From 39a482807ad309309c4074fc40afa21ebc22988e Mon Sep 17 00:00:00 2001
From: Christoph Wiechert <wio@psitrax.de>
Date: Fri, 14 Dec 2018 17:49:27 +0100
Subject: [PATCH] Add: forceHttps (Closes #24)

---
 config.js        | 4 ++++
 lib/endpoints.js | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/config.js b/config.js
index 873dc951..c3056970 100644
--- a/config.js
+++ b/config.js
@@ -14,6 +14,10 @@ const config =  {
   "sslPort": 8443,
   "sslKeyFile": false,
   "sslCertFile": false,
+  // Force redirect to https
+  // can be true or a specific url like https://example.com:8443
+  // keep empty to disable
+  "forceHttps": '',
   // retention options in seconds:label
   "retentions": {
     "one-time": "one time download",
diff --git a/lib/endpoints.js b/lib/endpoints.js
index 54f0cfea..0494306d 100644
--- a/lib/endpoints.js
+++ b/lib/endpoints.js
@@ -32,6 +32,15 @@ if (config.accessLog) {
   app.use(morgan(config.accessLog));
 }
 
+if(config.forceHttps) {
+  app.enable('trust proxy');
+  app.use(function(req, res, next) {
+    if (req.secure) return next();
+    const target = config.forceHttps === 'true' ? 'https://' + req.headers.host : config.forceHttps;
+    res.redirect(target + req.url);
+  });
+}
+
 // Static files
 app.use('/app', express.static(path.join(__dirname, '../public/app')));
 app.use('/assets', express.static(path.join(__dirname, '../public/assets')));