Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to run server over HTTPS #631

Merged
merged 2 commits into from Apr 20, 2020
Merged

Add option to run server over HTTPS #631

merged 2 commits into from Apr 20, 2020

Conversation

c-w
Copy link
Contributor

@c-w c-w commented Apr 20, 2020

This commit adds the option to run the boardgame.io server over HTTPS by passing through koa-socket-2 SSL options to the SocketIO transport.

While it's also possible to achieve HTTPS in other ways, e.g. via nginx as discussed in #322, enabling first-party support for HTTPS makes it much simpler to spin up such services since it removes the need to install and configure an external SSL terminator and proxy.

Checklist

  • Use a separate branch in your local repo (not master).
  • Test coverage is 100% (or you have a story for why it's ok).

@delucis
Copy link
Member

delucis commented Apr 20, 2020

@c-w Thanks so much for this! Do you think it would make sense to also include the Koa apps in this as well?

Currently we run the Lobby and API servers using Koa’s listen method:

https://github.com/nicolodavis/boardgame.io/blob/475930512ca51f037aa8c5a8cb803d5958265045/src/server/index.ts#L122

https://github.com/nicolodavis/boardgame.io/blob/475930512ca51f037aa8c5a8cb803d5958265045/src/server/index.ts#L131

These use http internally, but the Koa docs describe how to use Node’s https module instead. If we implemented this, the certificates could be used to secure the whole server, not just the socket transport.

Let me know what you think, and if it’s too much for this PR, I’ll get this merged and we can add it to the to-do list.

@c-w
Copy link
Contributor Author

c-w commented Apr 20, 2020

@delucis Thanks for the review. I definitely also want to include the Koa apps in the HTTPS setup.

My initial implementation of this feature actually was very similar to your suggestions, namely a refactor of the Server.run method to return both Koa application objects so that calling code could then run them in their own http or https server. However, it turns out that koa-socket-2 already creates a http or https server for us in attach(app, https, opts). As such, all that we need to do to host the socket server and API servers on HTTPS is to set up HTTPS on the socket.

The code I pushed to the pull request doesn't make this setup obvious and we technically have no guarantee that any transport implementation provided by a caller maintains the invariant that app.server is undefined by the time that SocketIO is initialized. As such, I pushed an update to the pull request to encapsulate this logic: we now have a https argument in the Server function that sets up the wiring as required.

Copy link
Member

@delucis delucis left a comment

Thanks for the changes and clear explanation. Looks good. I’ve requested a couple of tiny changes, and then I think this should be good to go.

src/server/transport/socketio.js Outdated Show resolved Hide resolved
src/server/transport/socketio.js Outdated Show resolved Hide resolved
@delucis delucis merged commit 3569408 into boardgameio:master Apr 20, 2020
2 checks passed
@delucis
Copy link
Member

delucis commented Apr 20, 2020

Thanks Clemens! Especially for including the documentation update with this.

@c-w c-w deleted the c-w/https branch Apr 20, 2020
@c-w
Copy link
Contributor Author

c-w commented Apr 20, 2020

Thanks for the merge! Any chance I could get a patch release for this too? I'm using this feature on a game I'm working on currently and would love to remove my local package override hack.

@delucis
Copy link
Member

delucis commented Apr 20, 2020

@nicolodavis is managing the release flow, but I’ll ask!

@nicolodavis
Copy link
Member

nicolodavis commented Apr 21, 2020

Will release this soon.

Let me also point out that NPM supports GitHub installs so it's very easy to just do:

npm i --save nicolodavis/boardgame.io

and get the latest code rather than waiting for an official NPM package (I haven't tested this on boardgame.io specifically so someone would need to test if it pulls in dependencies correctly).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants