ssl enforce

src/app.js

@@ -1,6 +1,7 @@
 const cors = require("cors");
 const express = require("express");
 const swaggerUi = require("swagger-ui-express");
+const { config } = require("./config");
 const { pingMongo } = require("./db/client");
 const { router: apiRouter } = require("./routes/api");
 const { openApiDocument } = require("./swagger/openapi");
@@ -8,11 +9,30 @@ const { openApiDocument } = require("./swagger/openapi");
 function createApp() {
 	const app = express();
 
+	app.set("trust proxy", true);
 	app.use(cors());
 	app.use(express.json({ limit: "2mb" }));
+	app.use((request, response, next) => {
+		const forwardedProto = request.get("x-forwarded-proto");
+		const isSecure = request.secure || forwardedProto === "https";
+		const isLocalhost = ["localhost", "127.0.0.1", "::1"].includes(
+			request.hostname,
+		);
+
+		if (config.public.forceHttps && !isSecure && !isLocalhost) {
+			const baseUrl =
+				request.hostname === "ui.dune.api.coppnic.cc"
+					? config.public.uiUrl
+					: config.public.apiUrl;
+			response.redirect(308, new URL(request.originalUrl, baseUrl).toString());
+			return;
+		}
+
+		next();
+	});
 
 	app.get("/", (request, response) => {
-		response.redirect("/docs");
+		response.redirect(308, `${config.public.uiUrl}/docs`);
 	});
 
 	app.get("/health", async (request, response) => {