diff --git a/bin/lamassu-server b/bin/lamassu-server new file mode 100755 index 00000000..3ad549ba --- /dev/null +++ b/bin/lamassu-server @@ -0,0 +1,26 @@ +#!/usr/bin/env node +var createServer = require('../lib/app.js'); +var argv = require('optimist').argv; + +var options = { + postgres: process.env.DATABASE_URL +}; + +var port = process.env.PORT || 3000; + +if (!argv.http) { + if (!argv.key || !argv.cert) { + console.error('--key and --cert are required'); + process.exit(1); + } + + options.https = { + key: fs.readFileSync(argv.key), + cert: fs.readFileSync(argv.cert) + }; +} + +var server = createServer(options); +server.listen(port, function () { + console.log('lamassu-server listening on port ' + port + ' ' + argv.http ? '(http)' : '(https)'); +}); diff --git a/lib/app.js b/lib/app.js index 0be5541f..ad6dc169 100755 --- a/lib/app.js +++ b/lib/app.js @@ -21,62 +21,64 @@ var http = require('http'); var https = require('https'); var path = require('path'); var express = require('express'); -var argv = require('optimist').argv; -var app = express(); var fs = require('fs'); var LamassuConfig = require('lamassu-config'); var routes = require('./routes'); -var conString, dbConfig, config; +module.exports = function (options) { + var connectionString = options.postgres; + var app = express(); + var server; + var config; -conString = process.env.DATABASE_URL || 'postgres://lamassu:lamassu@localhost/lamassu'; + connectionString = connectionString || + 'postgres://lamassu:lamassu@localhost/lamassu'; -config = new LamassuConfig(conString); + config = new LamassuConfig(connectionString); -var port = process.env.PORT || 3000; -app.use(express.logger()); -app.use(express.favicon()); -app.use(express.bodyParser()); -app.use(express.methodOverride()); + app.use(express.logger()); + app.use(express.favicon()); + app.use(express.bodyParser()); + app.use(express.methodOverride()); -config.load(function(err, conf) { - if (err) { console.log(err); process.exit(1); } - - var authMiddleware = function (req, res, next) { return next(); }; - - if (argv.http) { - http.createServer(app).listen(port, function () { - console.log('Express server listening on port ' + port + ' (http)'); - }); + if (!options.https) { + server = http.createServer(app); } else { - authMiddleware = function(req, res, next) { - var fingerprint = req.connection.getPeerCertificate().fingerprint; - var e = new Error('Unauthorized'); - e.status = 401; - - config.isAuthorized(fingerprint, function (err, device) { - if (err) { return next(e); } - if (!device) { return next(e); } - req.device = device; - next(); - }); - }; - - var options = { - key: fs.readFileSync(argv.key), - cert: fs.readFileSync(argv.cert), + var serverOptions = { + key: options.https.key, + cert: options.https.cert, requestCert: true, secureProtocol: 'TLSv1_method', ciphers: 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH', honorCipherOrder: true }; - https.createServer(options, app).listen(port, function () { - console.log('Express server listening on port ' + port + ' (https)'); - }); + server = https.createServer(options, app); } - routes.init(app, conf, config, authMiddleware); + config.load(function(err, conf) { + if (err) { console.log(err); process.exit(1); } -}); + var authMiddleware = function (req, res, next) { return next(); }; + + if (options.https) { + authMiddleware = function(req, res, next) { + var fingerprint = req.connection.getPeerCertificate().fingerprint; + var e = new Error('Unauthorized'); + e.status = 401; + + config.isAuthorized(fingerprint, function (err, device) { + if (err) { return next(e); } + if (!device) { return next(e); } + req.device = device; + next(); + }); + }; + } + + routes.init(app, conf, config, authMiddleware); + }); + + return server; +};