From a621ff31907948f75db34f17bf6a607c3bdb1fec Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 09:18:59 -0400 Subject: [PATCH 01/22] Add https to helmet whitelist --- server/server.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/server.js b/server/server.js index 015d6c5e55..c4bd189719 100755 --- a/server/server.js +++ b/server/server.js @@ -99,6 +99,8 @@ var trusted = [ '104.236.218.15', '*.freecodecamp.com', 'http://www.freecodecamp.com', + 'https://www.freecodecamp.com', + 'https://freecodecamp.com', 'ws://freecodecamp.com/', 'ws://www.freecodecamp.com/', '*.gstatic.com', From 7f311a1e03ffb1debf2da5f7141c8627395a5f57 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 09:33:34 -0400 Subject: [PATCH 02/22] Explicitly add google font servers to whitelist --- server/server.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index c4bd189719..edd500f9b6 100755 --- a/server/server.js +++ b/server/server.js @@ -149,13 +149,15 @@ app.use(helmet.csp({ /* allow all input since we have user submitted images for public profile*/ '*' ].concat(trusted), - fontSrc: ['*.googleapis.com'].concat(trusted), + fontSrc: [ + '*.googleapis.com', + '*.gstatic.com' + ].concat(trusted), mediaSrc: [ '*.amazonaws.com', '*.twitter.com' ].concat(trusted), frameSrc: [ - '*.gitter.im', '*.gitter.im https:', '*.vimeo.com', From 5b742121d72b87f781189ce8240923b1f3584841 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 09:42:55 -0400 Subject: [PATCH 03/22] Add pmx error handler for loggign to keymetrics --- package.json | 1 + server/server.js | 12 ++++-------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 6f0af36b39..97277d8279 100644 --- a/package.json +++ b/package.json @@ -78,6 +78,7 @@ "passport-local": "^1.0.0", "passport-oauth": "^1.0.0", "passport-twitter": "^1.0.3", + "pmx": "^0.3.16", "ramda": "~0.10.0", "request": "~2.53.0", "rx": "^2.5.3", diff --git a/server/server.js b/server/server.js index edd500f9b6..c3257b2c1b 100755 --- a/server/server.js +++ b/server/server.js @@ -1,13 +1,6 @@ require('dotenv').load(); +require('pmx').init(); // handle uncaught exceptions. Forever will restart process on shutdown -process.on('uncaughtException', function (err) { - console.error( - (new Date()).toUTCString() + ' uncaughtException:', - err.message - ); - console.error(err.stack); - process.exit(1); // eslint-disable-line -}); var R = require('ramda'), assign = require('lodash').assign, @@ -28,6 +21,7 @@ var R = require('ramda'), expressValidator = require('express-validator'), forceDomain = require('forcedomain'), lessMiddleware = require('less-middleware'), + pmx = require('pmx'), passportProviders = require('./passport-providers'), /** @@ -248,9 +242,11 @@ R.keys(passportProviders).map(function(strategy) { /** * 500 Error Handler. */ + if (process.env.NODE_ENV === 'development') { app.use(errorHandler({ log: true })); } else { + app.use(pmx.expressErrorHandler()); // error handling in production disabling eslint due to express parity rules // for error handlers app.use(function(err, req, res, next) { // eslint-disable-line From 53f5f36768b184af8c34ecb2b3124bb105adcbd9 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 11:44:25 -0400 Subject: [PATCH 04/22] whitelist beta site https://freecodecamp.org --- server/server.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/server.js b/server/server.js index c3257b2c1b..bd420ebd17 100755 --- a/server/server.js +++ b/server/server.js @@ -95,6 +95,8 @@ var trusted = [ 'http://www.freecodecamp.com', 'https://www.freecodecamp.com', 'https://freecodecamp.com', + 'https://freecodecamp.org', + '*.freecodecamp.org', 'ws://freecodecamp.com/', 'ws://www.freecodecamp.com/', '*.gstatic.com', From 121dabdf7319a45d10dbcfc84f68915c944ccca7 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 11:51:07 -0400 Subject: [PATCH 05/22] More whitelist testing --- server/server.