1
0
Fork 0
Commit Graph

7 Commits (2c49156ba3e5229df6145df90a8cb46b58d3144c)

Author SHA1 Message Date
Mike Gerwitz 77ddbbef3b Exclusively use RatingServicePublish over submit URL 2019-03-26 11:01:16 -04:00
Mike Gerwitz b8801c039f RatingServicePublish: New trait (mostly proof-of-concept)
This is unfortunately not production-ready code, but we need to get
something out there in the meantime.  The RatingServicePublish's docblock
mentions some of the shortcomings, which will be addressed in the near
future.

There is also more documentation to come once we settle on an implementation.

DEV-4400
2019-03-21 14:08:00 -04:00
Mike Gerwitz ea30e94527 Integrate noResultsUrl configuration
This is not the ideal implementation.  Instantiation of RatingService and
such should be moved out of the controller entirely, but we don't have the
time for that right now.
2018-05-01 09:44:55 -04:00
Mike Gerwitz 6733556582 Remove hard-coded skey
This wasn't intended to make its way into a public repo. :)

The existing key was a long-forgotten kluge that was supposed to be
temporary, allowing internal services to create quotes without
authentication.  The chances of this being practically exploited are minimal
in our environment, and it's auditable using webserver logs.

This moves the skey into a configuration file, which allows it to vary by
server and be rotated until a better solution is made available.  skey is
disabled by default (empty string), and when used by us internally, the keys
are now generated using a CSPRNG rather than a brute-forcable 5-byte key
that was hard-coded.

The fact that this appears in webserver logs is a big issue as well.  I
added a task to address that.

* conf/vanilla-server.json (skey): New key.  Default empty.
* src/server/daemon/Daemon.js (start): Provide skey to `#getRouters'.
  (getRouters): Provide skey to `#getProgramController'.
  (getProgramController): Set skey on `controller'.
* src/server/daemon/controller.js (skey): New mutable export (unideal; quick
    change).
  (has_skey): Use it.
2018-04-03 15:29:47 -04:00
Mike Gerwitz 4dda515821 Re-add pidfile
Configurable via the `pidfile' config option.

* bin/server.js: Accept `pidfile' config.  Include path in greeting.
  (writePidFile): Write to `pidfile' and unlink after exit.
* conf/vanilla-server.json (pidfile): Add configuration key.
2017-09-12 15:29:43 -04:00
Mike Gerwitz ed7e5fc547 conf: Specify relative/absolute path to daemon
This isn't ideal, but will allow using daemons classes from anywhere
on disk.

* bin/server.js: Interpret daemon path as relative to conf file path.
* conf/vanilla-server.json: Use relative path to `DevDaemon'.
2017-09-08 14:18:16 -04:00
Mike Gerwitz 985819c31b [BC BREAK] bin/server.js and associated changes
This is based (very) loosely on an internal script to start the
daemon.  It accepts a configuration and starts the daemon.

To accommodate the configuration, a number of miscellaneous changes
have been made.

The vanilla configuration shows the concept, but it has not yet been
fully implemented; that'll likely happen at a later date.  Until then,
the existing environment-variable-based configuration will be used.

* bin/server.js: Add file.
* conf/vanilla-server.json: Example configuration added.
* src/server/daemon/Daemon.js (_httpPort): Remove field.
  (_conf): Add field.
  (__construct): [BC BREAK] Accept conf instead of port and log
    priority.  Move initialization code into `start'.
  (start): [BC BREAK] Initialization code moved here.  Now returns
    promise for entire daemon, which will error in the event of an
    error starting.  Move existing code into `_startDaemon'.
  (_startDaemon): Old `start' code.  Invoked after `start'
    initialization.
  (_createDebugLog, _createAccessLog): Use configuration.  Return
    promise.
  (_initHttpServer): Use configuration.
  (_httpError): Add function to output error and exit.  Extracted from
    `_initHttpServer'.
* src/server/daemon/scripts.js: [BC BREAK] Append "program/" to
    `LV_LEGACY_PATH' so that it can be re-used for script lookups
    rather than using the cwd.  This removes the need of the cwd being
    the legacy src path.
2017-08-29 14:56:10 -04:00