From 3be5c2cb9643baf2e6662ee732fbd5c4ae20e695 Mon Sep 17 00:00:00 2001 From: Kevin Gisi Date: Tue, 28 Jul 2015 19:12:52 -0400 Subject: [PATCH 1/4] Allow x-habitica-lb: yes suffice to bypass SSL redirect --- website/src/middleware.js | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/website/src/middleware.js b/website/src/middleware.js index de99b461b1..385ebf559f 100644 --- a/website/src/middleware.js +++ b/website/src/middleware.js @@ -87,16 +87,29 @@ module.exports.errorHandler = function(err, req, res, next) { res.json(500,{err:message}); //res.end(err.message); } +function isHTTP(req) { + var baseUrl = nconf.get("BASE_URL"); + + return ( + req.headers['x-forwarded-proto'] && + req.headers['x-forwarded-proto'] !== 'https' && + nconf.get('NODE_ENV') === 'production' && + baseUrl.indexOf('https') === 0 + ); +} + +function isProxied(req) { + return ( + req.headers['x-habitica-lb'] && + req.headers['x-habitica-lb'] === 'Yes' + ); +} module.exports.forceSSL = function(req, res, next){ - var baseUrl = nconf.get("BASE_URL"); - // Note x-forwarded-proto is used by Heroku & nginx, you'll have to do something different if you're not using those - if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] !== 'https' - && nconf.get('NODE_ENV') === 'production' - && baseUrl.indexOf('https') === 0) { + if(isHTTP(req) && !isProxied(req)) { return res.redirect(baseUrl + req.url); } - next() + next(); } module.exports.cors = function(req, res, next) { From 27b2d932cebded279413ab4433053c7ea1cd4edb Mon Sep 17 00:00:00 2001 From: Kevin Gisi Date: Tue, 28 Jul 2015 19:40:26 -0400 Subject: [PATCH 2/4] Missed a baseUrl instance. --- website/src/middleware.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/src/middleware.js b/website/src/middleware.js index 385ebf559f..8de23aab6c 100644 --- a/website/src/middleware.js +++ b/website/src/middleware.js @@ -106,9 +106,12 @@ function isProxied(req) { } module.exports.forceSSL = function(req, res, next){ + var baseUrl = nconf.get("BASE_URL"); + if(isHTTP(req) && !isProxied(req)) { return res.redirect(baseUrl + req.url); } + next(); } From 442c1f358bb8a5d122272bf821c29b2a4b548a1b Mon Sep 17 00:00:00 2001 From: Blade Barringer Date: Tue, 28 Jul 2015 21:05:33 -0500 Subject: [PATCH 3/4] Use Groups.party() --- website/public/js/services/questServices.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/public/js/services/questServices.js b/website/public/js/services/questServices.js index 9483837d7b..3c3c951b16 100644 --- a/website/public/js/services/questServices.js +++ b/website/public/js/services/questServices.js @@ -16,7 +16,7 @@ function questsFactory($rootScope,Content,Groups,User,Analytics) { var user = User.user; - var party = $rootScope.party; + var party = Groups.party(); function lockQuest(quest,ignoreLevel) { if (!ignoreLevel){ @@ -87,7 +87,7 @@ function questInit(){ Analytics.track({'hitType':'event','eventCategory':'behavior','eventAction':'quest','owner':true,'response':'accept','questName':$rootScope.selectedQuest.key}); - Analytics.updateUser({'partyID':party.id,'partySize':party.memberCount}); + Analytics.updateUser({'partyID':party._id,'partySize':party.memberCount}); party.$questAccept({key:$rootScope.selectedQuest.key}, function(){ party.$get(); $rootScope.$state.go('options.social.party'); From 661e79d668a898ebdcae1d6330b4797a754a5207 Mon Sep 17 00:00:00 2001 From: Blade Barringer Date: Tue, 28 Jul 2015 21:27:15 -0500 Subject: [PATCH 4/4] Use party variable --- website/public/js/services/questServices.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/public/js/services/questServices.js b/website/public/js/services/questServices.js index 3c3c951b16..18fcc393c6 100644 --- a/website/public/js/services/questServices.js +++ b/website/public/js/services/questServices.js @@ -31,7 +31,7 @@ if (item.unlockCondition && item.unlockCondition.condition === 'party invite') { if (!confirm(window.env.t('mustInviteFriend'))) return; - return Groups.inviteOrStartParty(Groups.party()); + return Groups.inviteOrStartParty(party); } if (item.previous && (!User.user.achievements.quests || (User.user.achievements.quests && !User.user.achievements.quests[item.previous]))){ return alert(window.env.t('unlockByQuesting', {title: Content.quests[item.previous].text()}));