MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved Let's Encrypt server warnings.

This commit is contained in:
Ylian Saint-Hilaire 2020-12-28 15:21:50 -08:00
parent 28d86279dc
commit b77c77d83d
3 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
letsencrypt.js
View File

@ -58,12 +58,12 @@ module.exports.CreateLetsEncrypt = function (parent) {
obj.getCertificate = function(certs, func) { obj.getCertificate = function(certs, func) {
obj.runAsProduction = (obj.parent.config.letsencrypt.production === true); obj.runAsProduction = (obj.parent.config.letsencrypt.production === true);
obj.log("Getting certs from local store (" + (obj.runAsProduction ? "Production" : "Staging") + ")"); obj.log("Getting certs from local store (" + (obj.runAsProduction ? "Production" : "Staging") + ")");
if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "ERROR: Use --cert to setup the default server name before using Let's Encrypt."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "Add \"cert\" value to settings in config.json before using Let's Encrypt."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "ERROR: Let's Encrypt email address not specified."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "Let's Encrypt email address not specified."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "ERROR: Redirection web server must be active on port 80 for Let's Encrypt to work."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "Redirection web server must be active on port 80 for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.redirWebServerHooked !== true) { obj.configErr = "ERROR: Redirection web server not setup for Let's Encrypt to work."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if (obj.redirWebServerHooked !== true) { obj.configErr = "Redirection web server not setup for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "ERROR: Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; } if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours. if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours.
obj.configOk = true; obj.configOk = true;
@ -227,7 +227,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
webServer: obj.redirWebServerHooked, webServer: obj.redirWebServerHooked,
certPath: obj.certPath certPath: obj.certPath
}; };
if (obj.configErr) { r.error = obj.configErr; } if (obj.configErr) { r.error = "WARNING: " + obj.configErr; }
if (obj.certExpire) { r.cert = 'Present'; r.daysLeft = Math.floor((obj.certExpire - new Date()) / 86400000); } else { r.cert = 'None'; } if (obj.certExpire) { r.cert = 'Present'; r.daysLeft = Math.floor((obj.certExpire - new Date()) / 86400000); } else { r.cert = 'None'; }
return r; return r;
} }

6
meshcentral.js
View File

@ -2139,7 +2139,7 @@ function CreateMeshCentralServer(config, args) {
} else { } else {
obj.defaultMeshCores[i] = [obj.common.IntToStr(0), ...modulesAdd[i], meshCore].join(''); obj.defaultMeshCores[i] = [obj.common.IntToStr(0), ...modulesAdd[i], meshCore].join('');
} }
obj.defaultMeshCoresHash[i] = obj.crypto.createHash('sha384').update(obj.defaultMeshCores[i]).digest("binary"); obj.defaultMeshCoresHash[i] = obj.crypto.createHash('sha384').update(obj.defaultMeshCores[i]).digest('binary');
obj.debug('main', 'Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.'); obj.debug('main', 'Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.');
//console.log('Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.'); // DEBUG, Print the core size //console.log('Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.'); // DEBUG, Print the core size
//obj.fs.writeFile("C:\\temp\\" + i + ".js", obj.defaultMeshCores[i].substring(4)); // DEBUG, Write the core to file //obj.fs.writeFile("C:\\temp\\" + i + ".js", obj.defaultMeshCores[i].substring(4)); // DEBUG, Write the core to file
@ -2511,7 +2511,7 @@ function CreateMeshCentralServer(config, args) {
} catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; } } catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; }
}; };
// Decode a cookie back into an object using a key using AES256-GCM or AES128-CBC/HMAC-SHA386. Return null if it's not a valid cookie. (key must be 32 bytes or more) // Decode a cookie back into an object using a key using AES256-GCM or AES128-CBC/HMAC-SHA384. Return null if it's not a valid cookie. (key must be 32 bytes or more)
obj.decodeCookie = function (cookie, key, timeout) { obj.decodeCookie = function (cookie, key, timeout) {
var r = obj.decodeCookieAESGCM(cookie, key, timeout); var r = obj.decodeCookieAESGCM(cookie, key, timeout);
if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); } if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); }
@ -2569,7 +2569,7 @@ function CreateMeshCentralServer(config, args) {
} catch (ex) { obj.debug('cookie', 'ERR: Bad AESGCM cookie due to exception: ' + ex); return null; } } catch (ex) { obj.debug('cookie', 'ERR: Bad AESGCM cookie due to exception: ' + ex); return null; }
}; };
// Decode a cookie back into an object using a key using AES256 / HMAC-SHA386. Return null if it's not a valid cookie. (key must be 80 bytes or more) // Decode a cookie back into an object using a key using AES256 / HMAC-SHA384. Return null if it's not a valid cookie. (key must be 80 bytes or more)
// We do this because poor .NET does not support AES256-GCM. // We do this because poor .NET does not support AES256-GCM.
obj.decodeCookieAESSHA = function (cookie, key, timeout) { obj.decodeCookieAESSHA = function (cookie, key, timeout) {
try { try {

1
package.json
View File

@ -46,6 +46,7 @@
"express-ws": "^4.0.0", "express-ws": "^4.0.0",
"ipcheck": "^0.1.0", "ipcheck": "^0.1.0",
"minimist": "^1.2.0", "minimist": "^1.2.0",
"mongodb": "^3.6.3",
"multiparty": "^4.2.1", "multiparty": "^4.2.1",
"nedb": "^1.8.0", "nedb": "^1.8.0",
"node-forge": "^0.10.0", "node-forge": "^0.10.0",