enforce ssl

jimmylee · jimmylee · commit ed1cf056b211 · 2019-05-25T01:52:56.000-07:00
diff --git a/common/enforce-ssl.js b/common/enforce-ssl.js
@@ -0,0 +1,40 @@
+module.exports = function(options) {
+  options = options ? options : {};
+  const maxAge = options.maxAge ? options.maxAge : 86400;
+  const includeSubDomains =
+    options.includeSubDomains === undefined ? true : options.includeSubdomains;
+
+  return function(req, res, next) {
+    let ignoreRequest = process.env.NODE_ENV !== 'production';
+    const secure =
+      req.connection.encrypted || req.get('X-Forwarded-Proto') === 'https';
+
+    if (options.ignoreFilter) {
+      ignoreRequest = ignoreRequest || options.ignoreFilter(req);
+    }
+
+    if (ignoreRequest) {
+      next();
+      return;
+    }
+
+    if (secure) {
+      let header = 'max-age=' + maxAge;
+      if (includeSubDomains) {
+        header += '; includeSubDomains';
+      }
+
+      if (options.preload) {
+        header += '; preload';
+      }
+
+      res.setHeader('Strict-Transport-Security', header);
+      next();
+    } else {
+      res.writeHead(301, {
+        Location: 'https://' + req.get('host') + req.url,
+      });
+      res.end();
+    }
+  };
+};
diff --git a/server.js b/server.js
@@ -10,6 +10,7 @@ import cookieParser from 'cookie-parser';
 import passport from 'passport';
 import setupAuth from './api/auth';
 import setupApi from './api';
+import enforceSSL from './common/enforce-ssl';
 
 import queries from './api/controllers/queries';
 import { User, Comment, Post } from './api/models';
@@ -26,6 +27,7 @@ app.prepare().then(() => {
     server.use(compression());
   }
 
+  server.use(enforceSSL());
   server.use('/static', express.static(__dirname + '/static'));
   server.use(cookieParser());
   server.use(morgan('dev'));
