Enable HTTPS

Author: martinleopold

auth.test.mjs

@@ -1,8 +1,8 @@
 import tap from 'tap';
-import got from 'got';
 import * as db from './db.mjs';
 import * as util from './util.mjs';
 import * as test_util from './test_util.mjs';
+import { request as got } from './test_util.mjs';
 
 let tokens;
 
@@ -39,22 +39,22 @@ tap.teardown(async () => {
 });
 
 tap.test('get token', async t => {
-  let res = await got('http://localhost:3000/get_token', {
+  let res = await got('/get_token', {
     responseType: 'json',
     searchParams: { id: tokens[0].id },
     headers: { 'Authorization': 'Bearer ' + jwt.public }
   });
   t.equal(res.statusCode, 200, 'valid auth');
 
-  res = await got('http://localhost:3000/get_token', {
+  res = await got('/get_token', {
     responseType: 'json',
     searchParams: { id: tokens[0].id },
     headers: { 'Authorization': 'Bearer ' + jwt.admin }
   });
   t.equal(res.statusCode, 200, 'valid auth (other valid subject)');
 
   try {
-    let res = await got('http://localhost:3000/get_token', {
+    let res = await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id }
     });
@@ -67,7 +67,7 @@ tap.test('get token', async t => {
   }
 
   try {
-    let res = await got('http://localhost:3000/get_token', {
+    let res = await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id },
       headers: { 'Authorization': 'Bearer ' + jwt.exhibition }
@@ -81,7 +81,7 @@ tap.test('get token', async t => {
   }
 
   try {
-    let res = await got('http://localhost:3000/get_token', {
+    let res = await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id },
       headers: { 'Authorization': 'Bearer ' + jwt.public_invalid }
@@ -95,7 +95,7 @@ tap.test('get token', async t => {
   }
 
   try {
-    let res = await got('http://localhost:3000/get_token', {
+    let res = await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id },
       headers: { 'Authorization': 'Bearer ' + jwt.garbage }
@@ -109,7 +109,7 @@ tap.test('get token', async t => {
   }
 
   try {
-    let res = await got('http://localhost:3000/get_token', {
+    let res = await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id },
       headers: { 'Authorization': 'Bearer ' + jwt.public_expired }

cert/localhost.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdigAwIBAgIUTuVLsL+W/LpSp+3ZnsAPQ4xrAjIwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDQyMTA5MTIzNloXDTIxMDUy
+MTA5MTIzNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEApDIG7S6He/ZjLOi8zdq6SyhsyH83v9nSsAi3YJ8LQkLt
+gbnX4VD820TwHHI+3B0+r+a236Bc5M8R55mN7/lGFsgLpzZ2uF9N3H97YHMXhWaQ
+zoLqPTOMm3mbIN8Vo1PxLuGKZBCIXVdjDoN0UeTzruKHKDrsIdgg8XW6p3v2yLRi
+IUood8V+0k4lt797kBODpm2gbT2JDM2Xm6UbOsH8VHSaVn4wio/5txr+07kpVvdF
+MzczfD7SwfXZM2FzO5Pe713vup5Md8azkwhDVHWh6osUJdQ3Im7STyNc4yPla4kf
+kml2sdhyiZWr/JDKZ1yNERMpWflNjqzLRHQ3NG/kawIDAQABozowODAUBgNVHREE
+DTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MA0GCSqGSIb3DQEBCwUAA4IBAQB2zR5mVMCut63OkhR0VDBZAjdlWsJuAS7075by
+ifxw4Kw+D+9ccnARqgd2cPRUXzH2mi6XxbvRQpHTSUKz7PD6N9kVSJsocoy0BOsJ
+WEFYzxGiRQRDWZWVbQ82Rc/WTDg2xacUOEcMsfyMvxdNQ7BmqU51mkAqYIcv6ksL
+7YyXXR8s3b4xwY/KIM7cVkTb6q3TY53g/QauzZYTbdvwCWSUOOGt9hVtnsc4gD49
+WT0Sn9QsMmzN/rQ6ouyDY5aJrugfc7SA6FUD7X2ZOL91J85W1y2Hn9XS3tFvzI86
+X1EUuu3ZjSSuuPuiOEH7oIAekq4MLNN2pyML1ZxTzWqjbmO7
+-----END CERTIFICATE-----

