1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Rework the https refresh logic

- puts the node version check first
 - validates the refresh interval and keeps it in valid range
 - simplifies the error messages
 - uses parseFloat not parseInt so we can use fractions of hour
This commit is contained in:
Nick O'Leary 2020-05-29 16:50:53 +01:00
parent 40101df6ec
commit bb41ab482c
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 46 additions and 43 deletions

View File

@ -49,13 +49,11 @@
"headless-mode": "Running in headless mode", "headless-mode": "Running in headless mode",
"httpadminauth-deprecated": "use of httpAdminAuth is deprecated. Use adminAuth instead", "httpadminauth-deprecated": "use of httpAdminAuth is deprecated. Use adminAuth instead",
"https": { "https": {
"missing-fields": "Cannot refresh the https settings when the https property function doesn't return a 'key' and 'cert'", "refresh-interval": "Refreshing https settings every __interval__ hours",
"settings-refreshed": "The https settings have been refreshed", "settings-refreshed": "Server https settings have been refreshed",
"apply-failed": "Failed to apply the refreshed https settings: __message__", "refresh-failed": "Failed to refresh https settings: __message__",
"get-failed": "Failed to get the refreshed https settings: __message__", "nodejs-version": "httpsRefreshInterval requires Node.js 11 or later",
"refresh-interval": "Refreshing https settings every __interval__ seconds", "function-required": "httpsRefreshInterval requires https property to be a function"
"nodejs-version": "Cannot refresh the https settings automatically, because NodeJs version 11 or above is required",
"function-required": "Cannot refresh the https settings automatically (at httpsRefreshInterval), because the https property needs to be a function"
} }
}, },

View File

@ -156,40 +156,40 @@ httpsPromise.then(function(startupHttps) {
if (startupHttps) { if (startupHttps) {
server = https.createServer(startupHttps,function(req,res) {app(req,res);}); server = https.createServer(startupHttps,function(req,res) {app(req,res);});
// Refresh https settings at intervals for NodeJs version 11 and above
if (settings.httpsRefreshInterval) { if (settings.httpsRefreshInterval) {
if (typeof settings.https === "function") { var httpsRefreshInterval = parseFloat(settings.httpsRefreshInterval)||12;
if (server.setSecureContext) { if (httpsRefreshInterval > 596) {
delayedLogItems.push({type:"info", id:"server.https.refresh-interval", params:{interval:parseInt(settings.httpsRefreshInterval)}}); // Max value based on (2^31-1)ms - the max that setInterval can accept
httpsRefreshInterval = 596;
}
// Check whether setSecureContext is available (Node.js 11+)
if (server.setSecureContext) {
// Check whether `http` is a callable function
if (typeof settings.https === "function") {
delayedLogItems.push({type:"info", id:"server.https.refresh-interval", params:{interval:httpsRefreshInterval}});
setInterval(function () { setInterval(function () {
try { try {
// Get the result of the function, because createServer doesn't accept functions as input // Get the result of the function, because createServer doesn't accept functions as input
var httpsPromise = Promise.resolve(settings.https()); Promise.resolve(settings.https()).then(function(refreshedHttps) {
if (refreshedHttps) {
httpsPromise.then(function(refreshedHttps) { // Only update the credentials in the server when key or cert has changed
// Use the refreshed https settings if(!server.key || !server.cert || !server.key.equals(refreshedHttps.key) || !server.cert.equals(refreshedHttps.cert)) {
if (!refreshedHttps.key || !refreshedHttps.cert) { server.setSecureContext(refreshedHttps);
RED.log.warn(RED.log._("server.https.missing-fields")); RED.log.info(RED.log._("server.https.settings-refreshed"));
return; }
}
// Only update the credentials in the server when key or cert has changed
if(!server.key || !server.cert || !server.key.equals(refreshedHttps.key) || !server.cert.equals(refreshedHttps.cert)) {
server.setSecureContext(refreshedHttps);
RED.log.info(RED.log._("server.https.settings-refreshed"));
} }
}).catch(function(err) { }).catch(function(err) {
RED.log.error(RED.log._("server.https.apply-failed",{message:err})); RED.log.error(RED.log._("server.https.refresh-failed",{message:err}));
}); });
} catch(err) { } catch(err) {
RED.log.error(RED.log._("server.https.get-failed",{message:err})); RED.log.error(RED.log._("server.https.refresh-failed",{message:err}));
} }
}, parseInt(settings.httpsRefreshInterval)*60*60*1000); }, httpsRefreshInterval*60*60*1000);
} else { } else {
delayedLogItems.push({type:"warn", id:"server.https.nodejs-version", params:{}}); delayedLogItems.push({type:"warn", id:"server.https.function-required"});
} }
} else { } else {
delayedLogItems.push({type:"warn", id:"server.https.function-required", params:{}}); delayedLogItems.push({type:"warn", id:"server.https.nodejs-version"});
} }
} }
} else { } else {
@ -363,7 +363,7 @@ httpsPromise.then(function(startupHttps) {
// Log all the delayed messages, since they can be translated at this point // Log all the delayed messages, since they can be translated at this point
delayedLogItems.forEach(function (delayedLogItem, index) { delayedLogItems.forEach(function (delayedLogItem, index) {
RED.log[delayedLogItem.type](RED.log._(delayedLogItem.id, delayedLogItem.params)); RED.log[delayedLogItem.type](RED.log._(delayedLogItem.id, delayedLogItem.params||{}));
}); });
server.listen(settings.uiPort,settings.uiHost,function() { server.listen(settings.uiPort,settings.uiHost,function() {

View File

@ -140,19 +140,21 @@ module.exports = {
// See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener // See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
// for details on its contents. // for details on its contents.
// See the comment at the top of this file on how to load the `fs` module used by this setting. // See the comment at the top of this file on how to load the `fs` module used by this setting.
// This property can be an object, containing both a (private) key and a (public) certificate: // This property can be either an object, containing both a (private) key and a (public) certificate,
// or a function that returns such an object:
//// https object:
//https: { //https: {
// key: fs.readFileSync('privkey.pem'), // key: fs.readFileSync('privkey.pem'),
// cert: fs.readFileSync('cert.pem') // cert: fs.readFileSync('cert.pem')
//}, //},
// This property can also be a function (e.g. to automatic refresh the https settings synchronously): ////https synchronous function:
//https: function() { //https: function() {
// return { // return {
// key: fs.readFileSync('privkey.pem'), // key: fs.readFileSync('privkey.pem'),
// cert: fs.readFileSync('cert.pem') // cert: fs.readFileSync('cert.pem')
// } // }
//}, //},
// This property can also be a promise (e.g. to automatic refresh the https settings asynchronously): //// https asynchronous function:
//https: function() { //https: function() {
// return Promise.resolve({ // return Promise.resolve({
// key: fs.readFileSync('privkey.pem'), // key: fs.readFileSync('privkey.pem'),
@ -160,9 +162,12 @@ module.exports = {
// }); // });
//}, //},
// The following property can be used to refresh the https settings at regular time intervals (hours). // The following property can be used to refresh the https settings at a
// Prerequisite: the 'https' property should be enabled (based on a function)! // regular time interval in hours.
// Caution: NodeJs version 11 or above is required to use this option! // This requires:
// - the `https` setting to be a function that can be called to get
// the refreshed settings.
// - Node.js 11 or later.
//httpsRefreshInterval : 12, //httpsRefreshInterval : 12,
// The following property can be used to cause insecure HTTP connections to // The following property can be used to cause insecure HTTP connections to