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/server.js b/server/server.js index bd420ebd17..e740b13618 100755 --- a/server/server.js +++ b/server/server.js @@ -128,7 +128,9 @@ var trusted = [ '*.bitly.com', 'http://cdn.inspectlet.com/', 'wss://inspectletws.herokuapp.com/', - 'http://hn.inspectlet.com/' + 'http://hn.inspectlet.com/', + '*.googleapis.com', + '*.gstatic.com' ]; app.use(helmet.csp({ From efb4bd17814cd1d6232fbc6693ef360ea0f79966 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 11:54:58 -0400 Subject: [PATCH 06/22] Even more testing --- server/server.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/server.js b/server/server.js index e740b13618..ac0621b517 100755 --- a/server/server.js +++ b/server/server.js @@ -142,7 +142,10 @@ app.use(helmet.csp({ ].concat(trusted), 'connect-src': [ ].concat(trusted), - styleSrc: trusted, + styleSrc: [ + 'http://fonts.googleapis.com/*', + 'http://fonts.gstatic.com/*' + ].concat(trusted), imgSrc: [ /* allow all input since we have user submitted images for public profile*/ '*' From 97668120ad29bd9a25d800e2cba90b1b1d0868f9 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 12:04:26 -0400 Subject: [PATCH 07/22] More work to load google fonts --- public/css/main.less | 33 +++++++++++++++++++++++++++++++++ server/server.js | 4 ++-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/public/css/main.less b/public/css/main.less index 424ae26933..fc324ceb80 100644 --- a/public/css/main.less +++ b/public/css/main.less @@ -4,6 +4,39 @@ @import "lib/animate.min.less"; @import "lib/bootstrap/variables"; +/* latin-ext */ +@font-face { + font-family: 'Inconsolata'; + font-style: normal; + font-weight: 400; + src: local('Inconsolata'), url(http://fonts.gstatic.com/s/inconsolata/v11/BjAYBlHtW3CJxDcjzrnZCKE8kM4xWR1_1bYURRojRGc.woff2) format('woff2'); + unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Inconsolata'; + font-style: normal; + font-weight: 400; + src: local('Inconsolata'), url(http://fonts.gstatic.com/s/inconsolata/v11/BjAYBlHtW3CJxDcjzrnZCIgp9Q8gbYrhqGlRav_IXfk.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000; +} +/* latin-ext */ +@font-face { + font-family: 'Lato'; + font-style: normal; + font-weight: 400; + src: local('Lato Regular'), local('Lato-Regular'), url(http://fonts.gstatic.com/s/lato/v11/8qcEw_nrk_5HEcCpYdJu8BTbgVql8nDJpwnrE27mub0.woff2) format('woff2'); + unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF; +} +/* latin */ +@font-face { + font-family: 'Lato'; + font-style: normal; + font-weight: 400; + src: local('Lato Regular'), local('Lato-Regular'), url(http://fonts.gstatic.com/s/lato/v11/MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2) format('woff2'); + unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000; +} + html,body,div,span,a,li,td,th { font-family: 'Lato', sans-serif; font-weight: 300; diff --git a/server/server.js b/server/server.js index ac0621b517..d484f60357 100755 --- a/server/server.js +++ b/server/server.js @@ -143,8 +143,8 @@ app.use(helmet.csp({ 'connect-src': [ ].concat(trusted), styleSrc: [ - 'http://fonts.googleapis.com/*', - 'http://fonts.gstatic.com/*' + '*.googleapis.com', + '*.gstatic.com' ].concat(trusted), imgSrc: [ /* allow all input since we have user submitted images for public profile*/ From 3546cf4765277741ecf24809e077c5dbc731718c Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 12:09:45 -0400 Subject: [PATCH 08/22] Fetch google fonts over https --- server/views/partials/universal-head.jade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/views/partials/universal-head.jade b/server/views/partials/universal-head.jade index 205a27e0ce..8670ad192a 100644 --- a/server/views/partials/universal-head.jade +++ b/server/views/partials/universal-head.jade @@ -38,7 +38,7 @@ script(src="/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js") script(src="/bower_components/ramda/dist/ramda.min.js") -link(rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Lato:400|Inconsolata") +link(rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Lato:400|Inconsolata") link(rel="stylesheet" type="text/css" href="/bower_components/cal-heatmap/cal-heatmap.css") From 308e539e1e75815e4229269011ac21e3c44e0bb6 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 12:23:49 -0400 Subject: [PATCH 09/22] More protocol