From 70e65c03463174505eeb61dc5d727637781f490a Mon Sep 17 00:00:00 2001
From: Ben Busby <33362396+benbusby@users.noreply.github.com>
Date: Fri, 15 May 2020 10:29:44 -0600
Subject: [PATCH] Adding HTTPS enforcement

Enabled by default in docker containers, but not pip/pipx runs. Command
line runs of Whoogle Search through pip/pipx/etc will need the
`--https-only` flag appended to the run command.
---
 Dockerfile     |  3 +++
 README.md      |  4 +++-
 app/routes.py  | 10 ++++++++++
 whoogle-search |  2 +-
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f3438aa..a73073f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,9 @@ RUN mkdir $config_dir
 VOLUME $config_dir
 ENV CONFIG_VOLUME=$config_dir
 
+ARG use_https=1
+ENV HTTPS_ONLY=$use_https
+
 COPY . .
 
 EXPOSE 5000
diff --git a/README.md b/README.md
index d22d1d7..cb3a3e7 100644
--- a/README.md
+++ b/README.md
@@ -124,7 +124,9 @@ docker build --tag whoogle-search:1.0 .
 docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0
 ```
 
-And kill with: `docker rm --force whooglesearch`
+And kill with: `docker rm --force whoogle-search`
+
+*NOTE: Docker containers run by default with https enforcement. If your instance will be run over http, you'll need to add `--build-arg use_https=0` to your run command.*
 
 #### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)
 ```bash
diff --git a/app/routes.py b/app/routes.py
index 4fa3c93..94a10c3 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -20,6 +20,12 @@ CONFIG_PATH = os.getenv('CONFIG_VOLUME', app.config['STATIC_FOLDER']) + '/config
 
 @app.before_request
 def before_request_func():
+    # Always redirect to https if HTTPS_ONLY is set
+    if os.getenv('HTTPS_ONLY', False) and request.url.startswith('http://'):
+        url = request.url.replace('http://', 'https://', 1)
+        code = 301
+        return redirect(url, code=code)
+
     json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root}
     g.user_config = Config(**json_config)
 
@@ -162,7 +168,11 @@ def run_app():
                         help='Specifies the host address to use (default 127.0.0.1)')
     parser.add_argument('--debug', default=False, action='store_true',
                         help='Activates debug mode for the server (default False)')
+    parser.add_argument('--https-only', default=False, action='store_true',
+                        help='Enforces HTTPS redirects for all requests')
     args = parser.parse_args()
+    os.environ['HTTPS_ONLY'] = '1' if args.https_only else ''
+
     if args.debug:
         app.run(host=args.host, port=args.port, debug=args.debug)
     else:
diff --git a/whoogle-search b/whoogle-search
index b4f229c..298bf45 100755
--- a/whoogle-search
+++ b/whoogle-search
@@ -21,5 +21,5 @@ mkdir -p $STATIC_FOLDER
 if [[ $SUBDIR == "test" ]]; then
     pytest -sv
 else
-    python3 -um app --host 0.0.0.0 --port $PORT
+    python3 -um app --host 0.0.0.0 --port $PORT --debug
 fi