Added option to redirect https requests to http via Part-DB

This is especially useful for the heroku demo instance, where the webserver can not do the automatic redirect
2025-06-20 17:15:51 +02:00 · 2024-01-25 22:58:52 +01:00 · 2024-01-25 22:58:52 +01:00 · 631c364179
commit 631c364179
parent e8d670971e
5 changed files with 81 additions and 1 deletions
--- a/.docker/symfony.conf
+++ b/.docker/symfony.conf
@ -25,7 +25,7 @@
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # Pass the configuration from the docker env to the PHP environment (here you should list all .env options)
-        PassEnv APP_ENV APP_DEBUG APP_SECRET
+        PassEnv APP_ENV APP_DEBUG APP_SECRET REDIRECT_TO_HTTPS
        PassEnv TRUSTED_PROXIES TRUSTED_HOSTS LOCK_DSN
        PassEnv DATABASE_URL ENFORCE_CHANGE_COMMENTS_FOR DATABASE_MYSQL_USE_SSL_CA DATABASE_MYSQL_SSL_VERIFY_CERT
        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI CHECK_FOR_UPDATES ATTACHMENT_DOWNLOAD_BY_DEFAULT
--- a/.env
+++ b/.env
@ -226,6 +226,9 @@ DEMO_MODE=0
 # In that case all URL contains the index.php front controller in URL
 NO_URL_REWRITE_AVAILABLE=0

+# Set to 1, if Part-DB should redirect all HTTP requests to HTTPS. You dont need to configure this, if your webserver already does this.
+REDIRECT_TO_HTTPS=0
+
 # If you want to use fixer.io for currency conversion, you have to set this to your API key
 FIXER_API_KEY=CHANGEME

--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@ -115,6 +115,8 @@ parameters:
  env(USE_GRAVATAR): '0'
  env(MAX_ATTACHMENT_FILE_SIZE): '100M'

+  env(REDIRECT_TO_HTTPS): 0
+
  env(ENFORCE_CHANGE_COMMENTS_FOR): ''

  env(ERROR_PAGE_ADMIN_EMAIL): ''
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -196,6 +196,9 @@ See the [information providers]({% link usage/information_provider_system.md %})
 * `NO_URL_REWRITE_AVAILABLE` (allowed values `true` or `false`): Set this value to true, if your webserver does not
  support rewrite. In this case, all URL paths will contain index.php/, which is needed then. Normally this setting do
  not need to be changed.
+* `REDIRECT_TO_HTTPS`: If this is set to true, all requests to http will be redirected to https. This is useful, if your
+  webserver does not already do this (like the one used in the demo instance). If your webserver already redirects to
+  https, you don't need to set this. Ensure that Part-DB is accessible via https, before you enable this setting.
 * `FIXER_API_KEY`: If you want to automatically retrieve exchange rates for base currencies other than euros, you have to
  configure an exchange rate provider API. [Fixer.io](https://fixer.io/) is preconfigured, and you just have to register
  there and set the retrieved API key in this environment variable.
--- a/src/EventSubscriber/RedirectToHttpsSubscriber.php
+++ b/src/EventSubscriber/RedirectToHttpsSubscriber.php
@ -0,0 +1,72 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\EventSubscriber;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Security\Http\HttpUtils;
+
+/**
+ * The purpose of this event listener is (if enabled) to redirect all requests to https.
+ */
+final class RedirectToHttpsSubscriber implements EventSubscriberInterface
+{
+
+    public function __construct(
+        #[Autowire('env(bool:REDIRECT_TO_HTTPS)')]
+        private readonly bool $enabled,
+        private readonly HttpUtils $httpUtils)
+    {
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::REQUEST => ['onKernelRequest', 0],
+        ];
+    }
+
+    public function onKernelRequest(RequestEvent $event): void
+    {
+        //If the feature is disabled, or we are not the main request, we do nothing
+        if (!$this->enabled || !$event->isMainRequest()) {
+            return;
+        }
+
+
+        $request = $event->getRequest();
+
+        //If the request is already https, we do nothing
+        if ($request->isSecure()) {
+            return;
+        }
+
+
+        //Change the request to https
+        $new_url = str_replace('http://', 'https://' ,$request->getUri());
+        $event->setResponse($this->httpUtils->createRedirectResponse($event->getRequest(), $new_url));
+    }
+}