Open stevenroose opened 9 years ago
I just realize that it is also possible to serve HTTPS without a certificate configured. However, not often practically useful (browsers block/alert users in this case, but can be useful for testing).
Perhaps a bool enableSSL
can fix this so that the check of the other params is only performed before the SecureSockets.initialize()
call.
Hi and thanks for the pull request!
First there were some questions, I'll try to take them one by one first:
Second, let talk about the code. I'll split my thoughts up in two parts, regarding syntax and semantics.
Syntax:
Semantics:
So, lots of comments, but overall I like your contribution, I hope you don't feel I'm offensive that is really not my intent here. I could clearly change some of the syntax things later but I thought it was better to just talk about it here instead of just merging and then change some of the code later. The semantic parts simply have to be fixed since they don't work as indented.
Ps. I have not had the time to really try and run the code just yet, these comments are based on me just reading the code. If I'm wrong on something please feel free to correct me. Ds.
That's a lot of text :)
SecureSockets.initialize()
and is currently a parameter of serve()
.Uri
is a value class, all properties are read-only. I considered using Uri.parse()
and serializing the URI myself, but that's just as ugly. I also considered using the original Uri's string and replacing the first occurrence of http://
with https://
but that's not as fool-proof as this method. (I know it sucks that it takes up so many lines.)sslCertificateDatabasePassword = sslCertificateDatabasePassword != null ? sslCertificateDatabasePassword : Platform.environment['SSL_CERT_DB_PASS'];
// or
if(sslCertificateDatabasePassword == null)
sslCertificateDatabasePassword = Platform.environment['SSL_CERT_DB_PASS'];
Syntax 5. I only indent that way when the readability is key, like in public declarations (f.e. serve()
), otherwise I use the minimum of 4 spaces for broken lines, as the style guide suggests
DO indent continued lines with at least four spaces.
serve()
, it should overwrite environment variables to protect the user from environment variables it is not aware of that will otherwise tamper with his code. Perhaps removing all default values is a good solution?Aha, found Uri.replace()
.
I added support for HTTPS serving with certificates configured. It is possible to serve both HTTP and HTTPS or to automatically redirect HTTP requests to HTTPS.
I also added the possibility to define the host and ports to listen on using the parameters of serve instead of only using the environment.
This change should not introduce breaking changes to existing users.
Perhaps it is a good idea to allow users to pass the database password using an environment variable as well. I believe in that case the database files can be safely exposed, f.e. in a GitHub repo.