HTTPS and Secure Communication

- Understand about secure communication between the client and server using the HTTPS protocol - Set up the server to use HTTPS and configure the certificate and private key for use with HTTPS
yogykwan · May 26, 2017 · 9128813 · 9128813
1 parent 38e20b2
commit 9128813
Show file tree

Hide file tree

Showing 8 changed files with 115 additions and 82 deletions.
diff --git a/conFusion-Express/README.md b/conFusion-Express/README.md
@@ -12,3 +12,9 @@ npm install
 npm start
 ```
 
+# Certificate
+```
+openssl genrsa 1024 > private.key
+openssl req -new -key private.key -out cert.csr
+openssl x509 -req -in cert.csr -signkey private.key -out certificate.pem
+```
diff --git a/conFusion-Express/app.js b/conFusion-Express/app.js
@@ -26,6 +26,15 @@ var leaderRouter = require('./routes/leaderRouter');
 
 var app = express();
 
+// Secure traffic only
+app.all('*', function (req, res, next) {
+    // console.log('req start: ', req.secure, req.hostname, req.url, app.get('port'));
+    if (req.secure) {
+        return next();
+    }
+    res.redirect('https://' + req.hostname + ':' + app.get('secPort') + req.url);
+});
+
 // view engine setup
 app.set('views', path.join(__dirname, 'views'));
 app.set('view engine', 'jade');

diff --git a/conFusion-Express/bin/cert.csr b/conFusion-Express/bin/cert.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBhDCB7gIBADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEh
+MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCndcWInEb7W4AohAVD8g1fsWFMEFW8TvptIPszWScna+sO
+KzIi3b4PMN6SD9ovMZ/UzP/A8J76Rqx+C/iEWe3UyePNt81ONU+2k8KBOuDMqZcx
+9CZVPaOA6v8zFP+EL/BZyT864vLmuNqgDFdHgbE4qmEogzsj0h+tHVSOuoEqHwID
+AQABoAAwDQYJKoZIhvcNAQELBQADgYEATUDAzxgMMyWsg4L/hKWkPxDGD5Zvvsra
+MI8vpKQMiY2eXBkz7idykF3CXstwTC8mv5GVYvv7m2CZ1Y/ILjJg9F/kPAzpujt6
+jWHCnr83S5E7he0ityB40kwMKjvtdGuHAoDHpLN4BpC+zomiqeNT1N1p5IfS0h0f
+mN/brLtdcoE=
+-----END CERTIFICATE REQUEST-----
diff --git a/conFusion-Express/bin/certificate.pem b/conFusion-Express/bin/certificate.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICATCCAWoCCQCyUYUjwF62OTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE3MDUyNjIyMDEzNFoXDTE3MDYyNTIyMDEzNFowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAp3XF
+iJxG+1uAKIQFQ/INX7FhTBBVvE76bSD7M1knJ2vrDisyIt2+DzDekg/aLzGf1Mz/
+wPCe+kasfgv4hFnt1MnjzbfNTjVPtpPCgTrgzKmXMfQmVT2jgOr/MxT/hC/wWck/
+OuLy5rjaoAxXR4GxOKphKIM7I9IfrR1UjrqBKh8CAwEAATANBgkqhkiG9w0BAQsF
+AAOBgQCFcdvfFQbQ5jWzuh8WDEXqH1geLjfuW6eH9jDU12jZXKdw9IaBxoP4xmhW
+55r1PXA3YmrF++nwFAopYNOOzeVpSg+7J89+K/mfjY8J+iTCq+tH2Pdkyo4CUAqz
+c9CmvQDD1WOtzzukFcT/+SficM92/MazHjbdAFxPT7IaViNSPQ==
+-----END CERTIFICATE-----
diff --git a/conFusion-Express/bin/private.key b/conFusion-Express/bin/private.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCndcWInEb7W4AohAVD8g1fsWFMEFW8TvptIPszWScna+sOKzIi
+3b4PMN6SD9ovMZ/UzP/A8J76Rqx+C/iEWe3UyePNt81ONU+2k8KBOuDMqZcx9CZV
+PaOA6v8zFP+EL/BZyT864vLmuNqgDFdHgbE4qmEogzsj0h+tHVSOuoEqHwIDAQAB
+AoGAXSuSdtp0R792A5TIlTAkLryzJK3l9bp/bJ4wBTayKSXLBvwTjgCPkUYgX2XA
+gAd9JNnV5hQ6b4dIy2x/naunPZl8UtJjO2boCGcE0vsot+CXjtaUHn7xiXPtCXIh
+KM11Wl8B8M1CvaPauXa6phllii+1Iz/0Qt0sxPHVE991qjECQQDWAM5tZXKhVruH
+cdu6CS7kiuf6tJiktvXfFWjrnkDbQ9X+9xIBSHls/2DwmU/tS5EYfVuNL2RTKqHf
+2RwmHMMXAkEAyFK11Xk/8In6uYuHszYxhUZegJaYcJFwMhiUsJ/q0KOrdla8eowV
+a2thsl2oIb4gdaZcnQZ/a8A2IEhRKfBWOQJBAJYH9rDnYJgP8GUiw8MHUSLU55Hy
+Ltm7k2CU5/vX9OxEALFBkhPoNYje+Z10Pn7EbbLXn+m5ggJ0bww6b+ugWn0CQAj7
+xJHFNTvZRDgr7LL5vDDI3hYQKtfpfcmRVqGxGjuvC1JsQ1mPjKpbj28LSi3xM81y
+33ZfQzmWzhaWh6VE1OkCQCRfDP0fq+ibANvUttPp7Comgd5iwp6vU71vzisLiiAR
+SlpGblsypTIaxp/7PjplS/z2OdjXHqnAP83JWIfYYm4=
