feat: add explicit TLS support with AUTH

src/commands/registration/auth.js

@@ -1,4 +1,5 @@
 const _ = require('lodash');
+const tls = require('tls');
 
 module.exports = {
   directive: 'AUTH',
@@ -7,7 +8,6 @@ module.exports = {
 
     switch (method) {
       case 'TLS': return handleTLS.call(this);
-      case 'SSL': return handleSSL.call(this);
       default: return this.reply(504);
     }
   },
@@ -19,9 +19,22 @@ module.exports = {
 };
 
 function handleTLS() {
-  return this.reply(504);
-}
+  if (!this.server._tls) return this.reply(504);
 
-function handleSSL() {
-  return this.reply(504);
+  return this.reply(234)
+  .then(() => {
+    const secureContext = tls.createSecureContext(this.server._tls);
+    const secureSocket = new tls.TLSSocket(this.commandSocket, {
+      isServer: true,
+      secureContext
+    });
+    ['data', 'timeout', 'end', 'close', 'drain', 'error'].forEach(event => {
+      function forwardEvent() {
+        this.emit.apply(this, arguments);
+      }
+      secureSocket.on(event, forwardEvent.bind(this.commandSocket, event));
+    });
+    this.commandSocket = secureSocket;
+    this.secure = true;
+  });
 }

src/commands/registration/pbsz.js

@@ -0,0 +1,10 @@
+module.exports = {
+  directive: 'PBSZ',
+  handler: function ({command} = {}) {
+    if (!this.server._tls) return this.reply(202, 'Not suppored');
+    this.bufferSize = parseInt(command.arg, 10);
+    return this.reply(200, this.bufferSize === 0 ? 'OK' : 'Buffer too large: PBSZ=0');
+  },
+  syntax: '{{cmd}}',
+  description: 'Protection Buffer Size'
+};

src/commands/registration/prot.js

@@ -0,0 +1,19 @@
+const _ = require('lodash');
+
+module.exports = {
+  directive: 'PROT',
+  handler: function ({command} = {}) {
+    if (!this.server._tls) return this.reply(202, 'Not suppored');
+    if (this.bufferSize === false) return this.reply(503);
+
+    switch (_.toUpper(command.arg)) {
+      case 'P': return this.reply(200, 'OK');
+      case 'C':
+      case 'S':
+      case 'E': return this.reply(536, 'Not supported');
+      default: return this.reply(504);
+    }
+  },
+  syntax: '{{cmd}}',
+  description: 'Data Channel Protection Level'
+};

src/commands/registration/type.js

@@ -1,7 +1,7 @@
 const _ = require('lodash');
 
 const ENCODING_TYPES = {
-  A: 'utf-8',
+  A: 'utf8',
   I: 'binary',
   L: 'binary'
 };

src/commands/registry.js

@@ -33,7 +33,9 @@ const commands = [
   require('./registration/stru'),
   require('./registration/syst'),
   require('./registration/type'),
-  require('./registration/user')
+  require('./registration/user'),
+  require('./registration/pbsz'),
+  require('./registration/prot')
 ];
 
 const registry = commands.reduce((result, cmd) => {

src/connection.js

@@ -15,7 +15,8 @@ class FtpConnection {
     this.id = uuid.v4();
     this.log = options.log.child({id: this.id, ip: this.ip});
     this.commands = new Commands(this);
-    this.encoding = 'utf-8';
+    this.encoding = 'utf8';
+    this.bufferSize = false;
 
     this.connector = new BaseConnector(this);
 
@@ -33,7 +34,7 @@ class FtpConnection {
   }
 
   _handleData(data) {
-    const messages = _.compact(data.toString('utf-8').split('\r\n'));
+    const messages = _.compact(data.toString('utf8').split('\r\n'));
     this.log.trace(messages, 'Messages');
     return sequence(messages.map(message => this.commands.handle.bind(this.commands, message)));
   }

src/connector/passive.js

@@ -1,4 +1,5 @@
 const net = require('net');
+const tls = require('tls');
 const when = require('when');
 
 const Connector = require('./base');
@@ -12,9 +13,7 @@ class Passive extends Connector {
   }
 
