🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

force-secure-express

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

force-secure-express - npm Package Compare versions

Comparing version

1.0.0
to
1.0.1

.npmignore
.travis.yml
README.md

34

package.json
{
"name": "force-secure-express",
"version": "1.0.0",
"description": "",
"version": "1.0.1",
"description": "Express middleware to redirect insecure http requests to https.",
"main": "index.js",
"scripts": {
"test": "jest ./src"
"test": "jest ./src && codecov"
},
"keywords": [],
"author": "",
"jest": {
"coverageDirectory": "./coverage/",
"collectCoverage": true,
"coverageThreshold": {
"global": {
"branches": 95,
"functions": 95,
"lines": 95,
"statements": 95
}
}
},
"keywords": [
"redirect",
"express",
"ssl",
"middleware",
"https",
"http"
],
"author": "Ryan P. Hansen",
"repository": {
"type": "git",
"url": "https://github.com/rphansen91/force-secure-express"
},
"license": "ISC",
"devDependencies": {
"codecov": "^3.1.0",
"jest": "^23.6.0"
}
}

6

src/get.js

@@ -0,3 +1,7 @@

const isString = require("./isString");
module.exports = function (obj, str) {
return (str || "")
if (!isString(str)) return obj
return str
.split(".")

@@ -4,0 +8,0 @@ .reduce((p, c) => {

10

src/get.test.js
const get = require("./get");
describe("Get nested value", () => {
test("Empty", () => {
const obj = { a: { b: 1 } }
expect(get(obj)).toBe(obj)
})
test("Return object if path is not a string", () => {
const obj = { a: { b: 1 } }
expect(get(obj, 2)).toBe(obj)
})
test("a", () => {

@@ -5,0 +15,0 @@ expect(get({ a: { b: 1 } }, "a")).toEqual({ b: 1 })

4

src/index.js

@@ -12,3 +12,3 @@ const createWhitelist = require("./whitelist");

function isMatch (req) {
const { host } = req.headers || {};
const host = getHost(req);
if (!hosts) return true; // Force every url to be https

@@ -20,3 +20,3 @@ return whitelist[host];

if (!isSecure(req) && isMatch(req)) {
res.redirect(`https://${req.headers.host}${req.url}`);
res.redirect(`https://${getHost(req)}${req.url}`);
return;

@@ -23,0 +23,0 @@ }

18

src/index.test.js

@@ -25,3 +25,3 @@ const forceSecure = require("./")

test("Should redirect to http", () => {
test("Should redirect to https", () => {
req.url = "/a"

@@ -34,2 +34,18 @@ headers["host"] = "example.com"

test("Should not redirect to https if not whitelisted", () => {
req.url = "/a"
headers["host"] = "localhost:8000"
headers["x-forwarded-proto"] = "http";
forceSecure("example.com")(req, res, next);
expect(next).toBeCalled();
})
test("Should redirect whitelisted to https", () => {
req.url = "/a"
headers["host"] = "example.com"
headers["x-forwarded-proto"] = "http";
forceSecure("example.com")(req, res, next);
expect(redirect).toBeCalledWith("https://example.com/a");
})
})