Add HTTPS support for RisuAI Node.js hosting version

The Node.js hosting version of RisuAI previously used simple app.listen for server execution, which didn't support native HTTPS. This caused several functionality issues due to browser security restrictions when accessing RisuAI externally, such as realm loading failures and inability to insert prompt presets. The updated code now checks for certificate files named server.key and server.crt in the /server/node/ssl/certificate directory. If found, the server will start using HTTPS. The /ssl directory includes a script to generate a self-signed SSL certificate using OpenSSL. To use it, add the server's public IP to the [ alt_names ] section in server.conf before generating the certificate. The CA certificate should be installed on the operating system or browser of devices remotely accessing RisuAI. For production use with a domain, it's recommended to use a certificate from an official Certificate Authority.
2025-03-20 15:40:11 +09:00
parent c30da266b8
commit f4d3f40ce5
6 changed files with 113 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -43,3 +43,4 @@ __pycache__/
 dist.zip
 /scripts/
 .env
+/server/node/ssl/certificate
--- a/server/node/server.cjs
+++ b/server/node/server.cjs
@@ -9,6 +9,8 @@ app.use(express.static(path.join(process.cwd(), 'dist'), {index: false}));
 app.use(express.json({ limit: '50mb' }));
 app.use(express.raw({ type: 'application/octet-stream', limit: '50mb' }));
 const {pipeline} = require('stream/promises')
+const https = require('https');
+const sslPath = path.join(process.cwd(), 'server/node/ssl/certificate');

 let password = ''

@@ -294,6 +296,57 @@ app.post('/api/write', async (req, res, next) => {
    }
 });

-app.listen(6001, () => {
-    console.log("Server is listening on http://localhost:6001/");
+async function getHttpsOptions() {
+
+    const keyPath = path.join(sslPath, 'server.key');
+    const certPath = path.join(sslPath, 'server.crt');
+
+    console.log(keyPath)
+    console.log(certPath)
+
+    try {
+ 
+        await fs.access(keyPath);
+        await fs.access(certPath);
+
+        const [key, cert] = await Promise.all([
+            fs.readFile(keyPath),
+            fs.readFile(certPath)
+        ]);
+       
+        return { key, cert };
+
+    } catch (error) {
+        console.error('SSL setup errors:', error.message);
+        console.log('Start the server with HTTP instead of HTTPS...');
+        return null;
+    }
+}
+
+async function startServer() {
+    const port = process.env.PORT || 6001;
+    const httpsOptions = await getHttpsOptions();
+
+    if (httpsOptions) {
+        // HTTPS
+        https.createServer(httpsOptions, app).listen(port, () => {
+            console.log("HTTPS server is running.");
+            console.log("https://localhost:6001/");
        });
+
+    } else {
+        // HTTP
+        app.listen(port, () => {
+            console.log("HTTP server is running.");
+            console.log("http://localhost:6001/");
+        });
+    }
+}
+
+(async () => {
+    try {
+        await startServer();
+    } catch (error) {
+        console.error('Fail to start server :', error);
+    }
+})();
--- a/server/node/ssl/Generate
+++ b/server/node/ssl/Generate
@@ -0,0 +1,5 @@
+@echo off
+mkdir certificate 2>nul
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certificate\ca.key -out certificate\ca.crt -config ca.conf
+openssl req -new -nodes -newkey rsa:2048 -keyout certificate\server.key -out certificate\server.csr -config server.conf
+openssl x509 -req -in certificate\server.csr -CA certificate\ca.crt -CAkey certificate\ca.key -CAcreateserial -out certificate\server.crt -days 3650 -extensions req_ext -extfile server.conf
--- a/server/node/ssl/Generate
+++ b/server/node/ssl/Generate
@@ -0,0 +1,8 @@
+#!/bin/bash
+mkdir -p certificate
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certificate/ca.key -out certificate/ca.crt -config ca.conf
+openssl req -new -nodes -newkey rsa:2048 -keyout certificate/server.key -out certificate/server.csr -config server.conf
+openssl x509 -req -in certificate/server.csr -CA certificate/ca.crt -CAkey certificate/ca.key -CAcreateserial -out certificate/server.crt -days 3650 -extensions req_ext -extfile server.conf
+
+chmod 600 certificate/ca.key certificate/server.key
+chmod 644 certificate/ca.crt certificate/server.crt certificate/server.csr
--- a/server/node/ssl/ca.conf
+++ b/server/node/ssl/ca.conf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+x509_extensions = ca_ext
+
+[ dn ]
+C = KR
+ST = Kivotos
+L = Millennium Science School
+O = Game Development Department
+OU = Certificate Authority
+CN = Aris CA
+
+[ ca_ext ]
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
--- a/server/node/ssl/server.conf
+++ b/server/node/ssl/server.conf
@@ -0,0 +1,23 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+C = KR
+ST = Kivotos
+L = Millennium Science School
+O = Game Development Department
+OU = Tendou Aris
+CN = localhost
+
+[ req_ext ]
+subjectAltName = @alt_names
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+
+[ alt_names ]
+DNS.1 = localhost
+IP.1 = 127.0.0.1