From 3be5c2cb9643baf2e6662ee732fbd5c4ae20e695 Mon Sep 17 00:00:00 2001
From: Kevin Gisi <kevin@kevingisi.com>
Date: Tue, 28 Jul 2015 19:12:52 -0400
Subject: [PATCH] Allow x-habitica-lb: yes suffice to bypass SSL redirect

---
 website/src/middleware.js | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/website/src/middleware.js b/website/src/middleware.js
index de99b461b1..385ebf559f 100644
--- a/website/src/middleware.js
+++ b/website/src/middleware.js
@@ -87,16 +87,29 @@ module.exports.errorHandler = function(err, req, res, next) {
   res.json(500,{err:message}); //res.end(err.message);
 }
 
+function isHTTP(req) {
+  var baseUrl = nconf.get("BASE_URL");
+
+  return (
+    req.headers['x-forwarded-proto']              &&
+    req.headers['x-forwarded-proto'] !== 'https'  &&
+    nconf.get('NODE_ENV') === 'production'        &&
+    baseUrl.indexOf('https') === 0
+  );
+}
+
+function isProxied(req) {
+  return (
+    req.headers['x-habitica-lb'] &&
+    req.headers['x-habitica-lb'] === 'Yes'
+  );
+}
 
 module.exports.forceSSL = function(req, res, next){
-  var baseUrl = nconf.get("BASE_URL");
-  // Note x-forwarded-proto is used by Heroku & nginx, you'll have to do something different if you're not using those
-  if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] !== 'https'
-    && nconf.get('NODE_ENV') === 'production'
-    && baseUrl.indexOf('https') === 0) {
+  if(isHTTP(req) && !isProxied(req)) {
     return res.redirect(baseUrl + req.url);
   }
-  next()
+  next();
 }
 
 module.exports.cors = function(req, res, next) {