Merge pull request #5 from lamassu/tls-security
Client certificate authorization
This commit is contained in:
Maciej Małecki
commit
6926e7be90
2 changed files with 33 additions and 13 deletions
43
lib/app.js
43
lib/app.js
|
|
@ -51,20 +51,41 @@ app.use(express.session());
|
|||
|
||||
config.load(function(err, conf) {
|
||||
if (err) { console.log(err); process.exit(1); }
|
||||
atm.init(app, conf.config);
|
||||
|
||||
if (argv.https) {
|
||||
var testkeys = path.join(__dirname, '..', 'testkeys');
|
||||
var privateKey = fs.readFileSync(path.join(testkeys, 'privatekey.pem'));
|
||||
var certificate = fs.readFileSync(path.join(testkeys, 'certificate.pem'));
|
||||
var credentials = {key: privateKey, cert: certificate};
|
||||
https.createServer(credentials, app).listen(port, function () {
|
||||
console.log('Express server listening on port ' + port + ' (https)');
|
||||
});
|
||||
}
|
||||
else {
|
||||
var authMiddleware = function (req, res, next) { return next(); };
|
||||
|
||||
if (argv.http) {
|
||||
http.createServer(app).listen(port, function () {
|
||||
console.log('Express server listening on port ' + port + ' (http)');
|
||||
});
|
||||
}
|
||||
else {
|
||||
authMiddleware = function(req, res, next) {
|
||||
var fingerprint = req.connection.getPeerCertificate().fingerprint;
|
||||
var e = new Error('Unauthorized');
|
||||
e.status = 401;
|
||||
|
||||
config.isAuthorized(fingerprint, function (err, authorized) {
|
||||
if (err) { return next(e); }
|
||||
if (!authorized) { return next(e); }
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
var options = {
|
||||
key: fs.readFileSync(argv.key),
|
||||
cert: fs.readFileSync(argv.cert),
|
||||
requestCert: true,
|
||||
secureProtocol: 'TLSv1_method',
|
||||
ciphers: 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
|
||||
honorCipherOrder: true
|
||||
};
|
||||
|
||||
https.createServer(options, app).listen(port, function () {
|
||||
console.log('Express server listening on port ' + port + ' (https)');
|
||||
});
|
||||
}
|
||||
|
||||
atm.init(app, conf.config, config, authMiddleware);
|
||||
|
||||
});
|
||||
|
|
|
|||
|
|
@ -15,8 +15,7 @@
|
|||
"express": "~3.4.7",
|
||||
"optimist": "~0.6.0",
|
||||
"lamassu-config": "~0.1.1",
|
||||
"lamassu-atm-protocol": "~0.1.0",
|
||||
"client-certificate-auth": "git+https://github.com/mmalecki/client-certificate-auth.git#async-authorization"
|
||||
"lamassu-atm-protocol": "~0.1.0"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue