import fs from 'fs';
import path from 'path';
import https from 'https';
import tls from 'tls';
import express from 'express';
/* Alias environment variables */
const port = process.env.PORT || 443;
const httpsOptions = {
key: fs.readFileSync(path.join('certs', 'server.key')),
cert: fs.readFileSync(path.join('certs', 'server.crt')),
ca: fs.readFileSync(path.join('certs', 'ca.crt')),
requestCert: true,
rejectUnauthorized: false /* This is necessary to accept self-signed certificates, we will perform the authentication ourselves */
};
/* Create Express app */
const expressApp = express();
const expressServer = https.createServer(httpsOptions, expressApp);
expressApp.use((req,res,next) => {
console.log((req.socket as tls.TLSSocket).authorized ? 'true' : 'false');
if (!(req.socket as tls.TLSSocket).authorized) {
return res.status(401).send('Unauthorized');
}
next();
});
expressServer.listen(port, () => {
console.log(`Server listening on port ${port}`);
});
What steps will reproduce the bug?
How often does it reproduce? Is there a required condition?
What is the expected behavior?
What do you see instead?
Additional information
(req.socket as tls.TLSSocket).authorizedflag should always be false if the client certificate doesn't match the server CA. In this case it becomes true after a page reload from Firefox for unknown reasons.