experimentation --- public/css/main.less | 33 ----------------------- public/js/lib/jailed/_frame.js | 2 +- server/views/partials/universal-head.jade | 2 +- 3 files changed, 2 insertions(+), 35 deletions(-) diff --git a/public/css/main.less b/public/css/main.less index fc324ceb80..424ae26933 100644 --- a/public/css/main.less +++ b/public/css/main.less @@ -4,39 +4,6 @@ @import "lib/animate.min.less"; @import "lib/bootstrap/variables"; -/* latin-ext */ -@font-face { - font-family: 'Inconsolata'; - font-style: normal; - font-weight: 400; - src: local('Inconsolata'), url(http://fonts.gstatic.com/s/inconsolata/v11/BjAYBlHtW3CJxDcjzrnZCKE8kM4xWR1_1bYURRojRGc.woff2) format('woff2'); - unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF; -} -/* latin */ -@font-face { - font-family: 'Inconsolata'; - font-style: normal; - font-weight: 400; - src: local('Inconsolata'), url(http://fonts.gstatic.com/s/inconsolata/v11/BjAYBlHtW3CJxDcjzrnZCIgp9Q8gbYrhqGlRav_IXfk.woff2) format('woff2'); - unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000; -} -/* latin-ext */ -@font-face { - font-family: 'Lato'; - font-style: normal; - font-weight: 400; - src: local('Lato Regular'), local('Lato-Regular'), url(http://fonts.gstatic.com/s/lato/v11/8qcEw_nrk_5HEcCpYdJu8BTbgVql8nDJpwnrE27mub0.woff2) format('woff2'); - unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF; -} -/* latin */ -@font-face { - font-family: 'Lato'; - font-style: normal; - font-weight: 400; - src: local('Lato Regular'), local('Lato-Regular'), url(http://fonts.gstatic.com/s/lato/v11/MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2) format('woff2'); - unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000; -} - html,body,div,span,a,li,td,th { font-family: 'Lato', sans-serif; font-weight: 300; diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js index 34046b89de..fa310643fd 100644 --- a/public/js/lib/jailed/_frame.js +++ b/public/js/lib/jailed/_frame.js @@ -12,7 +12,7 @@ var __jailed__path__ = scripts[scripts.length-1].src .split('?')[0] .split('/') .slice(0, -1) - .join('/')+'/'; + .join('/') + '/'; // creating worker as a blob enables import of local files var blobCode = [ diff --git a/server/views/partials/universal-head.jade b/server/views/partials/universal-head.jade index 8670ad192a..c33c77acaa 100644 --- a/server/views/partials/universal-head.jade +++ b/server/views/partials/universal-head.jade @@ -38,7 +38,7 @@ script(src="/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js") script(src="/bower_components/ramda/dist/ramda.min.js") -link(rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Lato:400|Inconsolata") +link(rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Lato:400|Inconsolata") link(rel="stylesheet" type="text/css" href="/bower_components/cal-heatmap/cal-heatmap.css") From d006f7b87db53806940d6f8b9b5eb086c90a72a7 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 12:28:05 -0400 Subject: [PATCH 10/22] Relative path for inspeclet --- server/server.js | 1 + server/views/partials/universal-head.jade | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/server/server.js b/server/server.js index d484f60357..306424363a 100755 --- a/server/server.js +++ b/server/server.js @@ -127,6 +127,7 @@ var trusted = [ '*.ytimg.com', '*.bitly.com', 'http://cdn.inspectlet.com/', + 'https://cdn.inspeclet.com/', 'wss://inspectletws.herokuapp.com/', 'http://hn.inspectlet.com/', '*.googleapis.com', diff --git a/server/views/partials/universal-head.jade b/server/views/partials/universal-head.jade index c33c77acaa..47bc657df6 100644 --- a/server/views/partials/universal-head.jade +++ b/server/views/partials/universal-head.jade @@ -70,7 +70,7 @@ script#inspectletjs(type='text/javascript'). insp.type = 'text/javascript'; insp.async = true; insp.id = "inspsync"; - insp.src = ('https:' == document.location.protocol ? 