Adding HTTPS enforcement

Enabled by default in docker containers, but not pip/pipx runs. Command line runs of Whoogle Search through pip/pipx/etc will need the `--https-only` flag appended to the run command.
2020-05-15 10:29:44 -06:00 · 2020-05-15 10:29:44 -06:00 · 70e65c0346
commit 70e65c0346
parent e3d002f6c1
4 changed files with 17 additions and 2 deletions
--- a/3
+++ b/3
@ -10,6 +10,9 @@ RUN mkdir $config_dir
 VOLUME $config_dir
 ENV CONFIG_VOLUME=$config_dir

+ARG use_https=1
+ENV HTTPS_ONLY=$use_https
+
 COPY . .

 EXPOSE 5000
--- a/README.md
+++ b/README.md
@ -124,7 +124,9 @@ docker build --tag whoogle-search:1.0 .
 docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0
 ```

-And kill with: `docker rm --force whooglesearch`
+And kill with: `docker rm --force whoogle-search`
+
+*NOTE: Docker containers run by default with https enforcement. If your instance will be run over http, you'll need to add `--build-arg use_https=0` to your run command.*

 #### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)
 ```bash
--- a/app/routes.py
+++ b/app/routes.py
@ -20,6 +20,12 @@ CONFIG_PATH = os.getenv('CONFIG_VOLUME', app.config['STATIC_FOLDER']) + '/config

@app.before_request
 def before_request_func():
+    # Always redirect to https if HTTPS_ONLY is set
+    if os.getenv('HTTPS_ONLY', False) and request.url.startswith('http://'):
+        url = request.url.replace('http://', 'https://', 1)
+        code = 301
+        return redirect(url, code=code)
+
    json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root}
    g.user_config = Config(**json_config)

@ -162,7 +168,11 @@ def run_app():
                        help='Specifies the host address to use (default 127.0.0.1)')
    parser.add_argument('--debug', default=False, action='store_true',
                        help='Activates debug mode for the server (default False)')
+    parser.add_argument('--https-only', default=False, action='store_true',
+                        help='Enforces HTTPS redirects for all requests')
    args = parser.parse_args()
+    os.environ['HTTPS_ONLY'] = '1' if args.https_only else ''
+
    if args.debug:
        app.run(host=args.host, port=args.port, debug=args.debug)
    else:
--- a/2
+++ b/2
@ -21,5 +21,5 @@ mkdir -p $STATIC_FOLDER
 if [[ $SUBDIR == "test" ]]; then
    pytest -sv
 else
-    python3 -um app --host 0.0.0.0 --port $PORT
+    python3 -um app --host 0.0.0.0 --port $PORT --debug
 fi