I am using the express (3.0) framework on node.js to route my application.
Most of my application uses the http protocol however there is one specific route I want to serve via https only. This is the part of my API which is responsible for registering and authenticating users.
for example:
app.get('/connect', function(req, res){
// Must be on HTTPS, if not redirect to HTTPS
});
app.post('/connect', function(req, res){
// Must be on HTTPS
});
app.get('/', function(req, res){
// Must be on HTTP
});
app.get('/build', function(req, res){
// Must be on HTTP
});
How does one facilitate using both within the same application? I am struggling to find any examples of this in the wild.
I am using the express (3.0) framework on node.js to route my application.
Most of my application uses the http protocol however there is one specific route I want to serve via https only. This is the part of my API which is responsible for registering and authenticating users.
for example:
app.get('/connect', function(req, res){
// Must be on HTTPS, if not redirect to HTTPS
});
app.post('/connect', function(req, res){
// Must be on HTTPS
});
app.get('/', function(req, res){
// Must be on HTTP
});
app.get('/build', function(req, res){
// Must be on HTTP
});
How does one facilitate using both within the same application? I am struggling to find any examples of this in the wild.
Share Improve this question asked Aug 15, 2013 at 9:44 George ReithGeorge Reith 13.5k18 gold badges81 silver badges151 bronze badges3 Answers
Reset to default 11Simply pass your app (which is really a request handler function) to the createServer of http and https.
var express = require('express')
, http = require('http')
, https = require('https')
, app = express();
http.createServer(app);
https.createServer({ ... }, app);
Both HTTP and HTTPS requests get routed through the same Express app. In a route handler, to check whether a request was made over https, use req.secure.
app.get('/route', function(req, res) {
if (req.secure) {
...
} else {
res.redirect(301, 'https://example.com/route');
}
});
As a side note, modern wisdom considers mixed http/https sites insecure. You may protect the user's password by requiring them to log in over SSL, but then switching back to http for subsequent requests makes it trivial for an attacker to steal a user's login cookie.
Consider making all requests by logged-in users over SSL.
Try this approach.Create two express request handlers(app_http and app_https).
Pass app_http as request handler while creating http server(http.createServer(app_http)).
Pass app_https as request handler while createing https server (https.createServer(options,app_https)).
var express = require('express'),
http = require('http'),
https = require('https');
var app_http = express(); // this one to handle http request
var app_https = express(); // this to handle httpS requests.
app_https.get('/connect', function(req, res){
// Must be on HTTPS, if not redirect to HTTPS
});
app_https.post('/connect', function(req, res){
// Must be on HTTPS
});
app_http.get('/', function(req, res){
// Must be on HTTP
});
app_http.get('/build', function(req, res){
// Must be on HTTP
});
//call here http.createServer & https.createServer with needed details.
const express = require('express');
const app = express();
const fs = require('fs');
const options = {
key:fs.readFileSync('./ssl/privkey.pem'),
cert:fs.readFileSync('./ssl/allchange.pem')
};
const https = require('https').createServer(options,app);
const http = require('http').createServer(app);
app.get('/',(req,res) => {
(req.protocol == 'http') ? res.redirect('https://www.pkred.com/') : // code
// More code
// End code ;
}
app.get('/:id',(req,res) => {
(req.protocol == 'http') ? res.redirect(`https://www.pkred.com/${req.params.id}`) : // code
// More code
// End code ;
}
http.listen(8080,() => console.log('PORT :: 8080'));
https.listen(4433,() => console.log('PORT :: 4433'));