Merge pull request #409 from grant-project/admin-enforce-ssl

Enforce SSL on Admin

admin/.env.example

@@ -0,0 +1,8 @@
+# admin listen port
+PORT=3500
+
+# backend url
+BACKEND_URL=http://localhost:5000
+
+# Disable SSL in production
+# DISABLE_SSL=true

admin/.envexample

@@ -1,4 +0,0 @@
-# admin listen port
-PORT=3500
-# backend url
-BACKEND_URL=http://localhost:5000

admin/package.json

@@ -68,6 +68,7 @@
     "dotenv": "^6.0.0",
     "ethereum-blockies-base64": "1.0.2",
     "ethereumjs-util": "5.2.0",
+    "express-sslify": "1.2.0",
     "file-loader": "^2.0.0",
     "font-awesome": "^4.7.0",
     "fork-ts-checker-webpack-plugin": "^0.4.2",

admin/server.js

@@ -1,10 +1,17 @@
 const express = require('express');
 const path = require('path');
+const enforce = require('express-sslify');
 
 require('dotenv').config();
+const isDev = process.env.NODE_ENV === 'development';
 const PORT = process.env.PORT || 3500;
 const app = express();
 
+if (!isDev && !process.env.DISABLE_SSL) {
+  console.log('PRODUCTION mode, enforcing HTTPS redirect');
+  app.use(enforce.HTTPS({ trustProtoHeader: true }));
+}
+
 app.use(express.static(__dirname + '/build'));
 
 app.get('*', function(request, response) {

admin/yarn.lock

@@ -3225,6 +3225,11 @@ expand-tilde@^2.0.0, expand-tilde@^2.0.2:
   dependencies:
     homedir-polyfill "^1.0.1"
 
+express-sslify@1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/express-sslify/-/express-sslify-1.2.0.tgz#30e84bceed1557eb187672bbe1430a0a2a100d9c"
+  integrity sha1-MOhLzu0VV+sYdnK74UMKCioQDZw=
+
 express@^4.16.2:
   version "4.16.4"
   resolved "https://registry.yarnpkg.com/express/-/express-4.16.4.tgz#fddef61926109e24c515ea97fd2f1bdbf62df12e"

frontend/server/index.tsx

@@ -29,7 +29,7 @@ const app = express();
 
 // ssl
 if (!isDev && !process.env.DISABLE_SSL) {
-  log.warn('PRODUCTION mode, enforcing HTTPS redirect');
+  log.info('PRODUCTION mode, enforcing HTTPS redirect');
   app.use(enforce.HTTPS({ trustProtoHeader: true }));
 }