+-----END RSA PRIVATE KEY-----
diff --git a/conFusion-Express/bin/www b/conFusion-Express/bin/www
@@ -7,13 +7,16 @@
 var app = require('../app');
 var debug = require('debug')('confusion-express:server');
 var http = require('http');
+var https = require('https');
+var fs = require('fs');
 
 /**
  * Get port from environment and store in Express.
  */
 
 var port = normalizePort(process.env.PORT || '3000');
 app.set('port', port);
+app.set('secPort', port + 443);
 
 /**
  * Create HTTP server.
@@ -29,62 +32,83 @@ server.listen(port);
 server.on('error', onError);
 server.on('listening', onListening);
 
+/**
+ * Create HTTPS server.
+ */
+var options = {
+    key: fs.readFileSync(__dirname + '/private.key'),
+    cert: fs.readFileSync(__dirname + '/certificate.pem')
+};
+
+var secureServer = https.createServer(options, app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+secureServer.listen(app.get('secPort'), function () {
+    console.log('Server listening on port ', app.get('secPort'));
+});
+secureServer.on('error', onError);
+secureServer.on('listening', onListening);
+
+
 /**
  * Normalize a port into a number, string, or false.
  */
 
 function normalizePort(val) {
-  var port = parseInt(val, 10);
+    var port = parseInt(val, 10);
 
-  if (isNaN(port)) {
-    // named pipe
-    return val;
-  }
+    if (isNaN(port)) {
+        // named pipe
+        return val;
+    }
 
-  if (port >= 0) {
-    // port number
-    return port;
-  }
+    if (port >= 0) {
+        // port number
+        return port;
+    }
 
-  return false;
+    return false;
 }
 
 /**
  * Event listener for HTTP server "error" event.
  */
 
 function onError(error) {
-  if (error.syscall !== 'listen') {
-    throw error;
-  }
-
-  var bind = typeof port === 'string'
-    ? 'Pipe ' + port
-    : 'Port ' + port;
-
-  // handle specific listen errors with friendly messages
-  switch (error.code) {
-    case 'EACCES':
-      console.error(bind + ' requires elevated privileges');
-      process.exit(1);
-      break;
-    case 'EADDRINUSE':
-      console.error(bind + ' is already in use');
-      process.exit(1);
-      break;
-    default:
-      throw error;
-  }
+    if (error.syscall !== 'listen') {
+        throw error;
+    }
+
+    var bind = typeof port === 'string'
+        ? 'Pipe ' + port
+        : 'Port ' + port;
+
+    // handle specific listen errors with friendly messages
+    switch (error.code) {
+        case 'EACCES':
+            console.error(bind + ' requires elevated privileges');
+            process.exit(1);
+            break;
+        case 'EADDRINUSE':
+            console.error(bind + ' is already in use');
+            process.exit(1);
+            break;
+        default:
+            throw error;
+    }
 }
 
 /**
  * Event listener for HTTP server "listening" event.
  */
 
 function onListening() {
-  var addr = server.address();
-  var bind = typeof addr === 'string'
-    ? 'pipe ' + addr
-    : 'port ' + addr.port;
-  debug('Listening on ' + bind);
+    var addr = server.address();
+    var bind = typeof addr === 'string'
+        ? 'pipe ' + addr
+        : 'port ' + addr.port;
+    debug('Listening on ' + bind);
 }
diff --git a/conFusion-Express/npm-debug.log b/conFusion-Express/npm-debug.log
diff --git a/conFusion-Express/routes/dishRouter.js b/conFusion-Express/routes/dishRouter.js
@@ -9,7 +9,7 @@ var dishRouter = express.Router();
 dishRouter.use(bodyParser.json());
 
 dishRouter.route('/')
-    .all(Verify.verifyOrdinaryUser)
+    .all()
 
     .get(function (req, res, next) {
         Dishes.find({})