Tag Archives: nodejs

Securing nodejs server configuration data

Published June 3, 2013 6:05 pm

I am running the nodejs server in azure VM running win8 server, and I need to secure the configuration data. Since I am deploying the server by hand; not using azure role, manifest, iisnode integration etc – I need to figure out way for securing the configuration data.

.Net frameworks has the useful api ProtectedData.Protect and nodejs has a useful interop module edge for interop between nodejs and c# from Tomasz Janczuk @msft.

config data is earlier protected using the ProtectedData.Protect(), encoded base64 and saved to file. Code snippet below uses edge module with c# code to decrypt/unprotect the config data.

 
var edge = require('edge');
function unprotect(fileName, callback)
{
    var unprotectCsFunc = edge.func(function unprotectCsFunc()
    {/*
    #r "System.Security.dll"

    using System;
    using System.IO;
    using System.Security.Cryptography;

    async (fileName) => { 
        string cipherText = File.ReadAllText(fileName.ToString());
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        var data = ProtectedData.Unprotect(cipherBytes, null, DataProtectionScope.CurrentUser);
        return data;
    }*/});

    unprotectCsFunc(fileName, function (error, result)
    {
        callback(error, result);
    });
}

What do you use to protect configuration data for your nodejs server?

Integrating your windows store app with https nodejs web service

Published May 16, 2013 12:56 pm

During development, we typically start implementing the web service as a http endpoint. At a later stage in development we need to make it a https endpoint. This is when we need to deal with SSL certificates.

Hosting the nodejs web api server at custom https endpoint like https://myapi.mywebsite.com, buying the SSL certificate for the api subdomain from a certificate authority, getting the required .pfx file from the files given by CA for the https nodejs server are interesting topics by themselves. Today, we are talking about generated a self-signed certificate for the localhost. This enables us to run the https nodejs web server on local machine and test the windows store application to consume the apis. This suffices for the development of the app & service while other things are required for taking the app to production.

I found this helpful tool through bing to generate self signed certificate for locahost, has the nice GUI and gives a pfx file as output. Saves going through the VS command line makecert details unless you already know about it.

https nodejs server is up and running given the localhost pfx file and its password.

var fs = require('fs'),
    https = require('https');

var options = {
    pfx: 'localhost.pfx',
    passphrase: 'your password',
};

https.createServer(options, function (req, res)
{
   ...
}).listen(xyz);

but when my WinJS client WinJS.xhr() calls fails to https://localhost:xyz/
This is because the certificate authority is not trusted by the localmachine – the dev box. The localhost certificate needs to be added to ‘trusted root cas’ using certificate mgr mmc. To do this:

  1. Launch mmc. Add ‘certificates’  MMC snapin. select local computer.
  2. Right click ‘Trust Root Certificate Authorities’-. Follow All Tasks->Import to import the localhost.pfx certificate here.
  3. Follow the instructions in the import wizard

Once done, WinJS client can successfully connect to the https://localhost:xyz nodejs endpoint.