'https' : 'http') + '://cdn.inspectlet.com/inspectlet.js'; + insp.src = '//cdn.inspectlet.com/inspectlet.js'; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(insp, x); } From b0b236821ee7a17f8c4726ace9ed89ec448f8e0e Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 12:28:05 -0400 Subject: [PATCH 11/22] More inspectlet configuring --- server/server.js | 5 ++++- server/views/partials/universal-head.jade | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index d484f60357..d588f79794 100755 --- a/server/server.js +++ b/server/server.js @@ -127,6 +127,7 @@ var trusted = [ '*.ytimg.com', '*.bitly.com', 'http://cdn.inspectlet.com/', + 'https://cdn.inspeclet.com/', 'wss://inspectletws.herokuapp.com/', 'http://hn.inspectlet.com/', '*.googleapis.com', @@ -138,7 +139,9 @@ app.use(helmet.csp({ scriptSrc: [ '*.optimizely.com', '*.aspnetcdn.com', - '*.d3js.org' + '*.d3js.org', + 'https://cdn.inspectlet.com/inspectlet.js', + 'http://cdn.inspectlet.com/inspectlet.js' ].concat(trusted), 'connect-src': [ ].concat(trusted), diff --git a/server/views/partials/universal-head.jade b/server/views/partials/universal-head.jade index c33c77acaa..47bc657df6 100644 --- a/server/views/partials/universal-head.jade +++ b/server/views/partials/universal-head.jade @@ -70,7 +70,7 @@ script#inspectletjs(type='text/javascript'). insp.type = 'text/javascript'; insp.async = true; insp.id = "inspsync"; - insp.src = ('https:' == document.location.protocol ? 'https' : 'http') + '://cdn.inspectlet.com/inspectlet.js'; + insp.src = '//cdn.inspectlet.com/inspectlet.js'; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(insp, x); } From 0a8356e50fe46f749a852663f5d12cff2b64ee95 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 14:30:16 -0400 Subject: [PATCH 12/22] Configure production to run in https --- server/server.js | 90 ++++++++++++++--------- server/ssl-config.js | 16 ++++ server/views/coursewares/showBonfire.jade | 2 +- server/views/coursewares/showJS.jade | 2 +- 4 files changed, 73 insertions(+), 37 deletions(-) create mode 100644 server/ssl-config.js diff --git a/server/server.js b/server/server.js index d588f79794..e950611d24 100755 --- a/server/server.js +++ b/server/server.js @@ -2,32 +2,34 @@ require('dotenv').load(); require('pmx').init(); // handle uncaught exceptions. Forever will restart process on shutdown -var R = require('ramda'), - assign = require('lodash').assign, - loopback = require('loopback'), - boot = require('loopback-boot'), - accepts = require('accepts'), - cookieParser = require('cookie-parser'), - compress = require('compression'), - session = require('express-session'), - logger = require('morgan'), - errorHandler = require('errorhandler'), - methodOverride = require('method-override'), - bodyParser = require('body-parser'), - helmet = require('helmet'), - MongoStore = require('connect-mongo')(session), - flash = require('express-flash'), - path = require('path'), - expressValidator = require('express-validator'), - forceDomain = require('forcedomain'), - lessMiddleware = require('less-middleware'), - pmx = require('pmx'), +var https = require('https'), + sslConfig = require('./ssl-config'), + R = require('ramda'), + assign = require('lodash').assign, + loopback = require('loopback'), + boot = require('loopback-boot'), + accepts = require('accepts'), + cookieParser = require('cookie-parser'), + compress = require('compression'), + session = require('express-session'), + logger = require('morgan'), + errorHandler = require('errorhandler'), + methodOverride = require('method-override'), + bodyParser = require('body-parser'), + helmet = require('helmet'), + MongoStore = require('connect-mongo')(session), + flash = require('express-flash'), + path = require('path'), + expressValidator = require('express-validator'), + forceDomain = require('forcedomain'), + lessMiddleware = require('less-middleware'), + pmx = require('pmx'), - passportProviders = require('./passport-providers'), - /** - * API keys and Passport configuration. - */ - secrets = require('./../config/secrets'); + passportProviders = require('./passport-providers'), + /** + * API keys and Passport configuration. + */ + secrets = require('./../config/secrets'); var generateKey = require('loopback-component-passport/lib/models/utils').generateKey; @@ -218,8 +220,8 @@ var passportOptions = { // NOTE(berks): get email or set to null. // MongoDB indexs email but can be sparse(blank) var email = emails && emails[0] && emails[0].value ? - emails[0].value : - null; + emails[0].value : + null; var username = (profile.username || profile.id); username = typeof username === 'string' ? username.toLowerCase() : username; @@ -295,16 +297,34 @@ if (process.env.NODE_ENV === 'development') { * Start Express server. */ -app.start = function() { - app.listen(app.get('port'), function () { - console.log( - 'FreeCodeCamp server listening on port %d in %s mode', - app.get('port'), - app.get('env') - ); - }); +var options = { + key: sslConfig.privateKey, + cert: sslConfig.certificate }; +if (process.env.NODE_ENV === 'production') { + app.start = function() { + var server = https.createServer(options, app); + server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { + console.log( + 'FreeCodeCamp server listening on port %d in %s mode', + app.get('port'), + app.get('env') + ); + }); + }; +} else { + app.start = function () { + app.listen(app.get('port'), function () { + console.log( + 'FreeCodeCamp server listening on port %d in %s mode', + app.get('port'), + app.get('env') + ); + }); + }; +} + // start the server if `$ node server.js` if (require.main === module) { app.start(); diff --git a/server/ssl-config.js b/server/ssl-config.js new file mode 100644 index 0000000000..7ac90dc7cf --- /dev/null +++ b/server/ssl-config.js @@ -0,0 +1,16 @@ +/** + * Created by nathanleniz on 6/16/15. + */ + +var path = require('path'); +var fs = require('fs'); + +if (process.env.NODE_ENV === 'production') { + exports.privateKey = + fs.readFileSync(path.join(__dirname, + '../../private/privatekey.pem')).toString(); + exports.certificate = + fs.readFileSync(path.join(__dirname, + '../../private/certificate.pem')).toString(); + +} diff --git a/server/views/coursewares/showBonfire.jade b/server/views/coursewares/showBonfire.jade index 005ed1f1b7..d18abe290e 100644 --- a/server/views/coursewares/showBonfire.jade +++ b/server/views/coursewares/showBonfire.jade @@ -11,7 +11,7 @@ block content link(rel='stylesheet', href='/js/lib/codemirror/lib/codemirror.css') link(rel='stylesheet', href='/js/lib/codemirror/addon/lint/lint.css') link(rel='stylesheet', href='/js/lib/codemirror/theme/monokai.css') - link(rel="stylesheet", href="http://fonts.googleapis.com/css?family=Ubuntu+Mono") + link(rel="stylesheet", href="//fonts.googleapis.com/css?family=Ubuntu+Mono") script(type='text/javascript', src='/js/lib/codemirror/mode/javascript/javascript.js') script(type='text/javascript', src='/js/lib/jailed/jailed.js') script(type='text/javascript', src='/js/lib/coursewares/sandbox.js') diff --git a/server/views/coursewares/showJS.jade b/server/views/coursewares/showJS.jade index 25bb25cd3f..58737351ac 100644 --- a/server/views/coursewares/showJS.jade +++ b/server/views/coursewares/showJS.jade @@ -10,7 +10,7 @@ block content link(rel='stylesheet', href='/js/lib/codemirror/lib/codemirror.css') link(rel='stylesheet', href='/js/lib/codemirror/addon/lint/lint.css') link(rel='stylesheet', href='/js/lib/codemirror/theme/monokai.css') - link(rel="stylesheet", href="http://fonts.googleapis.com/css?family=Ubuntu+Mono") + link(rel="stylesheet", href="//fonts.googleapis.com/css?family=Ubuntu+Mono") script(src='/js/lib/codemirror/mode/javascript/javascript.js') script(src='/js/lib/jailed/jailed.js') script(src='/js/lib/coursewares/sandbox.js') From 7e420217eb973aa35774c127b8385597121e8c33 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 14:43:12 -0400 Subject: [PATCH 13/22] More https configuration --- server/server.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/server.js b/server/server.js index e950611d24..cda6a0bf67 100755 --- a/server/server.js +++ b/server/server.js @@ -305,6 +305,7 @@ var options = { if (process.env.NODE_ENV === 'production') { app.start = function() { var server = https.createServer(options, app); + console.log(process.env.HOST, process.env.PORT); server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { console.log( 'FreeCodeCamp server listening on port %d in %s mode', From b25dd9416bd95f1df93b62f054687b0d499c76c4 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 14:43:49 -0400 Subject: [PATCH 14/22] More https configuration --- server/server.