0

I am trying too setup a login system on my website.

Heard that nodejs cookies are a good way to do that.

In the following links:
https://stackoverflow.com/a/21809393/322537
https://nodejs.org/dist/latest-v8.x/docs/api/https.html
I have found an example of how https servers are created. It is my understanding that the createServer function should run every time a client makes a request.

So I have the following in my code:

var server_https=modules.https.createServer({
    key: this.ssl_key,
    cert:this.ssl_cert
    },this.respond_to_client).listen(this.port);


mconnection.prototype.respond_to_client=function(request,response){
    console.log('responded to client');
    }

The server appear to run fine as the website is up and running. But the respond_to_client function appears to never run as nodejs's log file never indicates the 'responded to client' string.

How could that be? Could it have something to do with that I'm upgrading the https server to a websocket shortly later in the code?

The plan is to then make cookies to identify clients and then to setup a login system. But I'm stuck at this. /:

john-jones
  • 7,490
  • 18
  • 53
  • 86
  • 1
    Are you 100% sure that there is **no cookie** on the client side? – Take-Some-Bytes Aug 22 '20 at 19:00
  • im on firefox. i go f12, then storage tab. then press cookies and it says "no data present for selected host". – john-jones Aug 22 '20 at 19:12
  • https://openage.org/chat/14/index.html?page=index – john-jones Aug 22 '20 at 19:20
  • 1
    How can you say that the server is up and running if (looking at the code you pasted) your server never sends any response to the client? – Daniele Ricci Aug 24 '20 at 21:53
  • Sorry, I saw later your comment. Why did you posted the link to openage.org ? If it is the site where you are experiencing the reported problem I misunderstood the problem, please ignore my answer but moreover you need to share a more relevant part of your code: the root of the problem could be at any point from the start of your program to the piece of code you shared (more than depending on the ws upgrade) – Daniele Ricci Aug 24 '20 at 22:12
  • yebb, thats where im experiencing the problem. i have added a link to the server file and connection module. any help would be appreciated. – john-jones Aug 24 '20 at 22:27
  • i dont understand the question. i just made a copy of the actual scripts. – john-jones Aug 24 '20 at 23:55
  • i added the website url. – john-jones Aug 24 '20 at 23:55

1 Answers1

3

I have replicated your node scripts for local testing. I first got things running on http (vs https), and was able to get response just fine. However, upon moving to https, the request is never recieved by the server. The browser MUST first establish a secure connection before the actual request is sent.

I ran into a similar issue when trying to run multiple servers (https and ws) on the same port. What you have is very close, however your setup for https.createServer({options}, handler), needs adjustment.

Where you have:

var server_https= https.createServer({
        key: this.ssl_key,
        cert:this.ssl_cert
},respond_to_client).listen(this.port);

You need to also add an option for "ca":

var server_https= https.createServer({
        key: this.ssl_key,
        cert: this.ssl_cert,
        ca: this.ssl_ca,  // also add this
},respond_to_client).listen(this.port);

The value I have used for "ca" has been the contents of the file: intermediate.crt received from the certificate signing authority.

IMPORTANT

While it may be possible to get this working using a self signed certificate, I have never been able to do so as there is no signing authority.

So just like you have done for your other certificate files, you should also do this for the intermediate.crt file.

//Where you read your other cert files: add another.
this.ssl_ca = modules.fs.readFileSync(this.ssl_ca_pathfile);

I found this to be difficult and poorly documented. I am not an expert on SSL/TSL, however a quick search on intermediate certificate turn up:

An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a certificate chain that begins at the trusted root CA, through the intermediate and ending with the SSL certificate issued to you. Such certificates are called chained root certificates. Source

intermediate.crt will have the following structure:

-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----

Here is the response in the browser.

enter image description here

factorypolaris
  • 2,757
  • 12
  • 15
  • there is no intermetdiate.crt file in the certs folder. I have: cert.pem chain.pem fullchain.pem and privkey.pem. is it any one of them? – john-jones Aug 26 '20 at 10:56
  • I tried fullchain.pem in this manner. didnt seem to work. it only contained two certs though. – john-jones Aug 26 '20 at 11:37
  • 1
    Here is how I handle the response from letsencrypt and how I create the "ca". I take the contents of letsEncryptResp.cert + "\n" + LetsEncryptResponse.chain > ca_fullchain.pem. I basically merge those two together to create a new file that is used as the ca. I just tested this and confirmed its works using your code. – factorypolaris Aug 26 '20 at 13:07
  • but i dont have those files, letsEncryptResp.cert and letsEncryptRespnse.chain. I only have those four files stated in the first comment. Am I supposed to find those files somewhere? Which folder should it be in? – john-jones Aug 26 '20 at 17:52
  • 2
    I would try combining your cert.pem and chain.pem. Save a new copy as any name you like, then load that into "ca". Some additional things to try. Also, try opening the url where the http server (not ws) and check for SSL errors. You can also view the certificate and see exactly what is going on. What (if any) Response Status header is being sent back. Remember, restarting the node app is necessary with any change. Is there a firewall that is blocking the request? Are you including the port after the domain? These are all possible causes that may be blocking the request. – factorypolaris Aug 26 '20 at 18:12
  • The cookie now loads, just as long as I include the port number. – john-jones Aug 27 '20 at 09:05
  • 1. How can I get createServer to run without including the port number? – john-jones Aug 27 '20 at 09:08
  • 2. The createserver response now overwrites the html file on the client. How can I make it not do that? – john-jones Aug 27 '20 at 09:08
  • Asked here: https://stackoverflow.com/questions/63630950/https-createserver-load-cookie-and-load-clients-index-html – john-jones Aug 28 '20 at 09:20