[WIP] first working prototype of the HKP server
This commit is contained in:
parent
ce2b24d83d
commit
992fd0a4e0
@ -13,7 +13,11 @@
|
||||
"test": "grunt test"
|
||||
},
|
||||
"dependencies": {
|
||||
"mongodb": "^2.1.20"
|
||||
"co": "^4.6.0",
|
||||
"koa": "^1.2.0",
|
||||
"koa-router": "^5.4.0",
|
||||
"mongodb": "^2.1.20",
|
||||
"npmlog": "^2.0.4"
|
||||
},
|
||||
"devDependencies": {
|
||||
"chai": "^3.5.0",
|
||||
|
64
server.js
Normal file
64
server.js
Normal file
@ -0,0 +1,64 @@
|
||||
/**
|
||||
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
||||
* Copyright (C) 2016 Mailvelope GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License version 3
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
const cluster = require('cluster');
|
||||
const numCPUs = require('os').cpus().length;
|
||||
const log = require('npmlog');
|
||||
|
||||
//
|
||||
// Error handling
|
||||
//
|
||||
|
||||
process.on('SIGTERM', () => {
|
||||
log.warn('exit', 'Exited on SIGTERM');
|
||||
process.exit(0);
|
||||
});
|
||||
|
||||
process.on('SIGINT', () => {
|
||||
log.warn('exit', 'Exited on SIGINT');
|
||||
process.exit(0);
|
||||
});
|
||||
|
||||
process.on('uncaughtException', err => {
|
||||
log.error('server', 'Uncaught exception ', err);
|
||||
process.exit(1);
|
||||
});
|
||||
|
||||
//
|
||||
// Start worker cluster depending on number of CPUs
|
||||
//
|
||||
|
||||
if (cluster.isMaster) {
|
||||
for (var i = 0; i < numCPUs; i++) {
|
||||
cluster.fork();
|
||||
}
|
||||
|
||||
cluster.on('fork', worker => {
|
||||
log.info('cluster', 'Forked worker #%s [pid:%s]', worker.id, worker.process.pid);
|
||||
});
|
||||
|
||||
cluster.on('exit', worker => {
|
||||
log.warn('cluster', 'Worker #%s [pid:%s] died', worker.id, worker.process.pid);
|
||||
setTimeout(() => {
|
||||
cluster.fork();
|
||||
}, 5000);
|
||||
});
|
||||
} else {
|
||||
require('./src/worker');
|
||||
}
|
35
src/ctrl/public-key.js
Normal file
35
src/ctrl/public-key.js
Normal file
@ -0,0 +1,35 @@
|
||||
/**
|
||||
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
||||
* Copyright (C) 2016 Mailvelope GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License version 3
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
/**
|
||||
* A controller that handlers PGP public keys queries to the database
|
||||
*/
|
||||
class PublicKey {
|
||||
|
||||
/**
|
||||
* Create an instance of the controller
|
||||
* @param {Object} mongo An instance of the MongoDB client
|
||||
*/
|
||||
constructor(mongo) {
|
||||
this._mongo = mongo;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
module.exports = PublicKey;
|
129
src/routes/hkp.js
Normal file
129
src/routes/hkp.js
Normal file
@ -0,0 +1,129 @@
|
||||
/**
|
||||
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
||||
* Copyright (C) 2016 Mailvelope GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License version 3
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
/**
|
||||
* An implementation of the OpenPGP HTTP Keyserver Protocol (HKP)
|
||||
* See https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
|
||||
*/
|
||||
class HKP {
|
||||
|
||||
/**
|
||||
* Create an instance of the HKP server
|
||||
* @param {Object} publicKey An instance of the public key controller
|
||||
*/
|
||||
constructor(publicKey) {
|
||||
this._publicKey = publicKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Public key lookup via http GET
|
||||
* @param {Object} ctx The koa request/response context
|
||||
*/
|
||||
*lookup(ctx) {
|
||||
var params = this.parseQueryString(ctx);
|
||||
if (!params) {
|
||||
return; // invalid request
|
||||
}
|
||||
|
||||
this.setHeaders(ctx);
|
||||
if (params.mr) {
|
||||
this.setGetMRHEaders(ctx);
|
||||
}
|
||||
ctx.body = yield Promise.resolve('----- BEGIN PUBLIC PGP KEY -----');
|
||||
}
|
||||
|
||||
/**
|
||||
* Public key upload via http POST
|
||||
* @param {Object} ctx The koa request/response context
|
||||
*/
|
||||
*add(ctx) {
|
||||
ctx.throw(501, 'Not implemented!');
|
||||
return yield Promise.resolve();
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse the query string for a lookup request and set a corresponding
|
||||
* error code if the requests is not supported or invalid.
