init

Author: adamlacombe

.gitignore

@@ -0,0 +1,6 @@
+
+\.idea/
+
+dist/
+
+node_modules

.npmrc

@@ -0,0 +1,2 @@
+package-lock=false
+registry=https://npm.interactive.training

README.md

@@ -0,0 +1 @@
+# it-acme-client

package.json

@@ -0,0 +1,22 @@
+{
+  "name": "it-acme-client",
+  "version": "0.0.1",
+  "description": "",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc"
+  },
+  "author": "Interactive Training",
+  "license": "MIT",
+  "devDependencies": {
+    "typescript": "^3.4.3"
+  },
+  "dependencies": {
+    "@google-cloud/storage": "^2.5.0",
+    "@types/node": "^11.13.4",
+    "cloudflare": "^2.4.1",
+    "letiny": "^0.2.1-1",
+    "reflect-metadata": "^0.1.13",
+    "typedi": "^0.8.0"
+  }
+}

src/helpers.ts

@@ -0,0 +1,9 @@
+/**
+ *
+ * @param {T[]} arr
+ * @param {number} depth
+ * @return {T}
+ */
+export function flatten<T>(arr: T[], depth: number = 1): T {
+  return (arr) ? arr.reduce((a, v) => a.concat(depth > 1 && Array.isArray(v) ? flatten(v, depth - 1) : v), []) as any : [];
+}

src/index.ts

@@ -0,0 +1,61 @@
+import "reflect-metadata";
+import * as letiny from 'letiny';
+import {IConfig} from './types/interfaces';
+import {Container} from "typedi";
+import {GCloudStorageService} from './services/gCloudStorageService';
+import {ConfigService} from './services/configService';
+import {CloudflareService} from './services/cloudflareService';
+
+export class itAcmeClient {
+  config: ConfigService;
+  gCloudStorage: GCloudStorageService;
+  cloudflareService: CloudflareService;
+  
+  constructor(config: IConfig) {
+    Container.set(ConfigService, new ConfigService(config));
+    Container.set(GCloudStorageService, new GCloudStorageService());
+    Container.set(CloudflareService, new CloudflareService());
+    this.config = Container.get(ConfigService);
+    this.gCloudStorage = Container.get(GCloudStorageService);
+    this.cloudflareService = Container.get(CloudflareService);
+  }
+  
+  getCert(): Promise<{ key: string, cert: string }> {
+    return new Promise(async (resolve1) => {
+      const currentCert = await this.gCloudStorage.read('cert');
+      if (!currentCert || !(currentCert && (new Date().getTime() - (letiny.getExpirationDate(currentCert) as Date).getTime()) / (1000 * 60 * 60 * 24.0))) {
+        letiny.getCert({
+          method: 'dns-01',
+          email: this.config.email,
+          domains: this.config.domain,
+          url: (this.config.acmeServer === 'staging') ? 'https://acme-staging.api.letsencrypt.org' : 'https://acme-v01.api.letsencrypt.org',
+          challenge: async (domain, _, data, done) => {
+            await this.cloudflareService.removeChallengeRecord();
+            this.cloudflareService.addChallengeRecord(data).then(async () => {
+              await this.cloudflareService.removeChallengeRecord();
+              done();
+            });
+          },
+          agreeTerms: this.config.agreeTerms
+        }, async (err, cert, key, caCert, accountKey) => {
+          await this.gCloudStorage.write('cert', cert);
+          await this.gCloudStorage.write('caCert', caCert);
+          await this.gCloudStorage.write('privateKey', key);
+          await this.gCloudStorage.write('accountKey', accountKey);
+          resolve1({
+            key: key,
+            cert: cert + `
+            ` + caCert
+          })
+        });
+      } else {
+        resolve1({
+          key: await this.gCloudStorage.read('privateKey'),
+          cert: `${currentCert}
+        ${(await this.gCloudStorage.read('caCert'))}`
+        })
+      }
+    })
+  }
+  
+}

