walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c056d02790
minis-data-old/node_modules/express-force-ssl/index.js
Walamana c056d02790 Redirecting http to https 
Signed-off-by: Walamana <joniogerg@gmail.com>
2017-11-27 18:27:05 +01:00

81 lines
2.3 KiB
JavaScript
Raw Blame History

var parseUrl = require('url').parse;
var assign = require('lodash.assign');
function isSecure (secure, xfpHeader, trustXFPHeader) {
xfpHeader = xfpHeader ? xfpHeader.toString().toLowerCase() : '';
if (secure) {
return true;
}
return trustXFPHeader && xfpHeader === 'https'
}
function shouldRedirect (redirectsEnabled, method) {
if (!redirectsEnabled) {
return false
}
return method === "GET";
}
function checkForDeprecation (appSettings, optionsHttpsPort) {
var httpsPort = appSettings.get('httpsPort');
if (appSettings.get('env') === 'development') {
if (httpsPort) {
console.warn('express-force-ssl deprecated: app.set("httpsPort", ' + httpsPort + '), use ' +
'app.set("forceSSLOptions", { httpsPort: ' + httpsPort + ' }) instead.');
}
if (httpsPort && optionsHttpsPort) {
console.warn('You have set both app.get("httpsPort") and app.get("forceSSLOptions").httpsPort ' +
'Your app will use the value in forceSSLOptions.');
}
}
}
module.exports = function(req, res, next){
var redirect;
var secure;
var xfpHeader = req.get('X-Forwarded-Proto');
var localHttpsPort;
var appHttpsPort = req.app.get('httpsPort');
var httpsPort;
var fullUrl;
var redirectUrl;
var options = {
trustXFPHeader: false,
enable301Redirects: true,
httpsPort: false,
sslRequiredMessage: 'SSL Required.'
};
var expressOptions = req.app.get('forceSSLOptions') || {};
var localOptions = res.locals.forceSSLOptions || {};
localHttpsPort = localOptions.httpsPort;
assign(options, expressOptions, localOptions);
secure = isSecure(req.secure, xfpHeader, options.trustXFPHeader);
redirect = shouldRedirect(options.enable301Redirects, req.method);
if (!secure) {
if (redirect) {
checkForDeprecation(req.app, options.httpsPort);
httpsPort = localHttpsPort || options.httpsPort || appHttpsPort || 443;
fullUrl = parseUrl(req.protocol + '://' + req.header('Host') + req.originalUrl);
//intentionally allow coercion of https port
redirectUrl = 'https://' + fullUrl.hostname + (httpsPort == 443 ? '' : (':' + httpsPort)) + req.originalUrl;
res.redirect(301, redirectUrl);
} else {
res.status(403).send(options.sslRequiredMessage);
}
} else {
delete res.locals.forceSSLOptions;
next();
}
};
Reference in New Issue View Git Blame Copy Permalink