Add support for HTTP Strict Transport Security.

author Jack Allnutt <m2ys4u@Gmail.com>

Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)

committer Jack Allnutt <m2ys4u@Gmail.com>

Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)
author Jack Allnutt <m2ys4u@Gmail.com>
Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)
committer Jack Allnutt <m2ys4u@Gmail.com>
Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)
diff --git a/server/app.js b/server/app.js

index eaf46339c87f39e8427185b06c74dba3e74931b8..fa08a42b9a6cb3977496570770f401134fb6625a 100755 (executable)
--- a/server/app.js
+++ b/server/app.js
@@ -553,10 +553,10 @@ this.rebindIRCCommands = function () {
  };
  
  
-this.httpHandler = function (request, response) {
-    var uri, uri_parts, subs, useragent, agent, server_set, server, nick, debug, touchscreen, hash,
+this.httpHandler = function (request, response, serverconf) {
+    var uri, uri_parts, subs, useragent, agent, server_set, serverconf, nick, debug, touchscreen, hash,
          min = {}, public_http_path, port, ssl, obj, args, ircuri, target, modifiers, query,
-        secure = (typeof request.client.encrypted === 'object');
+        secure = serverconf.secure || false;
  
      try {
          if (kiwi.config.handle_http) {
@@ -616,6 +616,9 @@ this.httpHandler = function (request, response) {
                  } else {
                      response.setHeader('Content-type', 'application/javascript');
                      response.setHeader('ETag', kiwi.cache.alljs_hash);
+                    if ((secure) && (serverconf.hsts)) {
+                        response.setHeader("Strict-Transport-Security", "max-age=604 800");
+                    }
                      response.write(kiwi.cache.alljs);
                  }
                  response.end();
@@ -700,6 +703,9 @@ this.httpHandler = function (request, response) {
                      } else {
                          response.setHeader('Etag', kiwi.cache.html[hash].hash);
                          response.setHeader('Content-type', 'text/html');
+                        if ((secure) && (serverconf.hsts)) {
+                            response.setHeader("Strict-Transport-Security", "max-age=604 800");
+                        }
                          response.write(kiwi.cache.html[hash].html);
                      }
                      response.end();
@@ -716,6 +722,9 @@ this.httpHandler = function (request, response) {
                                  } else {
                                      response.setHeader('Etag', hash2);
                                      response.setHeader('Content-type', 'text/html');
+                                    if ((secure) && (serverconf.hsts)) {
+                                        response.setHeader("Strict-Transport-Security", "max-age=604 800");
+                                    }
                                      response.write(html);
                                  }
                              } catch (e) {
@@ -768,13 +777,17 @@ this.websocketListen = function (servers, handler) {
                  opts.ca = fs.readFileSync(__dirname + '/' + server.ssl_ca);
              }
  
-            hs = https.createServer(opts, handler);
+            hs = https.createServer(opts, function (request, response) {
+                handler(request, response, server);
+            });
              kiwi.io.push(ws.listen(hs, {secure: true}));
              hs.listen(server.port, server.address);
              kiwi.log('Listening on ' + server.address + ':' + server.port.toString() + ' with SSL');
          } else {
              // Start some plain-text server up
-            hs = http.createServer(handler);
+            hs = http.createServer(function (request, response) {
+                handler(request, response, server);
+            });
              kiwi.io.push(ws.listen(hs, {secure: false}));
              hs.listen(server.port, server.address);
              kiwi.log('Listening on ' + server.address + ':' + server.port.toString() + ' without SSL');
diff --git a/server/config.json b/server/config.json

old mode 100644 (file)

new mode 100755 (executable)

index 75a38be..686a384
--- a/server/config.json
+++ b/server/config.json
@@ -2,6 +2,7 @@
      "servers":            [
                              {
                                  "secure":   true,
+                                "hsts": true,
                                  "port":   7777,
                                  "address": "0.0.0.0",
  
diff --git a/server/kiwi.js b/server/kiwi.js

old mode 100644 (file)

new mode 100755 (executable)

index 1afdb41..a4afaa2
--- a/server/kiwi.js
+++ b/server/kiwi.js
@@ -130,8 +130,8 @@ if (this.config.handle_http) {
      this.cache = {alljs: '', html: []};
  }
  this.httpServers = [];
-this.httpHandler = function (request, response) {
-    return app.httpHandler(request, response);
+this.httpHandler = function (request, response, server) {
+    return app.httpHandler(request, response, server);
  }
author	Jack Allnutt <m2ys4u@Gmail.com>
	Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)
committer	Jack Allnutt <m2ys4u@Gmail.com>
	Sun, 18 Mar 2012 20:57:43 +0000 (20:57 +0000)
server/app.js		patch \| blob \| blame \| history
server/config.json	[changed mode: 0644->0755]	patch \| blob \| blame \| history
server/kiwi.js	[changed mode: 0644->0755]	patch \| blob \| blame \| history