What is the best way to do this?
I'd like to redirect all requests from www.mysite.com to mysite.com
*.mysite.com to mysite.com would be ideal
I would think some type of middleware. I still hate this, because it seems so inelegant and slightly wasteful, but I think my only option is to do this server-side.
Since Express 3 doesn't use its own HTTP server (instead you pass your app to http.createServer), it doesn't know what port it's running on unless you tell it. That said, you can do basically what you want to do with the following:
app.use(function(request, response, next) {
var newHost = request.host.replace(/^www\./, '');
if (request.host != newHost) {
// 301 is a "Moved Permanently" redirect.
response.redirect(301, request.protocol + "://" + newHost + request.url);
} else {
next();
}
});
You could export this in a module and wrap it in a generator that takes a port:
// no_www.js
module.exports = function(port) {
app.use(function(request, response, next) {
var newHost = request.host.replace(/^www\./, '');
if (request.host != newHost) {
var portStr = '';
if (request.protocol == 'http' && port != 80) portStr = ':' + port;
if (request.protocol == 'https' && port != 443) portSt r= ':' + port;
// 301 is a "Moved Permanently" redirect.
response.redirect(301, request.protocol + "://" + newHost + portStr + request.url);
} else {
next();
}
});
}
// app.js
var noWww = require('./no_www');
var app = express();
app.configure("development", function() {
app.set("port", 3000);
});
...
app.use(noWww(app.get('port')));
Related
how can i display the request.url into the console.log to see, which url someone called?
So i want to see into console for each call a line with the url.
Sorry, i'm a very beginner with node.js ;-)
Thanks for help.
//Lets require/import the HTTP module
var http = require('http');
//Lets define a port we want to listen to
const PORT=8083;
//We need a function which handles requests and send response
function handleRequest(request, response){
response.end('It Works!! Path Hit: ' + request.url);
}
//Create a server
var server = http.createServer(handleRequest);
//Lets start our server
server.listen(PORT, function(){
//Callback triggered when server is successfully listening. Hurray!
console.log("Server listening on: http://localhost:%s", PORT);
console.log("URL:%s");
});
If you are using express you can setup a custom middleware, that gets called for every request.
// logging middleware
var num = 0;
app.use(function (req, res, next) {
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
var method = req.method;
var url = req.url;
console.log((++num) + ". IP " + ip + " " + method + " " + url);
next();
});
But you can do the same with your http module server :)
Currently I make my node.js project create both http and https server.
var httpServer = http.createServer(app);
httpServer.listen(3000);
var httpsOptions = {
ca: fs.readFileSync(config.https.ssl.ca, 'utf8'),
key: fs.readFileSync(config.https.ssl.key, 'utf8'),
cert: fs.readFileSync(config.https.ssl.cert, 'utf8')
};
var httpsServer = https.createServer(httpsOptions, app);
httpsServer.listen(8000);
Also I used this middleware to redirect all http traffic to https.
app.all('*', function(req, res, next){
var host = req.header("host");
if (host && host.indexOf('localhost') !== -1) {
next()
} else if (req.connection.encrypted) {
next();
} else {
res.redirect('https://' + host + req.url);
}
});
But for some pages I do not need https connections, say http://www.domain.com/shops/ route. Can I make this route use http method and all other routes use https still?
p.s: this page request resources from other routes like bower_components, public, ... etc.
You can find request path as follows, which might help you to redirect your request accordingly.
var url_parts = url.parse(req.url);
console.log(url_parts);
console.log(url_parts.pathname);
I'm trying to create an HTTP/S MitM forwarding proxy using Node.js.
The way I'm tackling this project is by reusing the solution found in ./lib/proxy.js file of the NPM Proxy Cache project created by #runk after he raised the issue on the Node HTTP Proxy project issue tracker.
