From b77c77d83df553adf69303ff052eb462bf9ea168 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Mon, 28 Dec 2020 15:21:50 -0800
Subject: [PATCH] Improved Let's Encrypt server warnings.

---
 letsencrypt.js | 14 +++++++-------
 meshcentral.js |  6 +++---
 package.json   |  1 +
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/letsencrypt.js b/letsencrypt.js
index d0126eb9..345c1fa8 100644
--- a/letsencrypt.js
+++ b/letsencrypt.js
@@ -58,12 +58,12 @@ module.exports.CreateLetsEncrypt = function (parent) {
     obj.getCertificate = function(certs, func) {
         obj.runAsProduction = (obj.parent.config.letsencrypt.production === true);
         obj.log("Getting certs from local store (" + (obj.runAsProduction ? "Production" : "Staging") + ")");
-        if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "ERROR: Use --cert to setup the default server name before using Let's Encrypt."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
-        if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
-        if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "ERROR: Let's Encrypt email address not specified."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
-        if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "ERROR: Redirection web server must be active on port 80 for Let's Encrypt to work."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
-        if (obj.redirWebServerHooked !== true) { obj.configErr = "ERROR: Redirection web server not setup for Let's Encrypt to work."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
-        if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "ERROR: Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; obj.log(obj.configErr); console.log(obj.configErr); func(certs); return; }
+        if (certs.CommonName.indexOf('.') == -1) { obj.configErr = "Add \"cert\" value to settings in config.json before using Let's Encrypt."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
+        if (obj.parent.config.letsencrypt == null) { obj.configErr = "No Let's Encrypt configuration"; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
+        if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "Let's Encrypt email address not specified."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
+        if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "Redirection web server must be active on port 80 for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
+        if (obj.redirWebServerHooked !== true) { obj.configErr = "Redirection web server not setup for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
+        if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; }
         if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours.
         obj.configOk = true;
 
@@ -227,7 +227,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
             webServer: obj.redirWebServerHooked,
             certPath: obj.certPath
         };
-        if (obj.configErr) { r.error = obj.configErr; }
+        if (obj.configErr) { r.error = "WARNING: " + obj.configErr; }
         if (obj.certExpire) { r.cert = 'Present'; r.daysLeft = Math.floor((obj.certExpire - new Date()) / 86400000); } else { r.cert = 'None'; }
         return r;
     }
diff --git a/meshcentral.js b/meshcentral.js
index 945bfc48..bfe370de 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2139,7 +2139,7 @@ function CreateMeshCentralServer(config, args) {
                 } else {
                     obj.defaultMeshCores[i] = [obj.common.IntToStr(0), ...modulesAdd[i], meshCore].join('');
                 }
-                obj.defaultMeshCoresHash[i] = obj.crypto.createHash('sha384').update(obj.defaultMeshCores[i]).digest("binary");
+                obj.defaultMeshCoresHash[i] = obj.crypto.createHash('sha384').update(obj.defaultMeshCores[i]).digest('binary');
                 obj.debug('main', 'Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.');
                 //console.log('Core module ' + i + ' is ' + obj.defaultMeshCores[i].length + ' bytes.'); // DEBUG, Print the core size
                 //obj.fs.writeFile("C:\\temp\\" + i + ".js", obj.defaultMeshCores[i].substring(4)); // DEBUG, Write the core to file
@@ -2511,7 +2511,7 @@ function CreateMeshCentralServer(config, args) {
         } catch (ex) { obj.debug('cookie', 'ERR: Failed to encode AESGCM cookie due to exception: ' + ex); return null; }
     };
 
-    // Decode a cookie back into an object using a key using AES256-GCM or AES128-CBC/HMAC-SHA386. Return null if it's not a valid cookie. (key must be 32 bytes or more)
+    // Decode a cookie back into an object using a key using AES256-GCM or AES128-CBC/HMAC-SHA384. Return null if it's not a valid cookie. (key must be 32 bytes or more)
     obj.decodeCookie = function (cookie, key, timeout) {
         var r = obj.decodeCookieAESGCM(cookie, key, timeout);
         if (r == null) { r = obj.decodeCookieAESSHA(cookie, key, timeout); }
@@ -2569,7 +2569,7 @@ function CreateMeshCentralServer(config, args) {
         } catch (ex) { obj.debug('cookie', 'ERR: Bad AESGCM cookie due to exception: ' + ex); return null; }
     };
 
-    // Decode a cookie back into an object using a key using AES256 / HMAC-SHA386. Return null if it's not a valid cookie. (key must be 80 bytes or more)
+    // Decode a cookie back into an object using a key using AES256 / HMAC-SHA384. Return null if it's not a valid cookie. (key must be 80 bytes or more)
     // We do this because poor .NET does not support AES256-GCM.
     obj.decodeCookieAESSHA = function (cookie, key, timeout) {
         try {
diff --git a/package.json b/package.json
index c734b5f4..1b2dcb97 100644
--- a/package.json
+++ b/package.json
@@ -46,6 +46,7 @@
     "express-ws": "^4.0.0",
     "ipcheck": "^0.1.0",
     "minimist": "^1.2.0",
+    "mongodb": "^3.6.3",
     "multiparty": "^4.2.1",
     "nedb": "^1.8.0",
     "node-forge": "^0.10.0",