Преглед изворни кода

Refactoring SSL configuration, among other things

Signed-off-by: Dušan Mitrović <dusan@dusanmitrovic.xyz>
master
Dušan Mitrović пре 2 месеци
родитељ
комит
f95391a3cd
Signed by: dusan GPG Key ID: 92C38C4382AE469C
3 измењених фајлова са 61 додато и 38 уклоњено
  1. +7
    -3
      .env.example
  2. +22
    -35
      app.js
  3. +32
    -0
      config/https-options.js

+ 7
- 3
.env.example Прегледај датотеку

@@ -1,8 +1,6 @@
HOST="http://localhost"
HOST="https://localhost"
PORT=3000

SERVE_STATIC_FILES_WITH_NGINX=0

SESSION_SECRET="super_secret_stuff"

DB_DRIVER="mysql2"
@@ -22,3 +20,9 @@ MAILER_PORT=465
MAILER_SECURE=true
MAILER_USERNAME="example@example.com"
MAILER_PASSWORD="super_secret_stuff"

SSL_PRIVATE_KEY="./certificates/private.pem"
SSL_CERTIFICATE="./certificates/certificate.pem"
SSL_CERTIFICATE_AUTHORITY=""

NODE_ENV="development"

+ 22
- 35
app.js Прегледај датотеку

@@ -9,7 +9,7 @@
require('dotenv').config();

// Environment
const HOST = process.env.HOST || 'http://localhost';
const HOST = process.env.HOST || 'https://localhost';
const PORT = process.env.PORT || 3000;

// Imports
@@ -17,14 +17,14 @@ const express = require('express');
const expressHandlebars = require('express-handlebars');
const handlebarsConfig = require('./config/handlebars');
const methodOverride = require('method-override');
const {dirname} = require('path');
const session = require('./config/session');
const passSessionToHandlebars = require('./middleware/session');
const notFoundHandler = require('./middleware/404-handler');
const knex = require('./db/connection');
const {Model} = require('objection');
const configureHttpsOptions = require('./config/https-options');
const https = require('https');
const {readFileSync} = require('fs');
const { Model } = require('objection');
const { dirname } = require('path');

// Defined routes
const home = require('./routes/home');
@@ -36,15 +36,11 @@ const images = require('./routes/images');

const app = express();

serveStaticFilesWithNginx = parseInt(process.env.SERVE_STATIC_FILES_WITH_NGINX)
if (
Number.isNaN(serveStaticFilesWithNginx) ||
serveStaticFilesWithNginx <= 0
) {
app.use(
'/static',
express.static(dirname(require.main.filename) + '/static/')
);
if ('development' === process.env.NODE_ENV) {
app.use(
'/static',
express.static(dirname(require.main.filename) + '/static/')
);
}

// Redis session
@@ -68,9 +64,9 @@ app.set('trust proxy', true);
app.set('trust proxy', 'loopback', 'linklocal');

app.use(
express.urlencoded({
extended: true,
})
express.urlencoded({
extended: true,
})
);

app.disable('x-powered-by');
@@ -85,25 +81,16 @@ app.use('/rss', rss);

// 404 route, this must always be the last route mounted
app.get(
'*',
(req, res, next) => {
const error = new Error();
error.status = 404;
next();
},
notFoundHandler
'*',
(req, res, next) => {
const error = new Error();
error.status = 404;
next();
},
notFoundHandler
);

const httpsOptions = {
key: readFileSync(process.env.SSL_PRIVATE_KEY),
cert: readFileSync(process.env.SSL_CERTIFICATE),
};

if ('production' === process.env.NODE_ENV) {
httpsOptions['ca'] = readFileSync(process.env.SSL_CERTIFICATE_AUTHORITY);
}

https
.createServer(httpsOptions, app)
.listen(PORT, () => console.log(`Server listening on ${HOST}:${PORT}`));
.createServer(configureHttpsOptions(), app)
.listen(PORT, () => console.log(`Server listening on ${HOST}:${PORT}`));

+ 32
- 0
config/https-options.js Прегледај датотеку

@@ -0,0 +1,32 @@
/**
* @author Dusan Mitrovic <dusan@dusanmitrovic.xyz>
* @license AGPL-3.0-or-later https://opensource.org/licenses/AGPL-3.0
*
* @summary HTTPS configuration
*/
const { readFileSync } = require('fs');

/**
* Configures https options for use with https module
*
* @returns https.ServerOptions
*/
const configureHttpsOptions = () => {
httpsOptions = {
key: readFileSync(process.env.SSL_PRIVATE_KEY),
cert: readFileSync(process.env.SSL_CERTIFICATE),
};

if ('production' === process.env.NODE_ENV) {
if (
process.env.SSL_CERTIFICATE_AUTHORITY !== undefined ||
process.env.SSL_CERTIFICATE_AUTHORITY !== ''
) {
httpsOptions.ca = readFileSync(process.env.SSL_CERTIFICATE_AUTHORITY);
}
}

return httpsOptions;
};

module.exports = configureHttpsOptions;

Loading…
Откажи
Сачувај