My Proxy() class looks like this:
var request = require('request')
, https = require('https')
, http = require('http')
, net = require('net')
, url = require('url')
, os = require('os')
, fs = require('fs');
var SOCKET_PATH = os.tmpdir() + 'mitm.sock';
console.log('[SOCKET PATH] ' + SOCKET_PATH);
function Proxy (config) {
config = config || {};
if(fs.existsSync(SOCKET_PATH)) {
fs.unlinkSync(SOCKET_PATH);
}
var options = {
key: fs.readFileSync('./certs/dummy.key', 'utf8'),
cert: fs.readFileSync('./certs/dummy.crt', 'utf8')
};
// HTTPS Server
https.createServer(options, this.handler).listen(config.port + 1, this.hostname, function (e) {
if(e) {
console.log('[HTTPS] Server listen() error !');
throw e;
}
});
// HTTP Server
var server = http.createServer(this.handler);
server.listen(config.port, this.hostname, function (e) {
if(e) {
console.log('[HTTP] Server listen() error !');
throw e;
}
});
// Intercept CONNECT requests for HTTPS handshake
server.addListener('connect', this.httpsHandler);
}
Proxy.prototype.handler = function (req, res) {
var schema = !!req.client.pair ? 'https' : 'http'
, path = url.parse(req.url).path;
var dest = schema + '://' + req.headers['host'] + path;
console.log('(1) - [' + schema.toUpperCase() + '] ' + req.method + ' ' + req.url);
var params = {
rejectUnauthorized: false,
url: dest
};
if(req.method.toUpperCase() !== 'GET') {
return console.log('[HTTP] Request is not HTTP GET.');
}
var onResponse = function (e, response) {
if(e == null && response.statusCode === 200) {
return r.pipe(res);
}
var body = 'Status ' + response.statusCode + ' returned';
if(e) {
body = e.toString();
}
res.end(body);
};
var r = request(params);
r.on('response', onResponse.bind(null, null));
r.on('error', onResponse.bind(null));
};
Proxy.prototype.httpsHandler = function (request, socketRequest, bodyHead) {
var httpVersion = request['httpVersion']
, url = request['url'];
console.log('(2) - [HTTPS] ' + request['method'] + ' ' + request['url']);
var proxySocket = new net.Socket();
// ProxySocket event handlers
proxySocket.connect(SOCKET_PATH, function () {
proxySocket.write(bodyHead);
proxySocket.write('HTTP/' + httpVersion + ' 200 Connection established\r\n\r\n');
});
proxySocket.on('data', function (chunk) {
console.log('ProxySocket - "data"');
socketRequest.write(chunk);
});
proxySocket.on('end', function () {
console.log('ProxySocket - "end"');
socketRequest.end();
});
proxySocket.on('error', function (e) {
console.log('ProxySocket - "error"');
console.log(e);
console.log(e.stack);
socketRequest.write('HTTP/' + httpVersion + ' 500 Connection error\r\n\r\n');
socketRequest.end();
});
// SocketRequest event handlers
socketRequest.on('data', function (chunk) {
console.log('SocketRequest - "data"');
proxySocket.write(chunk);
});
socketRequest.on('end', function () {
console.log('SocketRequest - "end"');
proxySocket.end();
});
socketRequest.on('error', function (e) {
console.log('socketRequest - "error"');
console.log(e);
console.log(e.stack);
proxySocket.end();
});
};
module.exports = Proxy;
And my Index.js file that start my program looks like this:
var Proxy = require('./lib/proxy');
var proxy = new Proxy({
hostname: '127.0.0.1',
port: 8000
});
Here's my directory / file structure this:
/my_project
/certs
dummy.crt // Copied from the NPM Proxy Cache project
dummy.csr // Copied from the NPM Proxy Cache project
dummy.key // Copied from the NPM Proxy Cache project
/lib
proxy.js
index.js
I'm testing my program by setting (in Mac OSX Maverick) an HTTP and HTTPS proxy as IP address 127.0.0.1 and port 8000.
When browsing an HTTP only website everything works fine, but if I browse an HTTPS website I get the following error:
{[Error: connect ENOENT] code: 'ENOENT', errno: 'ENOENT', syscall: 'connect'}
Error: connect ENOENT
at errnoException (net.js:904:11)
at Object.afterConnect [as oncomplete] (net.js:895:19)
Any ideas from where this issue could come from and how to fix this ?
