Websocket config should be similar to web #176

2018-04-23 19:03:35 -06:00 · 2018-04-23 19:03:35 -06:00 · a0cd8fed83
parent 6e94befd8b
commit a0cd8fed83
3 changed files with 39 additions and 17 deletions
--- a/core/config.js
+++ b/core/config.js
@ -230,11 +230,19 @@ function getDefaultConfig() {
 				firstMenuNewUser	: 'sshConnectedNewUser',
 			},
 			webSocket : {
-				port		: 8810,	//	ws://
-				enabled		: false,
-				securePort	: 8811,	//	wss:// - must provide certPem and keyPem
-				certPem		: paths.join(__dirname, './../config/https_cert.pem'),
-				keyPem		: paths.join(__dirname, './../config/https_cert_key.pem'),
+				ws : {
+					//	non-secure ws://
+					enabled			: false,
+					port			: 8810,
+				},
+				wss : {
+					//	secure ws://
+					//	must provide valid certPem and keyPem
+					enabled			: false,
+					port			: 8811,
+					certPem			: paths.join(__dirname, './../config/https_cert.pem'),
+					keyPem			: paths.join(__dirname, './../config/https_cert_key.pem'),
+				},
 			},
 		},

--- a/core/servers/login/websocket.js
+++ b/core/servers/login/websocket.js
@ -118,12 +118,15 @@ exports.getModule = class WebSocketLoginServer extends LoginServerModule {
 		//	* insecure websocket (ws://)
 		//	* secure (tls) websocket (wss://)
 		//
-		const config = _.get(Config, 'loginServers.webSocket') || { enabled : false };
-		if(!config || true !== config.enabled || !(config.port || config.securePort)) {
+		const config = _.get(Config, 'loginServers.webSocket');
+		if(!_.isObject(config)) {
 			return;
 		}

-		if(config.port) {
+		const wsPort 	= _.get(config, 'ws.port');
+		const wssPort	= _.get(config, 'wss.port');
+
+		if(true === _.get(config, 'ws.enabled') && _.isNumber(wsPort)) {
 			const httpServer = http.createServer( (req, resp) => {
 				//	dummy handler
 				resp.writeHead(200);
@ -136,10 +139,10 @@ exports.getModule = class WebSocketLoginServer extends LoginServerModule {
 			};
 		}

-		if(config.securePort) {
+		if(_.isObject(config, 'wss') && true === _.get(config, 'wss.enabled') && _.isNumber(wssPort)) {
 			const httpServer = https.createServer({
-				key		: fs.readFileSync(Config.loginServers.webSocket.keyPem),
-				cert	: fs.readFileSync(Config.loginServers.webSocket.certPem),
+				key		: fs.readFileSync(config.wss.keyPem),
+				cert	: fs.readFileSync(config.wss.certPem),
 			});

 			this.secure = {
@ -157,7 +160,7 @@ exports.getModule = class WebSocketLoginServer extends LoginServerModule {
 			}

 			const serverName 	= `${ModuleInfo.name} (${serverType})`;
-			const port			= parseInt(_.get(Config, [ 'loginServers', 'webSocket', 'secure' === serverType ? 'securePort' : 'port' ] ));
+			const port			= parseInt(_.get(Config, [ 'loginServers', 'webSocket', 'secure' === serverType ? 'wss' : 'ws', 'port' ] ));

 			if(isNaN(port)) {
 				Log.error( { server : serverName, port : port }, 'Cannot load server (invalid port)' );
--- a/docs/servers/websocket.md
+++ b/docs/servers/websocket.md
@ -27,11 +27,22 @@ don't already have it defined).
    ````hjson
    loginServers: {
            webSocket : {
-                    port: 8810
-                    enabled: true
-                    securePort: 8811
-                    certPem: /path/to/https_cert.pem
-                    keyPem: /path/to/https_cert_key.pem
+                    ws: {
+                        // non-secure ws://
+                        port: 8810
+                        enabled: true
+                    }
+                    wss: {
+                        //  secure-over-tls wss://
+                        port: 8811
+                        enabled: true
+                        certPem: /path/to/https_cert.pem
+                        keyPem: /path/to/https_cert_key.pem
+                    }
+                    // set proxied to true to allow TLS-terminated proxied connections
+                    // containing the "X-Forwarded-Proto: https" header to be treated
+                    // as secure
+                    proxied: true
            }
    }
    ````