Merge pull request #548 from jloveland/generate-sslcerts

Add SSL support back into 0.4.0
meanjs · May 28, 2015 · 3ea400f · 3ea400f
2 parents f24ce65 + 3e1d0b5
commit 3ea400f
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 49 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ public/dist/
 .idea/
 uploads
 modules/users/client/img/profile/uploads
+*.pem
diff --git a/config/env/production.js b/config/env/production.js
@@ -1,6 +1,8 @@
 'use strict';
 
 module.exports = {
+    secure: true,
+    port: process.env.PORT || 8443,
     db: process.env.MONGOHQ_URL || process.env.MONGOLAB_URI || 'mongodb://' + (process.env.DB_1_PORT_27017_TCP_ADDR || 'localhost') + '/mean',
     facebook: {
         clientID: process.env.FACEBOOK_ID || 'APP_ID',

diff --git a/config/lib/express.js b/config/lib/express.js
@@ -27,6 +27,7 @@ module.exports.initLocalVariables = function (app) {
 	// Setting application local variables
 	app.locals.title = config.app.title;
 	app.locals.description = config.app.description;
+	app.locals.secure = config.secure;
 	app.locals.keywords = config.app.keywords;
 	app.locals.googleAnalyticsTrackingID = config.app.googleAnalyticsTrackingID;
 	app.locals.facebookAppId = config.facebook.clientID;

diff --git a/config/lib/socket.io.js b/config/lib/socket.io.js
@@ -2,60 +2,75 @@
 
 // Load the module dependencies
 var config = require('../config'),
-	path = require('path'),
+    path = require('path'),
+    fs = require('fs'),
+    http = require('http'),
+    https = require('https'),
     cookieParser = require('cookie-parser'),
     passport = require('passport'),
     socketio = require('socket.io'),
-	session = require('express-session'),
-	MongoStore = require('connect-mongo')(session),
-    http = require('http');
+    session = require('express-session'),
+    MongoStore = require('connect-mongo')(session);
 
 // Define the Socket.io configuration method
 module.exports = function(app, db) {
-	// Create a new HTTP server
-    var server = http.createServer(app);
+  var server;
+  if (config.secure === true) {
+    // Load SSL key and certificate
+    var privateKey = fs.readFileSync('./config/sslcerts/key.pem', 'utf8');
+    var certificate = fs.readFileSync('./config/sslcerts/cert.pem', 'utf8');
+    var options = {
+      key: privateKey,
+      cert: certificate
+    };
 
-    // Create a new Socket.io server
-    var io = socketio.listen(server);
+    // Create new HTTPS Server
+    server = https.createServer(options, app);
+  } else {
+    // Create a new HTTP server
+    server = http.createServer(app);
+  }
+  // Create a new Socket.io server
+  var io = socketio.listen(server);
 
-    // Create a MongoDB storage object
-    var mongoStore = new MongoStore({
-        mongooseConnection: db.connection,
-        collection: config.sessionCollection
-    });
+  // Create a MongoDB storage object
+  var mongoStore = new MongoStore({
+      mongooseConnection: db.connection,
+      collection: config.sessionCollection
+  });
+
+  // Intercept Socket.io's handshake request
+  io.use(function(socket, next) {
+    // Use the 'cookie-parser' module to parse the request cookies
+    cookieParser(config.sessionSecret)(socket.request, {}, function(err) {
+      // Get the session id from the request cookies
+      var sessionId = socket.request.signedCookies['connect.sid'];
 
-    // Intercept Socket.io's handshake request
-    io.use(function(socket, next) {
-        // Use the 'cookie-parser' module to parse the request cookies
-        cookieParser(config.sessionSecret)(socket.request, {}, function(err) {
-            // Get the session id from the request cookies
-            var sessionId = socket.request.signedCookies['connect.sid'];
-
-            // Use the mongoStorage instance to get the Express session information
-            mongoStore.get(sessionId, function(err, session) {
-                // Set the Socket.io session information
-                socket.request.session = session;
-
-                // Use Passport to populate the user details
-                passport.initialize()(socket.request, {}, function() {
-                    passport.session()(socket.request, {}, function() {
-                        if (socket.request.user) {
-                            next(null, true);
-                        } else {
-                            next(new Error('User is not authenticated'), false);
-                        }
-                    });
-                });
-            });
+      // Use the mongoStorage instance to get the Express session information
+      mongoStore.get(sessionId, function(err, session) {
+        // Set the Socket.io session information
+        socket.request.session = session;
+
+        // Use Passport to populate the user details
+        passport.initialize()(socket.request, {}, function() {
+          passport.session()(socket.request, {}, function() {
+            if (socket.request.user) {
+              next(null, true);
+            } else {
+              next(new Error('User is not authenticated'), false);
+            }
+          });
         });
+      });
     });
+  });
 
-    // Add an event listener to the 'connection' event
-    io.on('connection', function(socket) {
-        config.files.server.sockets.forEach(function(socketConfiguration) {
-            require(path.resolve(socketConfiguration))(io, socket);
-        });
+  // Add an event listener to the 'connection' event
+  io.on('connection', function(socket) {
+    config.files.server.sockets.forEach(function(socketConfiguration) {
+      require(path.resolve(socketConfiguration))(io, socket);
     });
+  });
 
-    return server;
+  return server;
 };
diff --git a/generate-ssl-certs.sh b/generate-ssl-certs.sh
diff --git a/scripts/generate-ssl-certs.sh b/scripts/generate-ssl-certs.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+echo "Generating self-signed certificates..."
+openssl genrsa -out ./config/sslcerts/key.pem -aes256 1024
+openssl req -new -key ./config/sslcerts/key.pem -out ./config/sslcerts/csr.pem
+openssl x509 -req -days 9999 -in ./config/sslcerts/csr.pem -signkey ./config/sslcerts/key.pem -out ./config/sslcerts/cert.pem
+rm ./config/sslcerts/csr.pem
+# resolve issue with bad password...
+# Error: error:0906A068:PEM routines:PEM_do_header:bad password read
+# reference: http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/
+openssl rsa -in ./config/sslcerts/key.pem -out ./config/sslcerts/newkey.pem && mv ./config/sslcerts/newkey.pem ./config/sslcerts/key.pem
+chmod 0400 ./config/sslcerts/key.pem ./config/sslcerts/cert.pem