src/services/cloudflareService.ts

@@ -0,0 +1,78 @@
+import {Container, Service} from 'typedi';
+import {ConfigService} from './configService';
+import {CloudflareApi, ICloudflareResourceZone} from '../types/cloudflare';
+import * as cloudflare from 'cloudflare';
+import * as dns from "dns";
+import {flatten} from '../helpers';
+
+@Service()
+export class CloudflareService {
+  private config: ConfigService;
+  private cf: CloudflareApi;
+  private primaryZone: ICloudflareResourceZone;
+  private challengeData: string;
+  
+  constructor() {
+    this.config = Container.get(ConfigService);
+    if (this.config && this.config.cloudflare) {
+      this.cf = cloudflare({
+        email: this.config.cloudflare.email,
+        key: this.config.cloudflare.apiKey
+      });
+    }
+  }
+  
+  async getZone(): Promise<ICloudflareResourceZone> {
+    if (!this.primaryZone) {
+      return (await this.cf.zones.browse({
+        page: 1,
+        per_page: 1000
+      })).result.find(el => el.name.includes(this.config.getParentDomain()));
+    }
+    return this.primaryZone;
+  }
+  
+  async removeChallengeRecord(): Promise<void> {
+    const zoneId = (await this.getZone()).id;
+    const findRecord = (await this.cf.dnsRecords.browse(zoneId, {
+      page: 1,
+      per_page: 1000
+    })).result.find(el => el.type === 'TXT' && el.name.includes('_acme-challenge'));
+    if (findRecord) {
+      await this.cf.dnsRecords.del(zoneId, findRecord.id);
+    }
+  }
+  
+  locallyVerifyTxtRecord(count = 0) {
+    return new Promise((resolve) => {
+      dns.resolveTxt(`_acme-challenge.${this.config.domain}`, (err, addresses) => {
+        // if (err) console.error(err);
+        const values = flatten(addresses, 2);
+        if (values.find(el => el.includes(this.challengeData))) {
+          console.log('domain verified!', values);
+          resolve();
+        } else {
+          setTimeout(async () => {
+            console.log('(' + count + ') verifying acme challenge...');
+            resolve((await this.locallyVerifyTxtRecord(count + 1)));
+          }, 8000);
+        }
+      });
+    })
+  };
+  
+  addChallengeRecord(data: string) {
+    this.challengeData = data;
+    return new Promise(async (resolve) => {
+      await this.cf.dnsRecords.add((await this.getZone()).id, {
+        type: 'TXT',
+        name: `_acme-challenge.${this.config.domain}`,
+        content: this.challengeData,
+        proxied: false,
+        ttl: 1
+      });
+      this.locallyVerifyTxtRecord().then(() => resolve());
+    })
+  }
+  
+}

src/services/configService.ts

@@ -0,0 +1,28 @@
+import {Service} from 'typedi';
+import {ICloudflareConfig, IConfig, IFileNameConfig, IGoogleCloudConfig, TFileName} from '../types/interfaces';
+
+@Service()
+export class ConfigService implements IConfig {
+  public acmeServer: 'prod' | 'staging';
+  public domain: string;
+  public email: string;
+  public cloudflare: ICloudflareConfig;
+  public googleCloud: IGoogleCloudConfig;
+  public fileNames: IFileNameConfig;
+  public agreeTerms: boolean;
+  
+  constructor(config: IConfig) {
+    Object.keys(config).forEach((key) => {
+      this[key] = config[key];
+    });
+  }
+  
+  getFileName(file: TFileName) {
+    return this.fileNames[file];
+  }
+  
+  getParentDomain() {
+    const parentDomain = this.domain.split('.');
+    return `${parentDomain[parentDomain.length - 2]}.${parentDomain[parentDomain.length - 1]}`;
+  }
+}

src/services/gCloudStorageService.ts

@@ -0,0 +1,45 @@
+import {Container, Service} from 'typedi';
+import {Storage} from '@google-cloud/storage';
+import * as fs from "fs";
+import {ConfigService} from './configService';
+import {TFileName} from '../types/interfaces';
+
+@Service()
+export class GCloudStorageService {
+  private config: ConfigService;
+  private storage: Storage;
+  
+  constructor() {
+    this.config = Container.get(ConfigService);
+    this.storage = new Storage({
+      projectId: this.config.googleCloud.projectId,
+      credentials: {
+        client_email: this.config.googleCloud.credentials.email,
+        private_key: this.config.googleCloud.credentials.privateKey
+      }
+    });
+  }
+  
+  read(file: TFileName): Promise<string | undefined> {
+    return new Promise(async (resolve) => {
+      const fileName = this.config.getFileName(file);
+      let buffer = '';
+      const exists = (await this.storage.bucket(this.config.googleCloud.bucketName).file(fileName).exists())[0];
+      if (exists) {
+        this.storage.bucket(this.config.googleCloud.bucketName).file(fileName).createReadStream()
+          .on('data', d => buffer += d)
+          .on('end', () => resolve(buffer));
+      } else {
+        resolve(undefined);
+      }
+    })
+  }
+  
+  async write(file: TFileName, fileContent: string): Promise<string> {
+    const fileName = this.config.getFileName(file);
+    fs.writeFileSync(fileName, fileContent, {encoding: 'utf-8'});
+    await this.storage.bucket(this.config.googleCloud.bucketName).upload(fileName);
+    fs.unlinkSync(fileName);
+    return fileContent;
+  }
+}

src/types/cloudflare.d.ts

@@ -0,0 +1,100 @@
+export interface ICloudflarePagination {
+  page: number;
+  per_page: number;
+}
+
+export interface ICloudflareResultInfo {
+  page: number;
+  per_page: number;
+  total_pages: number;
+  count: number;
+  total_count: number;
+}
+
+export interface ICloudflareResponse<Resource> {
+  result: Resource;
+  result_info?: ICloudflareResultInfo;
+  success: boolean;
+  errors: any[];
+  messages: any[];
+}
+
+
+export interface ICloudflareResourceZone {
+  id: string;
+  name: string;
+  status: string;
+  paused: boolean;
+  type: string;
+  development_mode: number;
+  
+  // TODO name_servers
+  name_servers: any[];
+  
+  // TODO original_name_servers
+  original_name_servers: any[];
+  
+  // TODO original_registrar
+  original_registrar: any;
+  
+  // TODO original_dnshost
+  original_dnshost: any;
+  
+  modified_on: Date;
+  created_on: Date;
+  activated_on: Date;
+  
+  // TODO meta
+  meta: any;
+  
+  // TODO owner
+  owner: any;
+  
+  // TODO account
+  account: any;
+  
+  // TODO permissions
+  permissions: any[];
+  
+  // TODO plan
+  plan: any;
+}
+
+export class CloudflareZones {
+  browse: (pagination?: Partial<ICloudflarePagination>) => Promise<ICloudflareResponse<ICloudflareResourceZone[]>>;
+}
+
+export interface ICloudflareResourceDnsRecord {
+  id: string;
+  type: string;
+  name: string;
+  content: string;
+  proxiable: boolean;
+  proxied: boolean;
+  ttl: number;
+  locked: boolean;
+  zone_id: string;
+  zone_name: string;
+  modified_on: Date;
+  created_on: Date;
+  
+  // TODO meta
+  meta: any;
+}
+
+export interface ICloudflareDeleteResource {
+  id: string;
+}
+
+export class CloudflareDnsRecords {
+  browse: (zoneId: string, pagination?: Partial<ICloudflarePagination>) => Promise<ICloudflareResponse<ICloudflareResourceDnsRecord[]>>;
+  del: (zoneId: string, dnsRecordId: string) => Promise<ICloudflareResponse<ICloudflareDeleteResource>>;
+  add: (zoneId: string, record: Partial<ICloudflareResourceDnsRecord>) => Promise<ICloudflareResponse<ICloudflareResourceDnsRecord>>;
+}
+
+export class CloudflareApi {
+  zones: CloudflareZones;
+  dnsRecords: CloudflareDnsRecords;
+}
+
+export declare function cloudflare(credentials: { email: string, key: string }): CloudflareApi;