Thank you very much in advance !
(If you want to test my code, the NPM module request is the only dependency needed to run the code.)
EDIT: The certs can be downloaded from here : https://github.com/runk/npm-proxy-cache/tree/master/cert.
I'm an author of npm-proxy-cache. In fact I've created another project called thin https://www.npmjs.org/package/thin and I hope in future the npm proxy cache thing will utilize it. Despite the fact that it's still very rough it's usable and it does what you need.
E.g.
proxy code
var Thin = require('thin')
var proxy = new Thin;
// `req` and `res` params are `http.ClientRequest` and `http.ServerResponse` accordingly
// be sure to check http://nodejs.org/api/http.html for more details
proxy.use(function(req, res, next) {
console.log('Proxying:', req.url);
next();
});
// you can add different layers of "middleware" similar to "connect",
// but with few exclusions
proxy.use(function(req, res, next) {
if (req.url === '/foobar')
return res.end('intercepted');
next();
});
proxy.listen(8081, 'localhost', function(err) {
// .. error handling code ..
});
server code
var express = require('express'); // v3.4
var app = express();
app.use(express.urlencoded({limit: '10mb'}));
app.get('/test', function(req, res){
console.log(req.protocol, 'get req.query', req.query);
res.end('get: hello world');
});
app.post('/test', function(req, res) {
console.log(req.protocol, 'post req.query', req.query);
console.log(req.protocol, 'post req.body', req.body);
res.end('post: hello world');
});
app.listen(3000);
var fs = require('fs');
var https = require('https');
https.createServer({
key: fs.readFileSync('./cert/dummy.key'), // your mitm server keys
cert: fs.readFileSync('./cert/dummy.crt')
}, app).listen(3001);
You need to start proxy and server in two terminal sessions, then
curl -d "foo=baz" -k -x https://localhost:8081 https://localhost:3001/test?foo=bar
curl -d "foo=baz" -x http://localhost:8081 http://localhost:3000/test?foo=bar
After that you should be able to see following output from the server
https post req.query { foo: 'bar' }
https post req.body { foo: 'baz' }
http post req.query { foo: 'bar' }
http post req.body { foo: 'baz' }
Small example for interceptor
curl -d "foo=baz" -k -x https://localhost:8081 https://localhost:3001/foobar
It should return intercepted
Hope that helps :)
I got a game working with socket.io. It's working fine when playing locally and via my IP address (not LAN but real IP) when connecting via my own computer.
However, when I give my IP and port to someone else, the index HTML page is loaded all fine but the socket.io 'connection' doesn't work.
It displays the error on line 1659 of socket.io.js.
Socket.prototype.handshake = function (fn) {
var self = this
, options = this.options;
function complete (data) {
if (data instanceof Error) {
self.connecting = false;
self.onError(data.message);
} else {
fn.apply(null, data.split(':'));
}
};
var url = [
'http' + (options.secure ? 's' : '') + ':/'
, options.host + ':' + options.port
, options.resource
, io.protocol
, io.util.query(this.options.query, 't=' + +new Date)
].join('/');
if (this.isXDomain() && !io.util.ua.hasCORS) {
var insertAt = document.getElementsByTagName('script')[0]
, script = document.createElement('script');
script.src = url + '&jsonp=' + io.j.length;
insertAt.parentNode.insertBefore(script, insertAt);
io.j.push(function (data) {
complete(data);
script.parentNode.removeChild(script);
});
} else {
var xhr = io.util.request();
xhr.open('GET', url, true);
if (this.isXDomain()) {
xhr.withCredentials = true;
}
xhr.onreadystatechange = function () {
if (xhr.readyState == 4) {
xhr.onreadystatechange = empty;
if (xhr.status == 200) {
complete(xhr.responseText);
} else if (xhr.status == 403) {
self.onError(xhr.responseText);
} else {
self.connecting = false;
!self.reconnecting && self.onError(xhr.responseText);
}
}
};
xhr.send(null); //This is the line 1659.
