mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-15 21:57:22 +01:00
79087b27d3
The parsing in the redirects module was simply determining the base host via trimming off everything up to //, so a BASE_URL like "http://localhost:3000" will result in the host name "localhost:3000", which isn't a valid host name. So the problem here is that BASE_URL_HOST is used for determining whether the client should be redirected and it's comparing the hostname of the request object with BASE_URL_HOST. For example if we have the aforementioned BASE_URL, we get to the following comparison: req.hostname !== BASE_URL_HOST Which expands to: "localhost" !== "localhost:3000" So in order to get rid of the port number, we now use url.parse() to get the right host name. Signed-off-by: aszlig <aszlig@nix.build>
40 lines
959 B
JavaScript
40 lines
959 B
JavaScript
import nconf from 'nconf';
|
|
import url from 'url';
|
|
|
|
const IS_PROD = nconf.get('IS_PROD');
|
|
const IGNORE_REDIRECT = nconf.get('IGNORE_REDIRECT') === 'true';
|
|
const BASE_URL = nconf.get('BASE_URL');
|
|
|
|
const BASE_URL_HOST = url.parse(BASE_URL).hostname;
|
|
|
|
function isHTTP (req) {
|
|
return ( // eslint-disable-line no-extra-parens
|
|
req.header('x-forwarded-proto') &&
|
|
req.header('x-forwarded-proto') !== 'https' &&
|
|
IS_PROD &&
|
|
BASE_URL.indexOf('https') === 0
|
|
);
|
|
}
|
|
|
|
export function forceSSL (req, res, next) {
|
|
if (isHTTP(req)) {
|
|
return res.redirect(BASE_URL + req.originalUrl);
|
|
}
|
|
|
|
next();
|
|
}
|
|
|
|
// Redirect to habitica for non-api urls
|
|
|
|
function nonApiUrl (req) {
|
|
return req.originalUrl.search(/\/api\//) === -1;
|
|
}
|
|
|
|
export function forceHabitica (req, res, next) {
|
|
if (IS_PROD && !IGNORE_REDIRECT && req.hostname !== BASE_URL_HOST && nonApiUrl(req) && req.method === 'GET') {
|
|
return res.redirect(301, BASE_URL + req.url);
|
|
}
|
|
|
|
next();
|
|
}
|