diff --git a/.gitignore b/.gitignore index 3ec34150c9..34f79a3566 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ public/dist/ .idea/ uploads modules/users/client/img/profile/uploads +*.pem diff --git a/config/env/production.js b/config/env/production.js index 01cc6beb87..6d4681547e 100644 --- a/config/env/production.js +++ b/config/env/production.js @@ -1,6 +1,8 @@ 'use strict'; module.exports = { + secure: true, + port: process.env.PORT || 8443, db: process.env.MONGOHQ_URL || process.env.MONGOLAB_URI || 'mongodb://' + (process.env.DB_1_PORT_27017_TCP_ADDR || 'localhost') + '/mean', facebook: { clientID: process.env.FACEBOOK_ID || 'APP_ID', diff --git a/config/lib/express.js b/config/lib/express.js index b01eb9abf1..f51b718386 100644 --- a/config/lib/express.js +++ b/config/lib/express.js @@ -27,6 +27,7 @@ module.exports.initLocalVariables = function (app) { // Setting application local variables app.locals.title = config.app.title; app.locals.description = config.app.description; + app.locals.secure = config.secure; app.locals.keywords = config.app.keywords; app.locals.googleAnalyticsTrackingID = config.app.googleAnalyticsTrackingID; app.locals.facebookAppId = config.facebook.clientID; diff --git a/config/lib/socket.io.js b/config/lib/socket.io.js index 3312bb4ad4..18adffd0d0 100644 --- a/config/lib/socket.io.js +++ b/config/lib/socket.io.js @@ -2,60 +2,75 @@ // Load the module dependencies var config = require('../config'), - path = require('path'), + path = require('path'), + fs = require('fs'), + http = require('http'), + https = require('https'), cookieParser = require('cookie-parser'), passport = require('passport'), socketio = require('socket.io'), - session = require('express-session'), - MongoStore = require('connect-mongo')(session), - http = require('http'); + session = require('express-session'), + MongoStore = require('connect-mongo')(session); // Define the Socket.io configuration method module.exports = function(app, db) { - // Create a new HTTP server - var server = http.createServer(app); + var server; + if (config.secure === true) { + // Load SSL key and certificate + var privateKey = fs.readFileSync('./config/sslcerts/key.pem', 'utf8'); + var certificate = fs.readFileSync('./config/sslcerts/cert.pem', 'utf8'); + var options = { + key: privateKey, + cert: certificate + }; - // Create a new Socket.io server - var io = socketio.listen(server); + // Create new HTTPS Server + server = https.createServer(options, app); + } else { + // Create a new HTTP server + server = http.createServer(app); + } + // Create a new Socket.io server + var io = socketio.listen(server); - // Create a MongoDB storage object - var mongoStore = new MongoStore({ - mongooseConnection: db.connection, - collection: config.sessionCollection - }); + // Create a MongoDB storage object + var mongoStore = new MongoStore({ + mongooseConnection: db.connection, + collection: config.sessionCollection + }); + + // Intercept Socket.io's handshake request + io.use(function(socket, next) { + // Use the 'cookie-parser' module to parse the request cookies + cookieParser(config.sessionSecret)(socket.request, {}, function(err) { + // Get the session id from the request cookies + var sessionId = socket.request.signedCookies['connect.sid']; - // Intercept Socket.io's handshake request - io.use(function(socket, next) { - // Use the 'cookie-parser' module to parse the request cookies - cookieParser(config.sessionSecret)(socket.request, {}, function(err) { - // Get the session id from the request cookies - var sessionId = socket.request.signedCookies['connect.sid']; - - // Use the mongoStorage instance to get the Express session information - mongoStore.get(sessionId, function(err, session) { - // Set the Socket.io session information - socket.request.session = session; - - // Use Passport to populate the user details - passport.initialize()(socket.request, {}, function() { - passport.session()(socket.request, {}, function() { - if (socket.request.user) { - next(null, true); - } else { - next(new Error('User is not authenticated'), false); - } - }); - }); - }); + // Use the mongoStorage instance to get the Express session information + mongoStore.get(sessionId, function(err, session) { + // Set the Socket.io session information + socket.request.session = session; + + // Use Passport to populate the user details + passport.initialize()(socket.request, {}, function() { + passport.session()(socket.request, {}, function() { + if (socket.request.user) { + next(null, true); + } else { + next(new Error('User is not authenticated'), false); + } + }); }); + }); }); + }); - // Add an event listener to the 'connection' event - io.on('connection', function(socket) { - config.files.server.sockets.forEach(function(socketConfiguration) { - require(path.resolve(socketConfiguration))(io, socket); - }); + // Add an event listener to the 'connection' event + io.on('connection', function(socket) { + config.files.server.sockets.forEach(function(socketConfiguration) { + require(path.resolve(socketConfiguration))(io, socket); }); + }); - return server; + return server; }; diff --git a/generate-ssl-certs.sh b/generate-ssl-certs.sh deleted file mode 100644 index fda44bb0c4..0000000000 --- a/generate-ssl-certs.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -echo "Generating self-signed certificates..." -openssl genrsa -out ./config/sslcerts/key.pem -aes256 1024 -openssl req -new -key ./config/sslcerts/key.pem -out ./config/sslcerts/csr.pem -openssl x509 -req -days 9999 -in ./config/sslcerts/csr.pem -signkey ./config/sslcerts/key.pem -out ./config/sslcerts/cert.pem -rm ./config/sslcerts/csr.pem -chmod 600 ./config/sslcerts/key.pem ./config/sslcerts/cert.pem diff --git a/scripts/generate-ssl-certs.sh b/scripts/generate-ssl-certs.sh new file mode 100755 index 0000000000..02e5d2d504 --- /dev/null +++ b/scripts/generate-ssl-certs.sh @@ -0,0 +1,11 @@ +#!/bin/bash +echo "Generating self-signed certificates..." +openssl genrsa -out ./config/sslcerts/key.pem -aes256 1024 +openssl req -new -key ./config/sslcerts/key.pem -out ./config/sslcerts/csr.pem +openssl x509 -req -days 9999 -in ./config/sslcerts/csr.pem -signkey ./config/sslcerts/key.pem -out ./config/sslcerts/cert.pem +rm ./config/sslcerts/csr.pem +# resolve issue with bad password... +# Error: error:0906A068:PEM routines:PEM_do_header:bad password read +# reference: http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/ +openssl rsa -in ./config/sslcerts/key.pem -out ./config/sslcerts/newkey.pem && mv ./config/sslcerts/newkey.pem ./config/sslcerts/key.pem +chmod 0400 ./config/sslcerts/key.pem ./config/sslcerts/cert.pem