walnut.js/serve.js

103 lines
3.0 KiB
JavaScript
Executable File

#!/usr/bin/env node
'use strict';
var https = require('https')
, http = require('http')
, path = require('path')
, port = process.argv[2] || 65443
, insecurePort = process.argv[3] || 65080
, fs = require('fs')
, path = require('path')
, checkip = require('check-ip-address')
, server
, insecureServer
, options
, certsPath = path.join(__dirname, 'certs', 'server')
, caCertsPath = path.join(__dirname, 'certs', 'ca')
;
//
// SSL Certificates
//
options = {
key: fs.readFileSync(path.join(certsPath, 'my-server.key.pem'))
, ca: [ fs.readFileSync(path.join(caCertsPath, 'my-root-ca.crt.pem')) ]
, cert: fs.readFileSync(path.join(certsPath, 'my-server.crt.pem'))
, requestCert: false
, rejectUnauthorized: false
};
//
// Serve an Express App securely with HTTPS
//
server = https.createServer(options);
checkip.getExternalIp().then(function (ip) {
var host = ip || 'local.helloworld3000.com'
;
function listen(app) {
server.on('request', app);
server.listen(port, function () {
port = server.address().port;
console.log('Listening on https://127.0.0.1:' + port);
console.log('Listening on https://local.helloworld3000.com:' + port);
if (ip) {
console.log('Listening on https://' + ip + ':' + port);
}
});
}
var publicDir = path.join(__dirname, 'public');
var app = require('./app').create(server, host, port, publicDir);
listen(app);
});
//
// Redirect HTTP ot HTTPS
//
// This simply redirects from the current insecure location to the encrypted location
//
insecureServer = http.createServer();
insecureServer.on('request', function (req, res) {
var newLocation = 'https://'
+ req.headers.host.replace(/:\d+/, ':' + port) + req.url
;
var metaRedirect = ''
+ '<html>\n'
+ '<head>\n'
+ ' <style>* { background-color: white; color: white; text-decoration: none; }</style>\n'
+ ' <META http-equiv="refresh" content="0;URL=' + newLocation + '">\n'
+ '</head>\n'
+ '<body style="display: none;">\n'
+ ' <p>You requested an insecure resource. Please use this instead: \n'
+ ' <a href="' + newLocation + '">' + newLocation + '</a></p>\n'
+ '</body>\n'
+ '</html>\n'
;
// DO NOT HTTP REDIRECT
/*
res.setHeader('Location', newLocation);
res.statusCode = 302;
*/
// BAD NEWS BEARS
//
// When people are experimenting with the API and posting tutorials
// they'll use cURL and they'll forget to prefix with https://
// If we allow that, then many users will be sending private tokens
// and such with POSTs in clear text and, worse, it will work!
// To minimize this, we give browser users a mostly optimal experience,
// but people experimenting with the API get a message letting them know
// that they're doing it wrong and thus forces them to ensure they encrypt.
res.setHeader('Content-Type', 'text/html');
res.end(metaRedirect);
});
insecureServer.listen(insecurePort, function(){
console.log("\nRedirecting all http traffic to https\n");
});