javascript Express (node.js) 使用 HTTPS 和 HTTP
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18250134/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Express (node.js) using HTTPS and HTTP
提问by George Reith
I am using the express (3.0) framework on node.js to route my application.
我在 node.js 上使用 express (3.0) 框架来路由我的应用程序。
Most of my application uses the httpprotocol however there is one specific route I want to serve via httpsonly. This is the part of my API which is responsible for registering and authenticating users.
我的大多数应用程序都使用该http协议,但是我只想通过一个特定的路由来提供服务https。这是我的 API 的一部分,负责注册和验证用户。
for example:
例如:
app.get('/connect', function(req, res){
// Must be on HTTPS, if not redirect to HTTPS
});
app.post('/connect', function(req, res){
// Must be on HTTPS
});
app.get('/', function(req, res){
// Must be on HTTP
});
app.get('/build', function(req, res){
// Must be on HTTP
});
How does one facilitate using both within the same application? I am struggling to find any examples of this in the wild.
如何促进在同一应用程序中使用两者?我正在努力在野外找到任何这样的例子。
回答by josh3736
Simply pass your app(which is really a request handler function) to the createServerof httpand https.
只需将您的app(这实际上是一个请求处理程序函数)传递给createServerofhttp和https。
var express = require('express')
, http = require('http')
, https = require('https')
, app = express();
http.createServer(app);
https.createServer({ ... }, app);
Both HTTP and HTTPS requests get routed through the same Express app. In a route handler, to check whether a request was made over https, use req.secure.
HTTP 和 HTTPS 请求都通过同一个 Express 应用程序路由。在路由处理程序中,要检查请求是否是通过 https 发出的,请使用req.secure.
app.get('/route', function(req, res) {
if (req.secure) {
...
} else {
res.redirect(301, 'https://example.com/route');
}
});
As a side note, modern wisdom considers mixed http/https sites insecure. You may protect the user's password by requiring them to log in over SSL, but then switching back to http for subsequent requests makes it trivialfor an attacker to steal a user's login cookie.
作为旁注,现代智慧认为混合 http/https 站点是不安全的。您可以通过要求用户通过 SSL 登录来保护用户的密码,但随后切换回 http 以进行后续请求会使攻击者窃取用户的登录 cookie变得微不足道。
Consider making allrequests by logged-in users over SSL.
考虑由登录用户通过 SSL发出所有请求。
回答by Chandu
Try this approach.Create two express request handlers(app_http and app_https).
试试这个方法。创建两个快速请求处理程序(app_http 和 app_https)。
Pass app_http as request handler while creating http server(http.createServer(app_http)).
在创建 http 服务器 (http.createServer(app_http)) 时将 app_http 作为请求处理程序传递。
Pass app_https as request handler while createing https server (https.createServer(options,app_https)).
在创建 https 服务器 (https.createServer(options,app_https)) 时将 app_https 作为请求处理程序传递。
var express = require('express'),
http = require('http'),
https = require('https');
var app_http = express(); // this one to handle http request
var app_https = express(); // this to handle httpS requests.
app_https.get('/connect', function(req, res){
// Must be on HTTPS, if not redirect to HTTPS
});
app_https.post('/connect', function(req, res){
// Must be on HTTPS
});
app_http.get('/', function(req, res){
// Must be on HTTP
});
app_http.get('/build', function(req, res){
// Must be on HTTP
});
//call here http.createServer & https.createServer with needed details.
回答by Indio Takanga
const express = require('express');
const app = express();
const fs = require('fs');
const options = {
key:fs.readFileSync('./ssl/privkey.pem'),
cert:fs.readFileSync('./ssl/allchange.pem')
};
const https = require('https').createServer(options,app);
const http = require('http').createServer(app);
app.get('/',(req,res) => {
(req.protocol == 'http') ? res.redirect('https://www.pkred.com/') : // code
// More code
// End code ;
}
app.get('/:id',(req,res) => {
(req.protocol == 'http') ? res.redirect(`https://www.pkred.com/${req.params.id}`) : // code
// More code
// End code ;
}
http.listen(8080,() => console.log('PORT :: 8080'));
https.listen(4433,() => console.log('PORT :: 4433'));
