Home > Enterprise >  unable to access req.socket.getPeerCertificate when using express on heroku
unable to access req.socket.getPeerCertificate when using express on heroku

Time:07-15

My issue is as follows: I am working with self-signed server/client certificates in my nodejs app, and it's working fine when running the server locally (using the node https module) but it does not work when I deploy my app to heroku (using express). I've read in similar questions that you can't use the https module on heroku since heroku handles the SSL and sends my app plain request so my app needs to work with http. Since I am using client certificates to authenticate the client my question is - How do I get the certificate in a plain HTTP request? When running the server locally on my computer, using the nodejs HTTPS module, I run the following code:

const fs = require('fs');
const https = require('https');
const express = require('express');

const app = express();

const port = process.env.PORT || 4545;

app.get('/', (req, res) => {
    console.log(req.socket.getPeerCertificate());
    if (!req.client.authorized) {
        return res.status(401).send('You are not authorized');
    }

  return res.send('Hello, world!');
});

https
  .createServer(
    {
      // ...
      requestCert: true,
      rejectUnauthorized: false,
      ca: fs.readFileSync('ca.crt'),
      cert: fs.readFileSync('server.crt'),
      key: fs.readFileSync('server.key')
      // ...
    }, app)
  .listen(port, () => {
    console.log('istening on port ', port)
  });

code on heroku:

 const fs = require('fs');
    const https = require('https');
    const express = require('express');
    
    const app = express();
    
    const port = process.env.PORT || 4545;
    
    app.get('/', (req, res) => {
        console.log(req.socket.getPeerCertificate());
        if (!req.client.authorized) {
            return res.status(401).send('You are not authorized');
        }
    
      return res.send('Hello, world!');
    });
app.listen(port, () => {
  console.log(`Example app listening on port ${port}`)
});

client code:

const fs = require('fs');
const https = require('https');

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0


const req = https.request(
  {
    hostname: 'localhost',
    port: 4545,
    method: 'GET',
    path: '/',
    cert: fs.readFileSync('client.crt'),
    key: fs.readFileSync('client.key')
  },
  res => {
    res.on('data', function(data) {
      // do something with response
      console.log("recieved data ", data.toString());
    });
  }
);

req.end();

The req.socket.getPeerCertificate() function does not exist on heroku (when I'm not using the https module) and the same thing with req.client.authorized field. Is there any way to access them anyway? Or a different way to authenticate users with certificates that have been issued by a list of trusted CA on my server?

P.S. I'm not sure the topic describes my problem very well so I'm open to suggestions

CodePudding user response:

According to the Heroku web page, this is not supported.

  • Related