1
0
Fork 0
Commit Graph

4 Commits (2d1582059f5c7248111218bb3990e50b1d3ef81e)

Author SHA1 Message Date
Mike Gerwitz 6733556582 Remove hard-coded skey
This wasn't intended to make its way into a public repo. :)

The existing key was a long-forgotten kluge that was supposed to be
temporary, allowing internal services to create quotes without
authentication.  The chances of this being practically exploited are minimal
in our environment, and it's auditable using webserver logs.

This moves the skey into a configuration file, which allows it to vary by
server and be rotated until a better solution is made available.  skey is
disabled by default (empty string), and when used by us internally, the keys
are now generated using a CSPRNG rather than a brute-forcable 5-byte key
that was hard-coded.

The fact that this appears in webserver logs is a big issue as well.  I
added a task to address that.

* conf/vanilla-server.json (skey): New key.  Default empty.
* src/server/daemon/Daemon.js (start): Provide skey to `#getRouters'.
  (getRouters): Provide skey to `#getProgramController'.
  (getProgramController): Set skey on `controller'.
* src/server/daemon/controller.js (skey): New mutable export (unideal; quick
    change).
  (has_skey): Use it.
2018-04-03 15:29:47 -04:00
Mike Gerwitz 4dda515821 Re-add pidfile
Configurable via the `pidfile' config option.

* bin/server.js: Accept `pidfile' config.  Include path in greeting.
  (writePidFile): Write to `pidfile' and unlink after exit.
* conf/vanilla-server.json (pidfile): Add configuration key.
2017-09-12 15:29:43 -04:00
Mike Gerwitz ed7e5fc547 conf: Specify relative/absolute path to daemon
This isn't ideal, but will allow using daemons classes from anywhere
on disk.

* bin/server.js: Interpret daemon path as relative to conf file path.
* conf/vanilla-server.json: Use relative path to `DevDaemon'.
2017-09-08 14:18:16 -04:00
Mike Gerwitz 985819c31b [BC BREAK] bin/server.js and associated changes
This is based (very) loosely on an internal script to start the
daemon.  It accepts a configuration and starts the daemon.

To accommodate the configuration, a number of miscellaneous changes
have been made.

The vanilla configuration shows the concept, but it has not yet been
fully implemented; that'll likely happen at a later date.  Until then,
the existing environment-variable-based configuration will be used.

* bin/server.js: Add file.
* conf/vanilla-server.json: Example configuration added.
* src/server/daemon/Daemon.js (_httpPort): Remove field.
  (_conf): Add field.
  (__construct): [BC BREAK] Accept conf instead of port and log
    priority.  Move initialization code into `start'.
  (start): [BC BREAK] Initialization code moved here.  Now returns
    promise for entire daemon, which will error in the event of an
    error starting.  Move existing code into `_startDaemon'.
  (_startDaemon): Old `start' code.  Invoked after `start'
    initialization.
  (_createDebugLog, _createAccessLog): Use configuration.  Return
    promise.
  (_initHttpServer): Use configuration.
  (_httpError): Add function to output error and exit.  Extracted from
    `_initHttpServer'.
* src/server/daemon/scripts.js: [BC BREAK] Append "program/" to
    `LV_LEGACY_PATH' so that it can be re-used for script lookups
    rather than using the cwd.  This removes the need of the cwd being
    the legacy src path.
2017-08-29 14:56:10 -04:00