diff --git a/bin/browserid b/bin/browserid
index 213addca523a234c3155b98426079ae9c0c38744..005725a51145aebedd7d92d08fa2fd58b9e7a98b 100755
--- a/bin/browserid
+++ b/bin/browserid
@@ -39,6 +39,7 @@ const
fs = require('fs'),
path = require('path'),
url = require('url'),
+http = require('http');
sessions = require('connect-cookie-session');
// add lib/ to the require path
@@ -55,7 +56,8 @@ config = require('configuration.js'),
heartbeat = require('heartbeat.js'),
metrics = require("metrics.js"),
logger = require("logging.js").logger,
-forward = require('browserid/http_forward');
+forward = require('browserid/http_forward'),
+urlparse = require('urlparse');
var app = undefined;
@@ -66,6 +68,12 @@ logger.info("browserid server starting up");
const COOKIE_SECRET = secrets.hydrateSecret('browserid_cookie', config.get('var_path'));
const COOKIE_KEY = 'browserid_state';
+// verify that we have a keysigner configured
+if (!config.get('keysigner_url')) {
+ logger.error('missing required configuration - url for the keysigner (KEYSIGNER_URL in env)');
+ process.exit(1);
+}
+
function internal_redirector(new_url, suppress_noframes) {
return function(req, resp, next) {
if (suppress_noframes)
@@ -172,7 +180,10 @@ function router(app) {
wsapi.setup(app);
// setup health check / heartbeat
- heartbeat.setup(app);
+ heartbeat.setup(app, function(cb) {
+ // let's check stuff! first the heartbeat of our keysigner
+ heartbeat.check(config.get('keysigner_url'), cb);
+ });
// the public key
app.get("/pk", function(req, res) {
diff --git a/bin/keysigner b/bin/keysigner
index 8cead72a24553556d3a7ee36dc6523192deaf131..ac5fa7f249bec8a734f218e5c2597338e239e538 100755
--- a/bin/keysigner
+++ b/bin/keysigner
@@ -49,7 +49,8 @@ config = require('configuration.js'),
validate = require('validate.js'),
metrics = require("metrics.js"),
logger = require("logging.js").logger,
-ca = require('keysigner/ca.js');
+ca = require('keysigner/ca.js'),
+heartbeat = require('heartbeat');
// create an express server
var app = express.createServer();
@@ -64,9 +65,15 @@ app.use(express.logger({
}
}));
+app.use(function(req, resp, next) {
+ next();
+});
+
// parse POST bodies
app.use(express.bodyParser());
+heartbeat.setup(app);
+
// and our single function
app.post('/wsapi/cert_key', validate(["email", "pubkey"]), function(req, resp) {
// parse the pubkey
diff --git a/lib/browserid/http_forward.js b/lib/browserid/http_forward.js
index cf69852f8d666a23964713c5995f467cecd6880c..61f431f5d40fd9f7f0d4e833894278d9ab2c7621 100644
--- a/lib/browserid/http_forward.js
+++ b/lib/browserid/http_forward.js
@@ -2,10 +2,11 @@ const
url = require('url'),
http = require('http'),
https = require('https'),
-logger = require('logging.js').logger;
+logger = require('logging.js').logger,
+querystring = require('querystring');
module.exports = function(dest, req, res, cb) {
- var u = url.parse(dest);
+ var u = url.parse(dest.toString());
var m = u.protocol === 'http:' ? http : https;
@@ -34,8 +35,15 @@ module.exports = function(dest, req, res, cb) {
preq.setHeader('content-type', req.headers['content-type']);
}
- req.on('data', function(chunk) { preq.write(chunk) })
- .on('end', function() { preq.end() });
-
- logger.info("forwarding request to " + dest);
-};
\ No newline at end of file
+ // if the body has already been parsed, we'll write it
+ if (req.body) {
+ var data = querystring.stringify(req.body);
+ preq.setHeader('content-length', data.length);
+ preq.write(data);
+ preq.end();
+ } else {
+ req.on('data', function(chunk) { preq.write(chunk) })
+ .on('end', function() { preq.end() });
+ }
+ logger.info("forwarding request: " + req.url + " -> " + dest);
+};
diff --git a/lib/browserid/wsapi.js b/lib/browserid/wsapi.js
index 410c8e285539e8a44d0c85deb349949b6a54dfd3..93e2de99d714abab2d992033186d071f8c2c8599 100644
--- a/lib/browserid/wsapi.js
+++ b/lib/browserid/wsapi.js
@@ -48,7 +48,8 @@ crypto = require('crypto'),
logger = require('logging.js').logger,
ca = require('./ca.js'),
config = require('configuration.js'),
-validate = require('validate');
+validate = require('validate'),
+forward = require('browserid/http_forward');
// log a user out, clearing everything from their session except the csrf token
function clearAuthenticatedUser(session) {
@@ -418,24 +419,17 @@ function setup(app) {
}});
});
- app.post('/wsapi/cert_key', checkAuthed, validate(["email", "pubkey"]), function(req, resp) {
- db.emailsBelongToSameAccount(req.session.authenticatedUser, req.body.email, function(sameAccount) {
- // not same account? big fat error
- if (!sameAccount) return httputils.badRequest(resp, "that email does not belong to you");
-
- // parse the pubkey
- var pk = ca.parsePublicKey(req.body.pubkey);
-
- // same account, we certify the key
- // we certify it for a day for now
- var expiration = new Date();
- expiration.setTime(new Date().valueOf() + config.get('certificate_validity_ms'));
- var cert = ca.certify(req.body.email, pk, expiration);
-
- resp.writeHead(200, {'Content-Type': 'text/plain'});
- resp.write(cert);
- resp.end();
- });
+ app.post('/wsapi/cert_key', checkAuthed, validate(["email", "pubkey"]), function(req, res) {
+ // forward to the keysigner!
