krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow skipping SSL check with secret key (#10962)

Browse Source
This commit is contained in:
Matteo Pagliazzi
2019-01-23 17:10:11 +01:00
committed by GitHub
parent 7cb045781b
commit 04a7fd25a6
3 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.json.example
View File

@@ -77,5 +77,6 @@
"STRIPE_PUB_KEY": "22223333444455556666777788889999",
"TEST_DB_URI": "mongodb://localhost/habitrpg_test",
"TRANSIFEX_SLACK_CHANNEL": "transifex",
"WEB_CONCURRENCY": 1
"WEB_CONCURRENCY": 1,
"SKIP_SSL_CHECK_KEY": "key"
}

33
test/api/unit/middlewares/redirects.js
View File

@@ -73,6 +73,39 @@ describe('redirects middleware', () => {
expect(res.redirect).to.have.not.been.called;
});
it('does not redirect if passed skip ssl request param is passed with corrrect key', () => {
let nconfStub = sandbox.stub(nconf, 'get');
nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
nconfStub.withArgs('IS_PROD').returns(true);
nconfStub.withArgs('SKIP_SSL_CHECK_KEY').returns('test-key');
req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
req.originalUrl = '/static/front';
req.query.skipSSLCheck = 'test-key';
const attachRedirects = requireAgain(pathToRedirectsMiddleware);
attachRedirects.forceSSL(req, res, next);
expect(res.redirect).to.have.not.been.called;
});
it('does redirect if skip ssl request param is passed with incorrrect key', () => {
let nconfStub = sandbox.stub(nconf, 'get');
nconfStub.withArgs('BASE_URL').returns('https://habitica.com');
nconfStub.withArgs('IS_PROD').returns(true);
nconfStub.withArgs('SKIP_SSL_CHECK_KEY').returns('test-key');
req.header = sandbox.stub().withArgs('x-forwarded-proto').returns('http');
req.originalUrl = '/static/front?skipSSLCheck=INVALID';
req.query.skipSSLCheck = 'INVALID';
const attachRedirects = requireAgain(pathToRedirectsMiddleware);
attachRedirects.forceSSL(req, res, next);
expect(res.redirect).to.be.calledOnce;
expect(res.redirect).to.be.calledWith('https://habitica.com/static/front?skipSSLCheck=INVALID');
});
});
context('forceHabitica', () => {

6
website/server/middlewares/redirects.js
View File

@@ -4,6 +4,9 @@ import url from 'url';
const IS_PROD = nconf.get('IS_PROD');
const IGNORE_REDIRECT = nconf.get('IGNORE_REDIRECT') === 'true';
const BASE_URL = nconf.get('BASE_URL');
// A secret key that if passed as req.query.skipSSLCheck allows to skip
// the redirects to SSL, used for health checks from the load balancer
const SKIP_SSL_CHECK_KEY = nconf.get('SKIP_SSL_CHECK_KEY');
const BASE_URL_HOST = url.parse(BASE_URL).hostname;
@@ -17,7 +20,8 @@ function isHTTP (req) {
}
export function forceSSL (req, res, next) {
if (isHTTP(req)) {
const skipSSLCheck = req.query.skipSSLCheck;
if (isHTTP(req) && (!skipSSLCheck || skipSSLCheck !== SKIP_SSL_CHECK_KEY)) {
return res.redirect(BASE_URL + req.originalUrl);
}