;
|
2022-06-27 17:53:00 +00:00
|
|
|
}
|
2022-07-23 01:09:06 +00:00
|
|
|
|
|
|
|
function isSSlStaging() {
|
|
|
|
return config.str("ssl-mode") === "staging";
|
|
|
|
}
|