cert/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCkMgbtLod79mMs
+6LzN2rpLKGzIfze/2dKwCLdgnwtCQu2BudfhUPzbRPAccj7cHT6v5rbfoFzkzxHn
+mY3v+UYWyAunNna4X03cf3tgcxeFZpDOguo9M4ybeZsg3xWjU/Eu4YpkEIhdV2MO
+g3RR5POu4ocoOuwh2CDxdbqne/bItGIhSih3xX7STiW3v3uQE4OmbaBtPYkMzZeb
+pRs6wfxUdJpWfjCKj/m3Gv7TuSlW90UzNzN8PtLB9dkzYXM7k97vXe+6nkx3xrOT
+CENUdaHqixQl1DcibtJPI1zjI+VriR+SaXax2HKJlav8kMpnXI0REylZ+U2OrMtE
+dDc0b+RrAgMBAAECggEBAKDTX3Vx3cLN0tZqIISBeXekYOkBstl3waYq43MAVUbR
+x1EJdyp66TDclVNHk8qF2qDwmq7vpA15xU/UV/J1dvFZgBCIiECPGPSg6XfPQ3qm
+u6+LC2Rm2ZJvykKoP8l6rwH8aFEa4HaM4bmViJmuaAEkYL5G+IMt7xaS+gCSq2Zp
+tv4VDSEjeUv/nXyW0ZO7TX/zJ/Lxw0JZnFWDhwooGx2NHjBc+Qwolxk98cw7WcBC
+zvEoatbIgvmWlD7FV+JM7zD0Elu3x2rHRvRf8aiWq8Pd0smE6wMOqTbgmyOcD7sh
+Qz7x/JtfLSeqYd9ffU904KbHKZ6Z7MXNNlL0lWUDzgECgYEA0RUA5B5O6QJgGKic
+nuv//qMjF8qun+OEH0Fu8Ks2fo10EyKYLzzMfiOFUhes2WoijkoXTWniZcSg/8TK
+ABVBSyrPWczDFVg2yYJmcIGZ5eQeD4677+jRaqoHkWYU64KRFvc8ZUXMyKXkZmt6
+Hq4h7Pvl8JIE+cK5F31WbuAhyd0CgYEAyQpzl1b4542Y5H30Wk0+xuHaU6ZIwqsW
+C7Cb5A+9XlxorkN8rvRMJc97FhsSB/dv1hjjS+nUSHuSDOd4eeIHNp2e6E6Mt+D4
+ngXB1NTd804bw1k7zTD2Thl0zL90Ws57/wi26Y1e1gSGGV9P++9kzWd1Y0EtMwAL
+MwLs3zLE1ucCgYBqP9osEprXHjXnUggFWrjElfKHbKBA8EV7/Kx78QXIWenar4HW
+v3bLwxFFHnLgKWdWF6Cv3lcGkF2gnEhqsmJz6FVmtP+OIT32OSYFlla21K3SCh7H
+U/DX23/tC4smAzvoB8vRSx8998+RnJx6atMisv+uuQV+Rs34eeEqhwukoQKBgQCM
+Cq/CeF8iTUx3vhV84dodCC7hni+JC0xsEDZHg39SP+Tbnz83UA3LOOBw4aKJ0h8h
+cGzE8LljVFDElGkj3gNQVDPhdvYnEJue2DvRWgbR+VL1nS8/HCA2/xyRk7wllThi
+y1s/Da9GPhh7jB1XTcdWHf9ziG9H23vxqNQAFolveQKBgQCnbNHxqejt855/y/+A
+Mc6iGRnXUapJTAjsi1SSqpgRaRzipLSPlCaN03GNuZLV7VRn4Nmh1NeXwieFeWqF
+E4ociJUYOpmxuVTwzxNL4c5T0yRppJzAGINMWfEsyqGrznxoSbskoGF+QLn75pGD
+kRFdbk9T9ga6W75gI3KMXcjTOA==
+-----END PRIVATE KEY-----

errors.test.mjs

@@ -1,8 +1,8 @@
 import tap from 'tap';
-import got from 'got';
 import * as db from './db.mjs';
 import * as util from './util.mjs';
 import * as test_util from './test_util.mjs';
+import { request as got } from './test_util.mjs';
 
 let tokens;
 
@@ -28,7 +28,7 @@ tap.test('get token (errors)', async t => {
   const url_save = db.DB.url;
   db.DB.url = 'http://localhost:9999';
   try {
-    await got('http://localhost:3000/get_token', {
+    await got('/get_token', {
       responseType: 'json',
       searchParams: { id: tokens[0].id },
       retry: 0
@@ -44,7 +44,7 @@ tap.test('get token (errors)', async t => {
 
