如何配置快递js 4来为http中的某些页面和https中的其他页面提供服务？(How to configure express js 4 to serve some pages in http an

如何配置快递js 4来为http中的某些页面和https中的其他页面提供服务？(How to configure express js 4 to serve some pages in http and others in https?)

是否有任何方法可以使用快速js 4配置节点js应用程序以在httpps协议下为某些页面提供服务，哪些需要更高安全性的页面？

我描述了我的问题：我正在网上开发一个商店，我想显示某些页面，例如http下的产品列表或产品详细信息视图，以及我认为需要更多安全性的其他页面，例如登录或购物车视图， https协议。

我已经尝试过express-force-ssl模块，但它无法正常工作。 以下代码片段不是来自我的应用程序（这太脏了）它只是一个alos对我不起作用的例子：

var express = require('express'); var forceSSL = require('express-force-ssl'); var fs = require('fs'); var http = require('http'); var https = require('https'); var ssl_options = { key: fs.readFileSync('./server-private-key.pem'), cert: fs.readFileSync('./server-certificate.pem'), ca: fs.readFileSync('./server-certificate-signing-request.pem') }; var app = express(); var server = http.createServer(app); var secureServer = https.createServer(ssl_options, app); app.use(forceSSL); app.get('/', function (req, res, next) { res.send('<a href="/user/userA">Hello</a>') }); app.get('/user/:name', function (req, res, next) { var user = req.params.name; res.send('<a href="/login">Hello ' + user + '</a>') }); app.get('/login', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a><br/><a href="/logout">Goodbye</a>') }); app.get('/logout', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a>') }); secureServer.listen(443) server.listen(8085) console.log('server started');

结果是当我使用url http://localhost:8085启动应用程序时，服务器会自动将其重定向到https://localhost并以https协议提供所有页面。

我想要的是从http://localhost:8085 ，导航到http://localhost/user/userA ，然后从它转到https://localhost/login ，如果单击“Hello”链接，我想重定向到http://localhost:8085 。

在没有express-force-ssl模块的情况下，是否有任何遗漏的代码可以获得我想要的行为，甚至是任何其他方式来实现它？

Is there any way to configure a node js application with express js 4 to serve some pages under http protocol and other, those which need more security, in https?

I describe my problem: I'm developing a shop online and I want to display certain pages, like the products list or the product detail views under http, and others which I think need more security, like login or the shopping cart views, under https protocol.

I have tried the express-force-ssl module, but it isn't working. The following code snippet is not from my app (which is too dirty) it is just an example which alos doesn't work for me:

var express = require('express'); var forceSSL = require('express-force-ssl'); var fs = require('fs'); var http = require('http'); var https = require('https'); var ssl_options = { key: fs.readFileSync('./server-private-key.pem'), cert: fs.readFileSync('./server-certificate.pem'), ca: fs.readFileSync('./server-certificate-signing-request.pem') }; var app = express(); var server = http.createServer(app); var secureServer = https.createServer(ssl_options, app); app.use(forceSSL); app.get('/', function (req, res, next) { res.send('<a href="/user/userA">Hello</a>') }); app.get('/user/:name', function (req, res, next) { var user = req.params.name; res.send('<a href="/login">Hello ' + user + '</a>') }); app.get('/login', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a><br/><a href="/logout">Goodbye</a>') }); app.get('/logout', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a>') }); secureServer.listen(443) server.listen(8085) console.log('server started');

The result is that when I launch the application, with url http://localhost:8085, the server automatically redirects it to https://localhost and serves all pages in https protocol.

What I want is to start on http://localhost:8085, navigate to http://localhost/user/userA, then from it go to https://localhost/login and, if click on "Hello" link, I would like to be redirected to http://localhost:8085.

Is there any missing code to get the behavior I want or even any other way to reach it without express-force-ssl module?