}
};
Note: All the files are inside a folder on C: drive, not under a User.
Is the problem related to security access? Or something else?
Code for Server + Client
//Server
express = require('express');
http = require('http');
app = express();
server = http.createServer(app);
io = require('socket.io').listen(server);
app.use(express.static(__dirname + '/public'));
server.listen(3000);
app.get('/', function (req, res) { res.sendfile(__dirname + '/index.html'); });
//Client
<script src="/socket.io/socket.io.js"></script>
<script>var socket = io.connect('http://192.168.1.161:3000');</script>
Router Configuration
http://puu.sh/3ACGz.png
Make sure that your port (for socket.io) is forwarded by your router. And you are using public IP (static).
As well you should remember that most browsers will not allow to connect via WebSockets to another address/port from the page. For security reasons, your IP/Domain and Port should be the same as your IP/Domain and Port you server html and js from.
I have an app which is quite normal Express app - simple server logic, views, lots of client-side JS.
I have to do many AJAX requests. Some of them need to be secured by HTTPS protocol (some needn't).
So, my server should work with both HTTP and HTTPS.
It should also work o both the local machine (ran with nodemon normally) and on Heroku.
As far as I understood, Heroku gives you a single port (process.env.PORT) you can listen to, and handles all requests through the proxy (so, you app is listening to this port and not bothering about the proto - right?)
So, am I getting this right - I should have some different code for dev machine and Heroku?
Like
...
app = express()
...
if process.env.NODE_ENV == 'production'
app.listen(process.env.PORT)
else
https = require('https')
http = require('http')
http.createServer(app).listen(5080) # some local port
options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem') # my self-signed files
}
https.createServer(options, app).listen(5443) # some different local port
Is it the proper way to deal with this?
For the Coffeescript-challenges, here is a version of Guard's answer converted to Javascript. I took a different approach to splitting up the if else statements.
var express = require('express');
var http = require('http');
var https = require('https');
var fs = require('fs');
var privateKey = fs.readFileSync('./config/localhost.key').toString();
var certificate = fs.readFileSync('./config/localhost.crt').toString();
var options = {
key : privateKey
, cert : certificate
}
var app = express();
// Start server.
var port = process.env.PORT || 3000; // Used by Heroku and http on localhost
process.env['PORT'] = process.env.PORT || 4000; // Used by https on localhost
http.createServer(app).listen(port, function () {
console.log("Express server listening on port %d in %s mode", this.address().port, app.settings.env);
});
// Run separate https server if on localhost
if (process.env.NODE_ENV != 'production') {
https.createServer(options, app).listen(process.env.PORT, function () {
console.log("Express server listening with https on port %d in %s mode", this.address().port, app.settings.env);
});
};
if (process.env.NODE_ENV == 'production') {
app.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=8640000; includeSubDomains');
if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] === "http") {
return res.redirect(301, 'https://' + req.host + req.url);
} else {
return next();
}
});
} else {
app.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=8640000; includeSubDomains');
if (!req.secure) {
return res.redirect(301, 'https://' + req.host + ":" + process.env.PORT + req.url);
} else {
return next();
}
});
};
Well, community looks quite dead these days (hope I'm wrong)
The answer is:
a) yes, this is the way to deal with it
b) the way to check if you are in secure mode or not depends on the environment as well:
if process.env.NODE_ENV == 'production'
is_secure = (req) ->
req.headers['x-forwarded-proto'] == 'https'
else
is_secure = (req) -> req.secure
ADD
If you wish to force HTTPS:
redirect_to_https = (req, res, next) ->
if not is_secure(req)
res.redirect config.SECURE_DOMAIN + req.url
else
next()
app
.use(redirect_to_https)
You can use app.enable('trust proxy'), then req.secure boolean (http/https) works also on Heroku, or behind any compatible SSL Termination proxy.