Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

Commit

Permalink
feat(hpkp): Add the hpkp headers to all requests (#416) r=vladikoff
Browse files Browse the repository at this point in the history
  • Loading branch information
@vbudhram @vladikoff
vbudhram authored and vladikoff committed Nov 18, 2016
1 parent bf624bf commit 6b8a8c8
Show file tree
Hide file tree
Showing 6 changed files with 432 additions and 174 deletions.
38 changes: 38 additions & 0 deletions lib/config.js
View file
Expand Up @@ -120,6 +120,44 @@ const conf = convict({
default: ''
}
},
hpkpConfig: {
enabled: {
default: false,
doc: 'Feature flag for appending HPKP headers',
format: Boolean,
env: 'HPKP_ENABLE'
},
reportOnly: {
default: true,
doc: 'Enable report only mode',
format: Boolean,
env: 'HPKP_REPORT_ONLY'
},
reportUri: {
default: '',
doc: 'Enable report only mode',
format: String,
env: 'HPKP_REPORT_URI'
},
includeSubDomains: {
default: true,
doc: 'Include Sub-Domains',
format: Boolean,
env: 'HPKP_INCLUDE_SUBDOMAINS'
},
maxAge: {
default: 1,
doc: 'Max age for HPKP headers (seconds)',
format: Number,
env: 'HPKP_MAX_AGE'
},
sha256s: {
default: [],
doc: 'Supported pin-sha256s',
format: Array,
env: 'HPKP_PIN_SHA256'
}
},
localRedirects: {
doc: 'When true, `localhost` and `127.0.0.1` always are legal redirects.',
default: false
Expand Down
26 changes: 26 additions & 0 deletions lib/server/index.js
View file
Expand Up @@ -33,6 +33,31 @@ exports.create = function createServer() {
server.auth.scheme(authBearer.AUTH_SCHEME, authBearer.strategy);
server.auth.strategy(authBearer.AUTH_STRATEGY, authBearer.AUTH_SCHEME);

if (config.hpkpConfig && config.hpkpConfig.enabled) {
var hpkpOptions = {
maxAge: config.hpkpConfig.maxAge,
sha256s: config.hpkpConfig.sha256s,
includeSubdomains: config.hpkpConfig.includeSubDomains
};

if (config.hpkpConfig.reportUri){
hpkpOptions.reportUri = config.hpkpConfig.reportUri;
}

if (config.hpkpConfig.reportOnly){
hpkpOptions.reportOnly = config.hpkpConfig.reportOnly;
}

server.register({
register: require('hapi-hpkp'),
options: hpkpOptions
}, function (err) {
if (err) {
throw err;
}
});
}

var routes = require('../routing').routes;
if (isProd) {
logger.info('prod', 'Disabling response schema validation');
Expand Down Expand Up @@ -83,6 +108,7 @@ exports.create = function createServer() {
response = AppError.translate(response);
}
summary(request, response);

next(response);
});

Expand Down
25 changes: 25 additions & 0 deletions lib/server/internal.js
View file
Expand Up @@ -27,6 +27,31 @@ exports.create = function createServer() {
server.auth.scheme(auth.AUTH_SCHEME, auth.strategy);
server.auth.strategy(auth.AUTH_STRATEGY, auth.AUTH_SCHEME);

if (config.hpkpConfig && config.hpkpConfig.enabled) {
var hpkpOptions = {
maxAge: config.hpkpConfig.maxAge,
sha256s: config.hpkpConfig.sha256s,
includeSubdomains: config.hpkpConfig.includeSubDomains
};

if (config.hpkpConfig.reportUri){
hpkpOptions.reportUri = config.hpkpConfig.reportUri;
}

if (config.hpkpConfig.reportOnly){
hpkpOptions.reportOnly = config.hpkpConfig.reportOnly;
}

server.register({
register: require('hapi-hpkp'),
options: hpkpOptions
}, function (err) {
if (err) {
throw err;
}
});
}

var routes = require('../routing').clients;
if (isProd) {
logger.info('prod', 'Disabling response schema validation');
Expand Down

0 comments on commit 6b8a8c8

Please sign in to comment.