最满意答案

我问过express-force-ssl模块的作者，他告诉我重定向行为按预期工作。 这是帖子 。

但是在代码中潜水一点，我已经创建了一个自定义插件来解决我的问题。 这是代码：

var parseUrl = require('url').parse; var isSecure = function (req) { if (req.secure) { return true; } else if ( req.get('X-Forwarded-Proto') && req.get('X-Forwarded-Proto').toLowerCase && req.get('X-Forwarded-Proto').toLowerCase() === 'https') { return true; } return false; }; exports = module.exports = function (req, res, next) { if (isSecure(req)) { if (req.method === "GET") { var httpPort = req.app.get('httpPort') || 80; var fullUrl = parseUrl(req.protocol + '://' + req.header('Host') + req.originalUrl); res.redirect('http://' + fullUrl.hostname + ':' + httpPort + req.originalUrl); } else { next(); } } else { next(); } };

它与force-ssl文件非常相似，但在这里我们管理相反的操作，即在这里我强制路由时重定向到http 。 所以需要将这个函数添加到我们想要在http协议下看到的每个路由：

var express = require('express'); var forceSSL = require('express-force-ssl'); var fs = require('fs'); var http = require('http'); var https = require('https'); var useHttp = require('./useHttp'); var ssl_options = { key: fs.readFileSync('./server-private-key.pem'), cert: fs.readFileSync('./server-certificate.pem') }; var app = express(); var server = http.createServer(app); var secureServer = https.createServer(ssl_options, app); app.get('/', useHttp, function (req, res, next) { res.send('<a href="/user/userA">Hello</a>') }); app.get('/user/:name', useHttp, function (req, res, next) { var user = req.params.name; res.send('<a href="/login">Hello ' + user + '</a>') }); app.get('/login', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a><br/><a href="/logout">Goodbye</a>') }); app.get('/logout', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a>') }); app.set('httpsPort', 9090); app.set('httpPort', 8085); secureServer.listen(9090) server.listen(8085) console.log('server started');

正如您所看到的，我现在需要在所有路由中指定使用哪个协议： useHttp用于http或forceSSL用于https 。

虽然我对这个解决方案一点也不舒服，因为我必须在所有路由中指定我想要哪种协议。 但至少它有效。 因此，如果有人找到任何其他解决方案，我会很高兴，因为在中间件层添加了一个功能来管理所有http请求，只需在使用forceSSL指定时重定向到https 。 到目前为止，这是有效的。

I have asked to the author of express-force-ssl module and he has told me that the redirect behavior works as expected. Here is the post.

But diving a little more in its code I've created a custom plugin to solve my problem. Here is the code:

var parseUrl = require('url').parse; var isSecure = function (req) { if (req.secure) { return true; } else if ( req.get('X-Forwarded-Proto') && req.get('X-Forwarded-Proto').toLowerCase && req.get('X-Forwarded-Proto').toLowerCase() === 'https') { return true; } return false; }; exports = module.exports = function (req, res, next) { if (isSecure(req)) { if (req.method === "GET") { var httpPort = req.app.get('httpPort') || 80; var fullUrl = parseUrl(req.protocol + '://' + req.header('Host') + req.originalUrl); res.redirect('http://' + fullUrl.hostname + ':' + httpPort + req.originalUrl); } else { next(); } } else { next(); } };

It's very similar to force-ssl file but here we manage the opposite action, i.e., here I redirect to http when a route is forced to it. So it's needed to add the function to every route we want to see under http protocol:

var express = require('express'); var forceSSL = require('express-force-ssl'); var fs = require('fs'); var http = require('http'); var https = require('https'); var useHttp = require('./useHttp'); var ssl_options = { key: fs.readFileSync('./server-private-key.pem'), cert: fs.readFileSync('./server-certificate.pem') }; var app = express(); var server = http.createServer(app); var secureServer = https.createServer(ssl_options, app); app.get('/', useHttp, function (req, res, next) { res.send('<a href="/user/userA">Hello</a>') }); app.get('/user/:name', useHttp, function (req, res, next) { var user = req.params.name; res.send('<a href="/login">Hello ' + user + '</a>') }); app.get('/login', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a><br/><a href="/logout">Goodbye</a>') }); app.get('/logout', forceSSL, function (req, res, next) { res.send('<a href="/">Hello</a>') }); app.set('httpsPort', 9090); app.set('httpPort', 8085); secureServer.listen(9090) server.listen(8085) console.log('server started');

As you can see I need now to specify in all routes which protocol use: useHttp for http or forceSSL for https.

Although I'm not comfortable at all with this solution because I have to specify in all routes which kind of protocol I want. But at least it works. So I would be very pleased if someone finds any other solution, for isntance, adding in middleware layer a function to manage all http requests and just redirect to https when it is specified with forceSSL. By the moment, this works.