Close #1768; Force SSL

3a2a6b59 · Rodrigo Nascimento · e68dacdf · 3a2a6b59 · 3a2a6b59 · 3a2a6b59
Commit 3a2a6b59 authored 9 years ago by Rodrigo Nascimento
--- a/i18n/en.i18n.json
+++ b/i18n/en.i18n.json
@@ -182,6 +182,7 @@
  "FileUpload_ProtectFiles" : "Protect uploaded files",
  "FileUpload_ProtectFilesDescription" : "Only authenticated users will have access",
  "Follow_social_profiles" : "Follow our social profiles, fork us on github and share your thoughts about the rocket.chat app on our trello board.",
+  "Force_SSL" : "Force SSL",
  "Forgot_password" : "Forgot your password",
  "Fork_it_on_github" : "Fork it on github",
  "From_Email" : "From Email",
@@ -273,12 +274,12 @@
  "Loading..." : "Loading...",
  "Loading_more_from_history" : "Loading more from history",
  "Loading_suggestion" : "Loading suggestions...",
+  "Logged_out_of_other_clients_successfully" : "Logged out of other clients successfully",
  "Login" : "Login",
  "Login_with" : "Login with %s",
  "login_with" : "Or login directly with",
  "Logout" : "Logout",
  "Logout_Others" : "Logout From Other Logged In Locations",
-  "Logged_out_of_other_clients_successfully" : "Logged out of other clients successfully",
  "Make_Admin" : "Make Admin",
  "Mark_as_read" : "Mark as read",
  "Markdown_Headers" : "Markdown Headers",
@@ -458,10 +459,10 @@
  "Send_Message" : "Send Message",
  "Send_your_JSON_payloads_to_this_URL" : "Send your JSON payloads to this URL.",
  "Set_as_moderator" : "Set as moderator",
-  "Settings" : "Settings",
-  "Settings_updated" : "Settings updated",
  "Set_as_moderator" : "Set as moderator",
  "Set_as_owner" : "Set as owner",
+  "Settings" : "Settings",
+  "Settings_updated" : "Settings updated",
  "Should_be_a_URL_of_an_image" : "Should be a URL of an image.",
  "Should_exists_a_user_with_this_username" : "The user must already exist.",
  "Showing_archived_results" : "<p>Showing <b>%s</b> archived results</p>",
@@ -539,9 +540,17 @@
  "Use_uploaded_avatar" : "Use uploaded avatar",
  "Use_url_for_avatar" : "Use url for avatar",
  "User__username__is_now_a_moderator_of__room_name_" : "User __username__ is now a moderator of __room_name__",
+  "User__username__is_now_a_moderator_of__room_name_" : "User __username__ is now a moderator of __room_name__",
+  "User__username__is_now_a_owner_of__room_name_" : "User __username__ is now a owner of __room_name__",
+  "User__username__removed_from__room_name__moderators" : "User __username__ removed from __room_name__ moderators",
  "User__username__removed_from__room_name__moderators" : "User __username__ removed from __room_name__ moderators",
+  "User__username__removed_from__room_name__owners" : "User __username__ removed from __room_name__ owners",
+  "User__username__was_added_as_a_moderator_by__user_by_" : "User <em>__username__</em> was added as a moderator by <em>__user_by__</em>",
  "User__username__was_added_as_a_moderator_by__user_by_" : "User <em>__username__</em> was added as a moderator by <em>__user_by__</em>",
+  "User__username__was_added_as_a_owner_by__user_by_" : "User <em>__username__</em> was added as a owner by <em>__user_by__</em>",
+  "User__username__was_removed_as_a_moderator_by__user_by_" : "User <em>__username__</em> was removed as a moderator by <em>__user_by__</em>",
  "User__username__was_removed_as_a_moderator_by__user_by_" : "User <em>__username__</em> was removed as a moderator by <em>__user_by__</em>",
+  "User__username__was_removed_as_a_owner_by__user_by_" : "User <em>__username__</em> was removed as a owner by <em>__user_by__</em>",
  "User_added_by" : "User <em>__user_added__</em> added by <em>__user_by__</em>.",
  "User_Channels" : "User Channels",
  "User_has_been_activated" : "User has been activated",
