Merge pull request #142 from trailimage/develop

add requireSSL method
trailimage · Jul 11, 2018 · aa81be0 · aa81be0
2 parents 59a670f + 47494f7
commit aa81be0
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.1.0
+
+-  Add option to require an SSL connection
+
 ## 4.0.2
 
 -  Fix unhandled error for missing GPX

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
    "name": "@trail-image/blog",
    "description": "Trail Image blog",
-   "version": "4.0.2",
+   "version": "4.1.0",
    "private": false,
    "author": {
       "name": "Jason Abbott"

diff --git a/src/app.ts b/src/app.ts
@@ -8,7 +8,7 @@ import { postProvider } from '@trailimage/flickr-provider';
 import { mapProvider } from '@trailimage/google-provider';
 import { config as modelConfig, blog } from '@trailimage/models';
 import { config } from './config';
-import { Layout, addTemplateMethods } from './views/';
+import { Layout, addTemplateMethods, requireSSL } from './views/';
 import { route } from './routes';
 
 const root = path.join(__dirname, '..');
@@ -47,6 +47,9 @@ async function createWebService() {
       app.listen(port);
       log.info(`Listening for authentication on port ${port}`);
    } else {
+      if (config.requireSSL) {
+         app.use(requireSSL);
+      }
       app.use(blockSpamReferers);
       // https://github.com/expressjs/compression/blob/master/README.md
       app.use(compress());

diff --git a/src/config/index.ts b/src/config/index.ts
@@ -23,6 +23,8 @@ export const posts = {
 export const config = {
    env,
    domain,
+   /** Whether to redirect `HTTP` requests to `HTTPS`. */
+   requireSSL: env('REQUIRE_SSL', '') == 'true',
 
    /** Whether any provider needs authorization tokens */
    //    get needsAuth(): boolean {

diff --git a/src/views/index.ts b/src/views/index.ts
@@ -1,2 +1,3 @@
 export { Page, Layout, addTemplateMethods } from './template';
 export { view, Renderer } from './view';
+export { requireSSL } from './require-ssl';
diff --git a/src/views/require-ssl.ts b/src/views/require-ssl.ts
@@ -0,0 +1,18 @@
+import { HttpStatus } from '@toba/tools';
+import { Request, Response, NextFunction } from 'express';
+
+/**
+ * Middleware to require an SSL connection.
+ */
+export function requireSSL(req: Request, res: Response, next: NextFunction) {
+   if (req.secure) {
+      next();
+   } else if (req.method == 'GET' || req.method == 'HEAD') {
+      res.redirect(
+         HttpStatus.TempRedirect,
+         'https://' + req.header('Host') + req.originalUrl
+      );
+   } else {
+      res.status(HttpStatus.Forbidden).send('Data must be submitted securely');
+   }
+}