   // no id
   try {
-    await got('http://localhost:3000/get_token', {
+    await got('/get_token', {
       responseType: 'json',
     });
     t.fail('should throw');
@@ -57,7 +57,7 @@ tap.test('get token (errors)', async t => {
 
   // empty id
   try {
-    await got('http://localhost:3000/get_token', {
+    await got('/get_token', {
       responseType: 'json',
       searchParams: { id: '' }
     });
@@ -71,7 +71,7 @@ tap.test('get token (errors)', async t => {
 
   // invalid id
   try {
-    await got('http://localhost:3000/get_token', {
+    await got('/get_token', {
       responseType: 'json',
       retry: 0,
       searchParams: { id: 'abcdef' }
@@ -87,7 +87,7 @@ tap.test('get token (errors)', async t => {
 
 tap.test('get tokens by offset (errors)', async t => {
   try {
-    await got('http://localhost:3000/get_tokens', {
+    await got('/get_tokens', {
       responseType: 'json',
       searchParams: {}
     });
@@ -100,7 +100,7 @@ tap.test('get tokens by offset (errors)', async t => {
   }
 
   try {
-    await got('http://localhost:3000/get_tokens', {
+    await got('/get_tokens', {
       responseType: 'json',
       searchParams: { offset:0, count:0 }
     });
@@ -113,7 +113,7 @@ tap.test('get tokens by offset (errors)', async t => {
   }
 
   try {
-    await got('http://localhost:3000/get_tokens', {
+    await got('/get_tokens', {
       responseType: 'json',
       searchParams: { offset:0, count:999999 }
     });
@@ -125,7 +125,7 @@ tap.test('get tokens by offset (errors)', async t => {
     }, 'count too big');
   }
 
-  let res = await got('http://localhost:3000/get_tokens', {
+  let res = await got('/get_tokens', {
     responseType: 'json',
     searchParams: { offset:10, count:1 }
   });
@@ -134,7 +134,7 @@ tap.test('get tokens by offset (errors)', async t => {
     body: { offset:10, rows: [], prev: tokens[9].id, next: null }
   }, 'going one over');
 
-  res = await got('http://localhost:3000/get_tokens', {
+  res = await got('/get_tokens', {
     responseType: 'json',
     searchParams: { offset:99, count:1 }
   });
@@ -143,7 +143,7 @@ tap.test('get tokens by offset (errors)', async t => {
     body: { offset:99, rows: [], prev: null, next: null }
   }, 'going over more');
 
-  res = await got('http://localhost:3000/get_tokens', {
+  res = await got('/get_tokens', {
     responseType: 'json',
     searchParams: { offset:-11, count:1 }
   });
@@ -152,7 +152,7 @@ tap.test('get tokens by offset (errors)', async t => {
     body: { offset:-11, rows: [], prev: null, next: tokens[0].id }
   }, 'going one below');
 
-  res = await got('http://localhost:3000/get_tokens', {
+  res = await got('/get_tokens', {
     responseType: 'json',
     searchParams: { offset:-99, count:1 }
   });

main.config.json

@@ -1,6 +1,11 @@
 {
   "host": "localhost",
   "port": 3000,
+  "https": {
+    "enabled": true,
+    "key": "cert/localhost.key",
+    "cert": "cert/localhost.crt"
+  },
   "page_limit": 1000,
   "enable_auth": true,
   "jwt_secret": "y2ZHC@KS/KW6Nw;whGVKl-Nc2y/;HpOc",

main.mjs

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
-
+import http from 'http';
+import https from 'https';
 import {readFileSync} from 'fs';
 import express from 'express';
 import jwt from 'express-jwt';
@@ -262,9 +263,21 @@ if (!filter_status) {
   await db.create_filters();
   console.log('updated filters');
 }
+
 // start server
-const server = app.listen(CONFIG.port, () => {
-  console.log('Server running on port ' + CONFIG.port);
+let server;
+if (CONFIG.https.enabled) {
+  server = https.createServer({
+    key: readFileSync(CONFIG.https.key),
+    cert: readFileSync(CONFIG.https.cert),
+  }, app);
+} else {
+  server = http.createServer(app);
+}
+server.listen(CONFIG.port, () => {
+  const secure = server instanceof https.Server;
+  console.log(`${secure ? 'HTTPS ' : ''}Server running on port ${CONFIG.port}`);
+  if (!secure) console.log('Warning: Server is not secure (HTTPS disbaled)');
 });
 
 // Instance of http.Server. See: https://expressjs.com/en/4x/api.html#app.listen