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/server.js b/server/server.js index cda6a0bf67..c7240fb20c 100755 --- a/server/server.js +++ b/server/server.js @@ -306,6 +306,7 @@ if (process.env.NODE_ENV === 'production') { app.start = function() { var server = https.createServer(options, app); console.log(process.env.HOST, process.env.PORT); + console.log(options.cert); server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { console.log( 'FreeCodeCamp server listening on port %d in %s mode', From 645c0aac0e53f2a0092b24ad22b8361e9fc463d2 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 14:51:40 -0400 Subject: [PATCH 15/22] Server test --- server/server.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/server.js b/server/server.js index c7240fb20c..74b28f1856 100755 --- a/server/server.js +++ b/server/server.js @@ -305,8 +305,7 @@ var options = { if (process.env.NODE_ENV === 'production') { app.start = function() { var server = https.createServer(options, app); - console.log(process.env.HOST, process.env.PORT); - console.log(options.cert); + console.log('https://' + process.env.HOST + ':' + process.env.PORT); server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { console.log( 'FreeCodeCamp server listening on port %d in %s mode', From e782e0310f4aef3b5a47786aa9d51353229fc992 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:04:20 -0400 Subject: [PATCH 16/22] Remove toString() on certificate reads as per http://stackoverflow.com/questions/20893025/cant-start-nodejs-https-server-v0-10-23 --- server/ssl-config.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/ssl-config.js b/server/ssl-config.js index 7ac90dc7cf..6cbf418971 100644 --- a/server/ssl-config.js +++ b/server/ssl-config.js @@ -8,9 +8,9 @@ var fs = require('fs'); if (process.env.NODE_ENV === 'production') { exports.privateKey = fs.readFileSync(path.join(__dirname, - '../../private/privatekey.pem')).toString(); + '../../private/privatekey.pem')); exports.certificate = fs.readFileSync(path.join(__dirname, - '../../private/certificate.pem')).toString(); + '../../private/certificate.pem')); } From a662187d938879e4ca284caeaad572db20088ccd Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:24:55 -0400 Subject: [PATCH 17/22] More ssl setup --- server/server.js | 1 + 1 file changed, 1 insertion(+) diff --git a/server/server.js b/server/server.js index 74b28f1856..f9b20edc01 100755 --- a/server/server.js +++ b/server/server.js @@ -312,6 +312,7 @@ if (process.env.NODE_ENV === 'production') { app.get('port'), app.get('env') ); + app.emit('started', 'https://' + process.env.HOST + ':' + app.get('port')); }); }; } else { From 9e8796a0c42523a215c8c6d0479031a528f81c4d Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:38:22 -0400 Subject: [PATCH 18/22] More tweaking --- server/server.js | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/server/server.js b/server/server.js index f9b20edc01..0f03dd98d8 100755 --- a/server/server.js +++ b/server/server.js @@ -21,7 +21,6 @@ var https = require('https'), flash = require('express-flash'), path = require('path'), expressValidator = require('express-validator'), - forceDomain = require('forcedomain'), lessMiddleware = require('less-middleware'), pmx = require('pmx'), @@ -303,18 +302,16 @@ var options = { }; if (process.env.NODE_ENV === 'production') { - app.start = function() { - var server = https.createServer(options, app); - console.log('https://' + process.env.HOST + ':' + process.env.PORT); - server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { - console.log( - 'FreeCodeCamp server listening on port %d in %s mode', - app.get('port'), - app.get('env') - ); - app.emit('started', 'https://' + process.env.HOST + ':' + app.get('port')); - }); - }; + var server = https.createServer(options, app); + console.log('https://' + process.env.HOST + ':' + process.env.PORT); + server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { + console.log( + 'FreeCodeCamp server listening on port %d in %s mode', + app.get('port'), + app.get('env') + ); + app.emit('started', 'https://' + process.env.HOST + ':' + app.get('port')); + }); } else { app.start = function () { app.listen(app.get('port'), function () { @@ -325,11 +322,12 @@ if (process.env.NODE_ENV === 'production') { ); }); }; + if (require.main === module) { + app.start(); + } } // start the server if `$ node server.js` -if (require.main === module) { - app.start(); -} + module.exports = app; From 7915e8a77e10238c0a9d8fa3c56d9140b74512e2 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:41:59 -0400 Subject: [PATCH 19/22] 99 problems, and production only errors are 98 of them --- server/server.js | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/server/server.js b/server/server.js index 0f03dd98d8..2b0eefa100 100755 --- a/server/server.js +++ b/server/server.js @@ -313,18 +313,13 @@ if (process.env.NODE_ENV === 'production') { app.emit('started', 'https://' + process.env.HOST + ':' + app.get('port')); }); } else { - app.start = function () { - app.listen(app.get('port'), function () { - console.log( - 'FreeCodeCamp server listening on port %d in %s mode', - app.get('port'), - app.get('env') - ); - }); - }; - if (require.main === module) { - app.start(); - } + app.listen(app.get('port'), function () { + console.log( + 'FreeCodeCamp server listening on port %d in %s mode', + app.get('port'), + app.get('env') + ); + }); } // start the server if `$ node server.js` From 1607fe0ba50cb00993c1e14c58254b505d46f616 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:51:04 -0400 Subject: [PATCH 20/22] Updates server listen in production --- server/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server.js b/server/server.js index 2b0eefa100..69e02e8496 100755 --- a/server/server.js +++ b/server/server.js @@ -304,7 +304,7 @@ var options = { if (process.env.NODE_ENV === 'production') { var server = https.createServer(options, app); console.log('https://' + process.env.HOST + ':' + process.env.PORT); - server.listen('https://' + process.env.HOST + ':' + app.get('port'), function () { + server.listen(app.get('port'), function () { console.log( 'FreeCodeCamp server listening on port %d in %s mode', app.get('port'), From 810bf9a3f7e5be4143694441b701ad4c8c50a307 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 15:59:22 -0400 Subject: [PATCH 21/22] force https for blob url in _frame.js. Updates helmet to allow more inspectlet domains. --- public/js/lib/jailed/_frame.js | 2 +- server/server.js | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js index fa310643fd..7f464f02de 100644 --- a/public/js/lib/jailed/_frame.js +++ b/public/js/lib/jailed/_frame.js @@ -36,7 +36,7 @@ try { blobUrl = blobUrl.getBlob(); } -var worker = new Worker(URL.createObjectURL(blobUrl)); +var worker = new Worker(URL.createObjectURL('https:' + blobUrl)); // telling worker to load _pluginWeb.js (see blob code above) worker.postMessage({ diff --git a/server/server.js b/server/server.js index 69e02e8496..cc69e11ae3 100755 --- a/server/server.js +++ b/server/server.js @@ -132,7 +132,8 @@ var trusted = [ 'wss://inspectletws.herokuapp.com/', 'http://hn.inspectlet.com/', '*.googleapis.com', - '*.gstatic.com' + '*.gstatic.com', + 'https://hn.inspectlet.com/' ]; app.use(helmet.csp({ From 8735f164f844d3d383f5e48b0c22d024f0c015d1 Mon Sep 17 00:00:00 2001 From: terakilobyte Date: Tue, 16 Jun 2015 16:28:09 -0400 Subject: [PATCH 22/22] Remove https from blob code --- public/js/lib/jailed/_frame.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/js/lib/jailed/_frame.js b/public/js/lib/jailed/_frame.js index 7f464f02de..fa310643fd 100644 --- a/public/js/lib/jailed/_frame.js +++ b/public/js/lib/jailed/_frame.js @@ -36,7 +36,7 @@ try { blobUrl = blobUrl.getBlob(); } -var worker = new Worker(URL.createObjectURL('https:' + blobUrl)); +var worker = new Worker(URL.createObjectURL(blobUrl)); // telling worker to load _pluginWeb.js (see blob code above) worker.postMessage({