Add HTTPS support for RisuAI Node.js hosting version (#795)

# PR Checklist - [❌] Have you checked if it works normally in all models? *Ignore this if it doesn't use models.* - N/A - [❌] Have you checked if it works normally in all web, local, and node hosted versions? If it doesn't, have you blocked it in those versions? - node hosted version only - [❌] Have you added type definitions? - N/A # Description The Node.js hosting version of RisuAI previously used simple app.listen for server execution, which didn't support native HTTPS. This caused several functionality issues due to browser security restrictions when accessing RisuAI externally, such as realm loading failures and inability to insert prompt presets. The updated code now checks for certificate files named server.key and server.crt in the /server/node/ssl/certificate directory. If found, the server will start using HTTPS. The /ssl directory includes a script to generate a self-signed SSL certificate using OpenSSL. To use it, add the server's public IP to the [ alt_names ] section in server.conf before generating the certificate. The CA certificate should be installed on the operating system or browser of devices remotely accessing RisuAI.
2025-04-08 19:22:06 +09:00
parent f5abdad334 1a2e44f9ae
commit d91dd1b825
6 changed files with 113 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -42,4 +42,5 @@ __pycache__/
 .tauri/
 dist.zip
 /scripts/
-.env
+.env
+/server/node/ssl/certificate
--- a/server/node/server.cjs
+++ b/server/node/server.cjs
@@ -9,6 +9,8 @@ app.use(express.static(path.join(process.cwd(), 'dist'), {index: false}));
 app.use(express.json({ limit: '50mb' }));
 app.use(express.raw({ type: 'application/octet-stream', limit: '50mb' }));
 const {pipeline} = require('stream/promises')
+const https = require('https');
+const sslPath = path.join(process.cwd(), 'server/node/ssl/certificate');

 let password = ''

@@ -294,6 +296,57 @@ app.post('/api/write', async (req, res, next) => {
    }
 });

-app.listen(6001, () => {
-    console.log("Server is listening on http://localhost:6001/");
-});
+async function getHttpsOptions() {
+
+    const keyPath = path.join(sslPath, 'server.key');
+    const certPath = path.join(sslPath, 'server.crt');
+
+    console.log(keyPath)
+    console.log(certPath)
+
+    try {
+ 
+        await fs.access(keyPath);
+        await fs.access(certPath);
+
+        const [key, cert] = await Promise.all([
+            fs.readFile(keyPath),
+            fs.readFile(certPath)
+        ]);
+       
+        return { key, cert };
+
+    } catch (error) {
+        console.error('SSL setup errors:', error.message);
+        console.log('Start the server with HTTP instead of HTTPS...');
+        return null;
+    }
+}
+
+async function startServer() {
+    const port = process.env.PORT || 6001;
+    const httpsOptions = await getHttpsOptions();
+
+    if (httpsOptions) {
+        // HTTPS
+        https.createServer(httpsOptions, app).listen(port, () => {
+            console.log("HTTPS server is running.");
+            console.log("https://localhost:6001/");
+        });
+
+    } else {
+        // HTTP
+        app.listen(port, () => {
+            console.log("HTTP server is running.");
+            console.log("http://localhost:6001/");
+        });
+    }
+}
+
+(async () => {
+    try {
+        await startServer();
+    } catch (error) {
+        console.error('Fail to start server :', error);
+    }
+})();
--- a/server/node/ssl/Generate
+++ b/server/node/ssl/Generate
@@ -0,0 +1,5 @@
+@echo off
+mkdir certificate 2>nul
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certificate\ca.key -out certificate\ca.crt -config ca.conf
+openssl req -new -nodes -newkey rsa:2048 -keyout certificate\server.key -out certificate\server.csr -config server.conf
+openssl x509 -req -in certificate\server.csr -CA certificate\ca.crt -CAkey certificate\ca.key -CAcreateserial -out certificate\server.crt -days 3650 -extensions req_ext -extfile server.conf
--- a/server/node/ssl/Generate
+++ b/server/node/ssl/Generate
@@ -0,0 +1,8 @@
+#!/bin/bash
+mkdir -p certificate
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certificate/ca.key -out certificate/ca.crt -config ca.conf
+openssl req -new -nodes -newkey rsa:2048 -keyout certificate/server.key -out certificate/server.csr -config server.conf
+openssl x509 -req -in certificate/server.csr -CA certificate/ca.crt -CAkey certificate/ca.key -CAcreateserial -out certificate/server.crt -days 3650 -extensions req_ext -extfile server.conf
+
+chmod 644 certificate/ca.key certificate/server.key
+chmod 644 certificate/ca.crt certificate/server.crt certificate/server.csr
--- a/server/node/ssl/ca.conf
+++ b/server/node/ssl/ca.conf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+x509_extensions = ca_ext
+
+[ dn ]
+C = KR
+ST = Kivotos
+L = Millennium Science School
+O = Game Development Department
+OU = Certificate Authority
+CN = Aris CA
+
+[ ca_ext ]
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
--- a/server/node/ssl/server.conf
+++ b/server/node/ssl/server.conf
@@ -0,0 +1,23 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+C = KR
+ST = Kivotos
+L = Millennium Science School
+O = Game Development Department
+OU = Tendou Aris
+CN = localhost
+
+[ req_ext ]
+subjectAltName = @alt_names
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+
+[ alt_names ]
+DNS.1 = localhost
+IP.1 = 127.0.0.1