+ var keysigner = config.get('keysigner_url');
+ keysigner.path = '/wsapi/cert_key';
+ forward(
+ keysigner, req, res,
+ function(err) {
+ if (err) {
+ logger.error("error forwarding request:", err);
+ }
+ });
});
app.post('/wsapi/logout', function(req, resp) {
@@ -443,8 +437,7 @@ function setup(app) {
resp.json({ success: true });
});
- // in the cert world, syncing is not necessary,
- // just get a list of emails.
+ // returns a list of emails owned by the user
// returns:
// {
// "foo@foo.com" : {..properties..}
diff --git a/lib/configuration.js b/lib/configuration.js
index 050f7020623cc18771ab1f7490a7adc983e9b923..a71fc10d6312e51971130f5955f23badc99591a4 100644
--- a/lib/configuration.js
+++ b/lib/configuration.js
@@ -143,10 +143,17 @@ if (g_config === undefined) throw "unknown environment: " + exports.get('env');
}
if (process.env['VERIFIER_URL']) {
- var url = urlparse(process.env['VERIFIER_URL']).validate().normalize().toString();
+ var url = urlparse(process.env['VERIFIER_URL']).validate().normalize();
+ if (!url.port) url.port = (url.scheme === 'http') ? 80 : 443;
g_config.verifier_url = url;
}
+if (process.env['KEYSIGNER_URL']) {
+ var url = urlparse(process.env['KEYSIGNER_URL']).validate().normalize();
+ if (!url.port) url.port = (url.scheme === 'http') ? 80 : 443;
+ g_config.keysigner_url = url;
+}
+
// extract smtp params from the environment
if (!g_config.smtp) {
g_config.smtp = {
diff --git a/lib/heartbeat.js b/lib/heartbeat.js
index c5f2aaf70c2b1374823b0e9795d5d92c94460108..faa697c013c543b9a61338f76a589feb2d9b4902 100644
--- a/lib/heartbeat.js
+++ b/lib/heartbeat.js
@@ -1,7 +1,38 @@
-exports.setup = function(app) {
- app.get("/__heartbeat__", function(req, res) {
- res.writeHead(200);
- res.write('ok');
- res.end();
+const urlparse = require('urlparse');
+
+// the path that heartbeats live at
+exports.path = '/__heartbeat__';
+
+// a helper function to set up a heartbeat check
+exports.setup = function(app, cb) {
+ app.get(exports.path, function(req, res) {
+ function ok(yeah) {
+ res.writeHead(yeah ? 200 : 500);
+ res.write(yeah ? 'ok' : 'not ok');
+ res.end();
+ }
+ if (cb) cb(ok);
+ else ok(true);
});
};
+
+// a function to check the heartbeat of a remote server
+exports.check = function(url, cb) {
+ if (typeof url === 'string') url = urlparse(url).normalize().validate();
+ else if (typeof url !== 'object') throw "url string or object required as argumnet to heartbeat.check";
+ if (!url.port) url.port = (url.scheme === 'http') ? 80 : 443;
+
+ var shortname = url.host + ':' + url.port;
+
+ require(url.scheme).get({
+ host: url.host,
+ port: url.port,
+ path: exports.path
+ }, function (res) {
+ if (res.statusCode === 200) cb(true);
+ else logger.error("non-200 response from " + shortname + ". fatal! (" + res.statusCode + ")");
+ }, function (e) {
+ logger.error("can't communicate with " + shortname + ". fatal: " + e);
+ cb(false);
+ });
+};
\ No newline at end of file
diff --git a/lib/validate.js b/lib/validate.js
index 281b576916a03d8613d4d68e7309f12d8554e059..6830caabee6b8a3d78177fec4bcb27243735f9be 100644
--- a/lib/validate.js
+++ b/lib/validate.js
@@ -59,7 +59,7 @@ module.exports = function (params) {
try {
params.forEach(function(k) {
- if (!params_in_request.hasOwnProperty(k) || typeof params_in_request[k] !== 'string') {
+ if (!params_in_request || !params_in_request.hasOwnProperty(k) || typeof params_in_request[k] !== 'string') {
throw k;
}
});