feat: force http to https redirect even when tls is disabled

2026-04-05 12:32:58 +01:00 · 2022-09-10 09:18:32 +02:00
parent 88509c826d
commit 9281deb549
3 changed files with 20 additions and 1 deletions
@@ -54,6 +54,7 @@ const (
 	keysLegacyControlKeyKey     = "IONSCALE_LEGACY_CONTROL_KEY"
 	databaseUrlKey              = "IONSCALE_DB_URL"
 	tlsDisableKey               = "IONSCALE_TLS_DISABLE"
+	tlsForceHttpsKey            = "IONSCALE_TLS_FORCE_HTTPS"
 	tlsCertFileKey              = "IONSCALE_TLS_CERT_FILE"
 	tlsKeyFileKey               = "IONSCALE_TLS_KEY_FILE"
 	tlsAcmeKey                  = "IONSCALE_TLS_ACME"
@@ -86,6 +87,7 @@ func defaultConfig() *Config {
 		},
 		Tls: Tls{
 			Disable:     GetBool(tlsDisableKey, false),
+			ForceHttps:  GetBool(tlsForceHttpsKey, true),
 			CertFile:    GetString(tlsCertFileKey, ""),
 			KeyFile:     GetString(tlsKeyFileKey, ""),
 			AcmeEnabled: GetBool(tlsAcmeKey, false),
@@ -127,6 +129,7 @@ type Config struct {

 type Tls struct {
 	Disable     bool   `yaml:"disable"`
+	ForceHttps  bool   `yaml:"force_https"`
 	CertFile    string `yaml:"cert_file,omitempty"`
 	KeyFile     string `yaml:"key_file,omitempty"`
 	AcmeEnabled bool   `yaml:"acme,omitempty"`
@@ -4,10 +4,26 @@ import (
 	"github.com/caddyserver/certmagic"
 	"github.com/jsiebens/ionscale/internal/config"
 	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
 	"net"
 	"net/http"
 )

+func httpsRedirectSkipper(c config.Tls) func(ctx echo.Context) bool {
+	return func(ctx echo.Context) bool {
+		if ctx.Request().Method == "POST" && ctx.Request().RequestURI == "/ts2021" {
+			return true
+		}
+		return !c.ForceHttps
+	}
+}
+
+func HttpsRedirect(c config.Tls) echo.MiddlewareFunc {
+	return middleware.HTTPSRedirectWithConfig(middleware.RedirectConfig{
+		Skipper: httpsRedirectSkipper(c),
+	})
+}
+
 func HttpRedirectHandler(tls config.Tls) echo.HandlerFunc {
 	if tls.Disable {
 		return IndexHandler(http.StatusNotFound)
@@ -120,7 +120,7 @@ func Start(c *config.Config) error {
 	nonTlsAppHandler.Any("/*", handlers.HttpRedirectHandler(c.Tls))

 	tlsAppHandler := echo.New()
-	tlsAppHandler.Pre(middleware.HTTPSRedirect())
+	tlsAppHandler.Pre(handlers.HttpsRedirect(c.Tls))
 	tlsAppHandler.Renderer = templates.NewTemplates()
 	tlsAppHandler.Use(EchoRecover(logger))
 	tlsAppHandler.Use(EchoLogger(logger))