|
||||
* @param {Object} ctx The koa request/response context
|
||||
* @return {Object} The query parameters or undefined for an invalid request
|
||||
*/
|
||||
parseQueryString(ctx) {
|
||||
let q = ctx.query;
|
||||
let params = {
|
||||
op: q.op, // operation ... only 'get' is supported
|
||||
mr: q.options === 'mr', // machine readable
|
||||
keyid: this.checkId(q.search) ? q.search.replace('0x', '') : null,
|
||||
email: this.checkEmail(q.search) ? q.search : null,
|
||||
};
|
||||
|
||||
if (params.op !== 'get') {
|
||||
ctx.status = 501;
|
||||
ctx.body = 'Not implemented!';
|
||||
return;
|
||||
} else if (!params.keyid && !params.email) {
|
||||
ctx.status = 404;
|
||||
ctx.body = 'Invalid request!';
|
||||
return;
|
||||
}
|
||||
|
||||
return params;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for a valid email address.
|
||||
* @param {String} address The email address
|
||||
* @return {Boolean} If the email address if valid
|
||||
*/
|
||||
checkEmail(address) {
|
||||
return /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,63}$/.test(address);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for a valid key id in the query string. A key must be prepended
|
||||
* with '0x' and can be between 8 and 40 characters long.
|
||||
* @param {String} keyid The key id
|
||||
* @return {Boolean} If the key id is valid
|
||||
*/
|
||||
checkId(keyid) {
|
||||
return /^0x[a-fA-Z0-9]{8,40}/.test(keyid);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set HTTP headers for the HKP requests.
|
||||
* @param {Object} ctx The koa request/response context
|
||||
*/
|
||||
setHeaders(ctx) {
|
||||
ctx.set('Access-Control-Allow-Origin', '*');
|
||||
ctx.set('Cache-Control', 'no-cache');
|
||||
ctx.set('Pragma', 'no-cache');
|
||||
ctx.set('Connection', 'keep-alive');
|
||||
}
|
||||
|
||||
/**
|
||||
* Set HTTP headers for a GET requests with 'mr' (machine readable) options.
|
||||
* @param {Object} ctx The koa request/response context
|
||||
*/
|
||||
setGetMRHEaders(ctx) {
|
||||
ctx.set('Content-Type', 'application/pgp-keys; charset=UTF-8');
|
||||
ctx.set('Content-Disposition', 'attachment; filename=openpgpkey.asc');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
module.exports = HKP;
|
79
src/worker.js
Normal file
79
src/worker.js
Normal file
@ -0,0 +1,79 @@
|
||||
/**
|
||||
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
||||
* Copyright (C) 2016 Mailvelope GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License version 3
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
'use strict';
|
||||
|
||||
const co = require('co');
|
||||
const fs = require('fs');
|
||||
const app = require('koa')();
|
||||
const log = require('npmlog');
|
||||
const router = require('koa-router')();
|
||||
const Mongo = require('./dao/mongo');
|
||||
const PublicKey = require('./ctrl/public-key');
|
||||
const HKP = require('./routes/hkp');
|
||||
|
||||
let mongo, publicKey, hkp;
|
||||
|
||||
//
|
||||
// Configure koa router
|
||||
//
|
||||
|
||||
router.get('/pks/lookup', function *() {
|
||||
yield hkp.lookup(this);
|
||||
});
|
||||
router.post('/pks/add', function *() {
|
||||
yield hkp.add(this);
|
||||
});
|
||||
|
||||
app.use(router.routes());
|
||||
app.use(router.allowedMethods());
|
||||
app.on('error', (err, ctx) => log.error('worker', 'Unknown server error', err, ctx));
|
||||
|
||||
//
|
||||
// Module initialization
|
||||
//
|
||||
|
||||
function injectDependencies() {
|
||||
let credentials = readCredentials();
|
||||
mongo = new Mongo({
|
||||
uri: process.env.MONGO_URI || credentials.mongoUri,
|
||||
user: process.env.MONGO_USER || credentials.mongoUser,
|
||||
password: process.env.MONGO_PASS || credentials.mongoPass
|
||||
});
|
||||
publicKey = new PublicKey(mongo);
|
||||
hkp = new HKP(publicKey);
|
||||
}
|
||||
|
||||
function readCredentials() {
|
||||
try {
|
||||
return JSON.parse(fs.readFileSync(__dirname + '/../credentials.json'));
|
||||
} catch(e) {
|
||||
log.info('worker', 'No credentials.json found ... using environment vars.');
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Start app ... connect to the database and start listening
|
||||
//
|
||||
|
||||
co(function *() {
|
||||
|
||||
injectDependencies();
|
||||
yield mongo.connect();
|
||||
app.listen(process.env.PORT || 8888);
|
||||
|
||||
}).catch(err => log.error('worker', 'Initialization failed!', err));
|
Loading…
x
Reference in New Issue
Block a user