lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5 from lamassu/tls-security

Browse source 
Client certificate authorization
This commit is contained in:
Maciej Małecki 2014-03-28 17:29:49 +07:00
commit 6926e7be90
2 changed files with 33 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

43
lib/app.js
View file

@ -51,20 +51,41 @@ app.use(express.session());
config.load(function(err, conf) { config.load(function(err, conf) {
if (err) { console.log(err); process.exit(1); } if (err) { console.log(err); process.exit(1); }
atm.init(app, conf.config);
if (argv.https) { var authMiddleware = function (req, res, next) { return next(); };
var testkeys = path.join(__dirname, '..', 'testkeys');
var privateKey = fs.readFileSync(path.join(testkeys, 'privatekey.pem')); if (argv.http) {
var certificate = fs.readFileSync(path.join(testkeys, 'certificate.pem'));
var credentials = {key: privateKey, cert: certificate};
https.createServer(credentials, app).listen(port, function () {
console.log('Express server listening on port ' + port + ' (https)');
});
}
else {
http.createServer(app).listen(port, function () { http.createServer(app).listen(port, function () {
console.log('Express server listening on port ' + port + ' (http)'); console.log('Express server listening on port ' + port + ' (http)');
}); });
} }
else {
authMiddleware = function(req, res, next) {
var fingerprint = req.connection.getPeerCertificate().fingerprint;
var e = new Error('Unauthorized');
e.status = 401;
config.isAuthorized(fingerprint, function (err, authorized) {
if (err) { return next(e); }
if (!authorized) { return next(e); }
next();
});
};
var options = {
key: fs.readFileSync(argv.key),
cert: fs.readFileSync(argv.cert),
requestCert: true,
secureProtocol: 'TLSv1_method',
ciphers: 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
honorCipherOrder: true
};
https.createServer(options, app).listen(port, function () {
console.log('Express server listening on port ' + port + ' (https)');
});
}
atm.init(app, conf.config, config, authMiddleware);
}); });

3
package.json
View file

@ -15,8 +15,7 @@
"express": "~3.4.7", "express": "~3.4.7",
"optimist": "~0.6.0", "optimist": "~0.6.0",
"lamassu-config": "~0.1.1", "lamassu-config": "~0.1.1",
"lamassu-atm-protocol": "~0.1.0", "lamassu-atm-protocol": "~0.1.0"
"client-certificate-auth": "git+https://github.com/mmalecki/client-certificate-auth.git#async-authorization"
}, },
"repository": { "repository": {
"type": "git", "type": "git",