How to https every view change via Express in Nodejs

Question

Hi I am having a problem to https every single view in NodeJS. Currently I am using Handlebars as server side templating. To render a view, for example, res.render(loginDir, {login: false, admin: false, header: "Welcome!!"}); Every route I access is http://blablabla. I want it to be https://blablabla. Please help me with this...thanks in advance

The following will be my code:

Uiroutes.ts

import express = require('express');
import path = require('path');

var app = express();

class Uiroutes {

    get uiroutes() {

        var rootManageDir = path.join(__dirname,'../../../client/management/manage');
        var rootExecutionDir = path.join(__dirname,'../../../client/execution/execution');
        var rootUserHomeDir = path.join(__dirname,'../../../client/userhome/userhome');
        var loginDir = path.join(__dirname,'../../../client/login/login');



        app.get('/management',this.adminAuth, (req: express.Request, res: express.Response) => {
            res.render(rootManageDir, {login: true, admin: true, header: "Admin, Welcome back!"});
        });
        app.get('/execution',this.adminAuth, (req: express.Request, res: express.Response) => {
            res.render(rootExecutionDir, {login: true, admin: true, header: "Admin, Welcome back!"});
        });
        app.get('/userhome', this.userAuth, (req: express.Request, res: express.Response) => {
            let header = req.body.username + ', Welcome back!';
            res.render(rootUserHomeDir, {login: true, admin: false, header: header});
        });
        app.get('/login', (req: express.Request, res: express.Response) => {
            res.render(loginDir, {login: false, admin: false, header: "Welcome!!"});
        });
        app.get('/logout', this.logout, (req: express.Request, res: express.Response) => {
            res.redirect('/login');
        });
        return app;
    }

    userAuth(req, res, next) {
        if(req.session["user"]&&(req.session["user"].role == 'user')) {
            req.body.username = req.session["user"].username;
            next(); 
        } else {
            if(req.session["user"]&&(req.session["user"].role == 'admin')) {
                req.body.username = req.session["user"].username;
                res.redirect('/management');
            } else {
                res.redirect('/login');
            }
        }
    }

    adminAuth(req, res, next) {
        //console.log(req.session);
        if(req.session["user"]&&(req.session["user"].role == 'admin')) {
            req.body.username = req.session["user"].username;
            next();
        } else {
            if(req.session["user"]&&(req.session["user"].role == 'user')) {
                req.body.username = req.session["user"].username;
                res.redirect('/userhome');
            } else {
                res.redirect('/login');
            }
        }
    }

    logout(req, res, next) {
        if(req.session["user"]){
            console.log("logged in");
            delete req.session["user"];
            console.log(req.session["user"]);
            next();
        } else {
            delete req.session;
            next();
        }

    }
}
export = Uiroutes;

The above vars just for file to refer to .hbs view directory.

var rootManageDir = path.join(__dirname,'../../../client/management/manage');
var rootExecutionDir = path.join(__dirname,'../../../client/execution/execution');
var rootUserHomeDir = path.join(__dirname,'../../../client/userhome/userhome');
var loginDir = path.join(__dirname,'../../../client/login/login');

In my server.ts

//Set view engine
app.set('view engine', 'hbs');

var defaultDir = path.join(__dirname, '../client/layout/default');
var layoutDir = path.join(__dirname, '../client/layout');
var viewpath = path.join(__dirname, '../client')

//Config the view engine
app.engine('hbs', hbs.express4({
    defaultLayout: defaultDir,
    layoutsDir: layoutDir
}));

//config view path
app.set('views', viewpath);

app.use(new UIRoutes().uiroutes);

Edit:

The following is cert config on server side in order to use https

In server.ts

const fs = require('fs');
var app = require('../server').app;
const https = require('https');
var ip = '0.0.0.0';
var port = 8443;
var privateKey = fs.readFileSync('/opt/epaas/certs/key');
var certificate = fs.readFileSync('/opt/epaas/certs/cert');
var ca = fs.readFileSync('/opt/epaas/certs/ca');
var pass = fs.readFileSync('/opt/epaas/certs/pass','ascii');
var options = { 
    key: privateKey,
    cert: certificate,
    ca: ca,
    passphrase: pass,
    requestCert: true, 
    rejectUnauthorized: false 
};
var server = https.createServer(options, app);
server.listen(port, function(){
    console.log('This app is listening on port:' + port);
});

Our server is a cloud, all applications are deploy there. It is hard to tell what kind of server is that...

Answer 1

You can try to use a redirect of all routes HTTP to HTTPS.

Add a line before all the routes with:

app.get('*', (req, res, next) => {
   if(req.headers['x-forwarded-proto'] !== 'https') {
     res.redirect('https://' + req.headers.host + req.url);
   }
   next();
});

Is a check to look the header if the request is http and if is http do you redirect the user to https.

Answer 2

You can use express-enforces-ssl which will handle this for you:

const fs = require('fs');
const https = require('https');
const http = require('http');
const express = require('express');
const express_enforces_ssl = require('express-enforces-ssl');

const app = express();

/*
*   Trust proxy must be set if you're behind a reverse proxy / load balancer
*
*/
app.enable('trust proxy');

app.use(express_enforces_ssl());


/*
*   Then you have to make sure your express server can handle https               
*/

http.createServer(app).listen(80);

https.createServer({
    key: fs.readFileSync('key.pem'),
    cert: fs.readFileSync('cert.pem')
}, app).listen(443);