   waitForConnection({timeout = 5000, delay = 250} = {}) {
-    if (!this.dataServer) {
-      return when.reject(new errors.ConnectorError('Passive server not setup'));
-    }
+    if (!this.dataServer) return when.reject(new errors.ConnectorError('Passive server not setup'));
     return when.iterate(
       () => {},
       () => this.dataServer && this.dataServer.listening && this.dataSocket && this.dataSocket.connected,
@@ -31,8 +30,7 @@ class Passive extends Connector {
     return closeExistingServer()
     .then(() => this.getPort())
     .then(port => {
-      this.dataSocket = null;
-      this.dataServer = net.createServer({ pauseOnConnect: true }, socket => {
+      const connectionHandler = socket => {
         if (this.connection.commandSocket.remoteAddress !== socket.remoteAddress) {
           this.log.error({
             pasv_connection: socket.remoteAddress,
@@ -45,15 +43,27 @@ class Passive extends Connector {
         }
         this.log.debug({port}, 'Passive connection fulfilled.');
 
-        this.dataSocket = socket;
+        if (this.connection.secure) {
+          const secureContext = tls.createSecureContext(this.server._tls);
+          const secureSocket = new tls.TLSSocket(socket, {
+            isServer: true,
+            secureContext
+          });
+          this.dataSocket = secureSocket;
+        } else {
+          this.dataSocket = socket;
+        }
         this.dataSocket.connected = true;
         this.dataSocket.setEncoding(this.connection.encoding);
         this.dataSocket.on('error', err => this.server.emit('client-error', {connection: this, context: 'dataSocket', error: err}));
         this.dataSocket.on('close', () => {
           this.log.debug('Passive connection closed');
           this.end();
         });
-      });
+      };
+
+      this.dataSocket = null;
+      this.dataServer = net.createServer({ pauseOnConnect: true }, connectionHandler);
       this.dataServer.maxConnections = 1;
       this.dataServer.on('error', err => this.server.emit('client-error', {connection: this, context: 'dataServer', error: err}));
       this.dataServer.on('close', () => {

src/helpers/resolve-host.js

@@ -12,7 +12,7 @@ module.exports = function (hostname) {
         if (response.statusCode !== 200) {
           return reject(new errors.GeneralError('Unable to resolve hostname', response.statusCode));
         }
-        response.setEncoding('utf-8');
+        response.setEncoding('utf8');
         response.on('data', chunk => {
           ip += chunk;
         });

test/commands/registration/auth.spec.js

@@ -6,7 +6,10 @@ const CMD = 'AUTH';
 describe(CMD, function () {
   let sandbox;
   const mockClient = {
-    reply: () => when.resolve()
+    reply: () => when.resolve(),
+    server: {
+      _tls: {}
+    }
   };
   const cmdFn = require(`../../../src/commands/registration/${CMD.toLowerCase()}`).handler.bind(mockClient);
 
@@ -19,10 +22,11 @@ describe(CMD, function () {
     sandbox.restore();
   });
 
-  it('TLS // not supported', done => {
+  it('TLS // supported', done => {
     cmdFn({command: { arg: 'TLS', directive: CMD}})
     .then(() => {
-      expect(mockClient.reply.args[0][0]).to.equal(504);
+      expect(mockClient.reply.args[0][0]).to.equal(234);
+      expect(mockClient.secure).to.equal(true);
       done();
     })
     .catch(done);

test/commands/registration/type.spec.js

@@ -24,7 +24,7 @@ describe(CMD, function () {
     cmdFn({ command: { arg: 'A' } })
     .then(() => {
       expect(mockClient.reply.args[0][0]).to.equal(200);
-      expect(mockClient.encoding).to.equal('utf-8');
+      expect(mockClient.encoding).to.equal('utf8');
       done();
     })
     .catch(done);

test/start.js

@@ -4,7 +4,7 @@ const bunyan = require('bunyan');
 const FtpServer = require('../src');
 
 const log = bunyan.createLogger({name: 'test'});
-log.level('info');
+log.level('trace');
 const server = new FtpServer('ftp://127.0.0.1:8880', {
   log,
   pasv_range: 8881,