-
-
Save irfaan/87bbf12bfe66db840adc1cd6e849166f to your computer and use it in GitHub Desktop.
Force SSL for Express app on Heroku
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| // Hooking up the middleware with the express app | |
| // In app.js | |
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| var forceSSL = require('../middleware/ssl').force(config.hostname); | |
| if ('production' == app.get('env')) { | |
| app.use(forceSSL); | |
| } | |
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| // Middleware | |
| // In middleware/ssl.js | |
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| var redirectUrl = exports.redirectUrl = function(protocol, hostname, url) { | |
| return protocol === 'https' ? null : ('https://' + hostname + url); | |
| }; | |
| exports.force = function(hostname) { | |
| return function(req, res, next) { | |
| var redirectTo = redirectUrl(req.header('X-Forwarded-Proto'), hostname, req.url); | |
| if (redirectTo) { | |
| res.redirect(301, redirectTo); | |
| } else { | |
| next(); | |
| } | |
| }; | |
| }; | |
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| // Mocha test | |
| // In test/middleware/ssl_test.js | |
| // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | |
| var _ = require('lodash'), | |
| assert = require('assert'), | |
| sinon = require('sinon'), | |
| ssl = require('../../lib/middleware/ssl'); | |
| describe('middleware/ssl', function() { | |
| describe('redirectUrl', function() { | |
| it('returns an https url if protocol is http', function() { | |
| assert.equal('https://api.naturkartan.se/some/url', ssl.redirectUrl('http', 'api.naturkartan.se', '/some/url')); | |
| }); | |
| it('returns null if protocol is https', function() { | |
| assert.equal(null, ssl.redirectUrl('https', 'api.naturkartan.se', '/some/url')); | |
| }); | |
| }); | |
| describe('force', function() { | |
| it('calls next if request is secure', function() { | |
| var req = {header: sinon.stub().withArgs('X-Forwarded-Proto').returns('https')}, | |
| res = {}, | |
| next = sinon.mock().once(); | |
| ssl.force('api.naturkartan.se')(req, res, next); | |
| next.verify(); | |
| }); | |
| it('redirects to https if request is not secure', function() { | |
| var req = {url: '/foobar', header: sinon.stub().withArgs('X-Forwarded-Proto').returns('http')}, | |
| res = {redirect: sinon.mock().withArgs(301, 'https://api.naturkartan.se/foobar').once()}, | |
| next = {}; | |
| ssl.force('api.naturkartan.se')(req, res, next); | |
| res.redirect.verify(); | |
| }); | |
| }); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment