richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1980 Commits
3 Branches
119 Tags
73 MiB
Tree: 97dd0637e9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '97dd0637e9'
${ noResults }
wiki/server/core/letsencrypt.js

125 lines
5.2 KiB
Raw Normal View History

feat: let's encrypt
4 years ago
fix: letsencrypt maintainerEmail
4 years ago
feat: let's encrypt
4 years ago
fix: letsencrypt maintainerEmail
4 years ago
feat: let's encrypt
4 years ago
  1. const ACME = require('acme')
  2. const Keypairs = require('@root/keypairs')
  3. const _ = require('lodash')
  4. const moment = require('moment')
  5. const CSR = require('@root/csr')
  6. const PEM = require('@root/pem')
  7. // eslint-disable-next-line node/no-deprecated-api
  8. const punycode = require('punycode')
  10. /* global WIKI */
  12. module.exports = {
  13. apiDirectory: WIKI.dev ? 'https://acme-staging-v02.api.letsencrypt.org/directory' : 'https://acme-v02.api.letsencrypt.org/directory',
  14. acme: null,
  15. async init () {
  16. if (!_.get(WIKI.config, 'letsencrypt.payload', false)) {
  17. await this.requestCertificate()
  18. } else if (WIKI.config.letsencrypt.domain !== WIKI.config.ssl.domain) {
  19. WIKI.logger.info(`(LETSENCRYPT) Domain has changed. Requesting new certificates...`)
  20. await this.requestCertificate()
  21. } else if (moment(WIKI.config.letsencrypt.payload.expires).isSameOrBefore(moment().add(5, 'days'))) {
  22. WIKI.logger.info(`(LETSENCRYPT) Certificate is about to or has expired, requesting a new one...`)
  23. await this.requestCertificate()
  24. } else {
  25. WIKI.logger.info(`(LETSENCRYPT) Using existing certificate for ${WIKI.config.ssl.domain}, expires on ${WIKI.config.letsencrypt.payload.expires}: [ OK ]`)
  26. }
  27. WIKI.config.ssl.format = 'pem'
  28. WIKI.config.ssl.inline = true
  29. WIKI.config.ssl.key = WIKI.config.letsencrypt.serverKey
  30. WIKI.config.ssl.cert = WIKI.config.letsencrypt.payload.cert + '\n' + WIKI.config.letsencrypt.payload.chain
  31. WIKI.config.ssl.passphrase = null
  32. WIKI.config.ssl.dhparam = null
  33. },
  34. async requestCertificate () {
  35. try {
  36. WIKI.logger.info(`(LETSENCRYPT) Initializing Let's Encrypt client...`)
  37. this.acme = ACME.create({
  38. maintainerEmail: WIKI.config.maintainerEmail,
  39. packageAgent: `wikijs/${WIKI.version}`,
  40. notify: (ev, msg) => {
  41. if (_.includes(['warning', 'error'], ev)) {
  42. WIKI.logger.warn(`${ev}: ${msg}`)
  43. } else {
  44. WIKI.logger.debug(`${ev}: ${JSON.stringify(msg)}`)
  45. }
  46. }
  47. })
  49. await this.acme.init(this.apiDirectory)
  51. // -> Create ACME Subscriber account
  53. if (!_.get(WIKI.config, 'letsencrypt.account', false)) {
  54. WIKI.logger.info(`(LETSENCRYPT) Setting up account for the first time...`)
  55. const accountKeypair = await Keypairs.generate({ kty: 'EC', format: 'jwk' })
  56. const account = await this.acme.accounts.create({
  57. subscriberEmail: WIKI.config.ssl.subscriberEmail,
  58. agreeToTerms: true,
  59. accountKey: accountKeypair.private
  60. })
  61. WIKI.config.letsencrypt = {
  62. accountKeypair: accountKeypair,
  63. account: account,
  64. domain: WIKI.config.ssl.domain
  65. }
  66. await WIKI.configSvc.saveToDb(['letsencrypt'])
  67. WIKI.logger.info(`(LETSENCRYPT) Account was setup successfully [ OK ]`)
  68. }
  70. // -> Create Server Keypair
  72. if (!WIKI.config.letsencrypt.serverKey) {
  73. WIKI.logger.info(`(LETSENCRYPT) Generating server keypairs...`)
  74. const serverKeypair = await Keypairs.generate({ kty: 'RSA', format: 'jwk' })
  75. WIKI.config.letsencrypt.serverKey = await Keypairs.export({ jwk: serverKeypair.private })
  76. WIKI.logger.info(`(LETSENCRYPT) Server keypairs generated successfully [ OK ]`)
  77. }
  79. // -> Create CSR
  81. WIKI.logger.info(`(LETSENCRYPT) Generating certificate signing request (CSR)...`)
  82. const domains = [ punycode.toASCII(WIKI.config.ssl.domain) ]
  83. const serverKey = await Keypairs.import({ pem: WIKI.config.letsencrypt.serverKey })
  84. const csrDer = await CSR.csr({ jwk: serverKey, domains, encoding: 'der' })
  85. const csr = PEM.packBlock({ type: 'CERTIFICATE REQUEST', bytes: csrDer })
  86. WIKI.logger.info(`(LETSENCRYPT) CSR generated successfully [ OK ]`)
  88. // -> Verify Domain + Get Certificate
  90. WIKI.logger.info(`(LETSENCRYPT) Requesting certificate from Let's Encrypt...`)
  91. const certResp = await this.acme.certificates.create({
  92. account: WIKI.config.letsencrypt.account,
  93. accountKey: WIKI.config.letsencrypt.accountKeypair.private,
  94. csr,
  95. domains,
  96. challenges: {
  97. 'http-01': {
  98. init () {},
  99. set (data) {
  100. WIKI.logger.info(`(LETSENCRYPT) Setting HTTP challenge for ${data.challenge.hostname}: [ READY ]`)
  101. WIKI.config.letsencrypt.challenge = data.challenge
  102. WIKI.logger.info(`(LETSENCRYPT) Waiting for challenge to complete...`)
  103. return null // <- this is needed, cannot be undefined
  104. },
  105. get (data) {
  106. return WIKI.config.letsencrypt.challenge
  107. },
  108. async remove (data) {
  109. WIKI.logger.info(`(LETSENCRYPT) Removing HTTP challenge: [ OK ]`)
  110. WIKI.config.letsencrypt.challenge = null
  111. return null // <- this is needed, cannot be undefined
  112. }
  113. }
  114. }
  115. })
  116. WIKI.logger.info(`(LETSENCRYPT) New certifiate received successfully: [ COMPLETED ]`)
  117. WIKI.config.letsencrypt.payload = certResp
  118. WIKI.config.letsencrypt.domain = WIKI.config.ssl.domain
  119. await WIKI.configSvc.saveToDb(['letsencrypt'])
  120. } catch (err) {
  121. WIKI.logger.warn(`(LETSENCRYPT) ${err}`)
  122. throw err
  123. }
  124. }
  125. }