@@ -566,18 +575,10 @@
  "User_or_channel_name" : "User or channel name",
  "User_removed_by" : "User <em>__user_removed__</em> removed by <em>__user_by__</em>.",
  "User_removed_from_room" : "The user has been removed from the room",
-  "User__username__removed_from__room_name__moderators" : "User __username__ removed from __room_name__ moderators",
-  "User__username__removed_from__room_name__owners" : "User __username__ removed from __room_name__ owners",
  "User_Settings" : "User Settings",
  "User_unmuted_by" : "User <em>__user_unmuted__</em> unmuted by <em>__user_by__</em>.",
  "User_unmuted_in_room" : "User unmuted in room",
  "User_updated_successfully" : "User updated successfully",
-  "User__username__is_now_a_moderator_of__room_name_" : "User __username__ is now a moderator of __room_name__",
-  "User__username__is_now_a_owner_of__room_name_" : "User __username__ is now a owner of __room_name__",
-  "User__username__was_added_as_a_moderator_by__user_by_" : "User <em>__username__</em> was added as a moderator by <em>__user_by__</em>",
-  "User__username__was_added_as_a_owner_by__user_by_" : "User <em>__username__</em> was added as a owner by <em>__user_by__</em>",
-  "User__username__was_removed_as_a_moderator_by__user_by_" : "User <em>__username__</em> was removed as a moderator by <em>__user_by__</em>",
-  "User__username__was_removed_as_a_owner_by__user_by_" : "User <em>__username__</em> was removed as a owner by <em>__user_by__</em>",
  "Username" : "Username",
  "Username_cant_be_empty" : "The username cannot be empty",
  "Username_Change_Disabled" : "Your Rocket.Chat administrator has disabled the changing of usernames",

--- a/packages/rocketchat-cors/cors.coffee
+++ b/packages/rocketchat-cors/cors.coffee
@@ -47,3 +47,38 @@ WebAppInternals._staticFilesMiddleware = (staticFiles, req, res, next) ->
 	res.setHeader("X-Rocket-Chat-Version", VERSION)
 	res.setHeader("Access-Control-Expose-Headers",  "X-Rocket-Chat-Version")
 	_staticFilesMiddleware(staticFiles, req, res, next)
+
+
+url = Npm.require("url")
+
+httpServer = WebApp.httpServer
+oldHttpServerListeners = httpServer.listeners('request').slice(0)
+httpServer.removeAllListeners('request')
+
+httpServer.addListener 'request', (req, res) ->
+	if RocketChat.settings.get('Force_SSL') isnt true
+		return
+
+	remoteAddress = req.connection.remoteAddress or req.socket.remoteAddress
+
+	localhostRegexp = /^\s*(127\.0\.0\.1|::1)\s*$/
+	localhostTest = (x) ->
+		return localhostRegexp.test(x)
+
+	isLocal = localhostRegexp.test(remoteAddress) and (not req.headers['x-forwarded-for'] or _.all(req.headers['x-forwarded-for'].split(','), localhostTest))
+
+	isSsl = req.connection.pair or (req.headers['x-forwarded-proto'] and req.headers['x-forwarded-proto'].indexOf('https') isnt -1)
+
+	if not isLocal and not isSsl
+		host = url.parse(Meteor.absoluteUrl()).hostname
+
+		host = host.replace(/:\d+$/, '')
+
+		res.writeHead 302,
+			'Location': 'https://' + host + req.url
+		res.end()
+		return
+
+
+for oldListener in oldHttpServerListeners
+	httpServer.addListener 'request', oldListener
--- a/packages/rocketchat-lib/server/startup/settings.coffee
+++ b/packages/rocketchat-lib/server/startup/settings.coffee
@@ -77,6 +77,7 @@ RocketChat.settings.addGroup 'General', ->
 	@add 'Allow_Invalid_SelfSigned_Certs', false, { type: 'boolean' }
 	@add 'Disable_Favorite_Rooms', false, { type: 'boolean' }
 	@add 'CDN_PREFIX', '', { type: 'string' }
+	@add 'Force_SSL', false, { type: 'boolean', public: true }
 	@add 'Debug_Level', 'error', { type: 'select', values: [ { key: 'error', i18nLabel: 'Only_errors' }, { key: 'debug', i18nLabel: 'All_logs' } ] }
 	@add 'Restart', 'restart_server', { type: 'action', actionText: 'Restart_the_server' }