From 21b83ead882eb8a0f87007c769ab86b04b0cd4bb Mon Sep 17 00:00:00 2001
From: Scott Tolksdorf <scott.tolksdorf@gmail.com>
Date: Fri, 30 Nov 2018 16:29:05 -0500
Subject: [PATCH] Added middleware to force all routes to be https

---
 server.js             | 3 ++-
 server/forcessl.mw.js | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 server/forcessl.mw.js

diff --git a/server.js b/server.js
index 232019b0d..cf5825881 100644
--- a/server.js
+++ b/server.js
@@ -6,6 +6,7 @@ const app = express();
 app.use(express.static(`${__dirname}/build`));
 app.use(require('body-parser').json({ limit: '25mb' }));
 app.use(require('cookie-parser')());
+app.use(require('./server/forcessl.mw.js'));
 
 const config = require('nconf')
 	.argv()
@@ -23,7 +24,7 @@ mongoose.connection.on('error', ()=>{
 });
 
 
-//Account MIddleware
+//Account Middleware
 app.use((req, res, next)=>{
 	if(req.cookies && req.cookies.nc_session){
 		try {
diff --git a/server/forcessl.mw.js b/server/forcessl.mw.js
new file mode 100644
index 000000000..1a34e41bc
--- /dev/null
+++ b/server/forcessl.mw.js
@@ -0,0 +1,7 @@
+module.exports = (req, res, next) => {
+	if(process.env.NODE_ENV === 'local') return next();
+	if(req.header('x-forwarded-proto') !== 'https') {
+		return res.redirect(302, `https://${req.get('Host')}${req.url}`);
+	}
+	return next();
+};
\ No newline at end of file