implement a force_ssl option

This works similarly to Rails force_ssl. Why add this to a proxy gem when it's
stuff that generally lives in the webserver configuration? The most common
use case for using a proxy gem in the first place is not having full control
of the webserver (such as on heroku). In those environments the redirect is
generally configured to be done on Rails, but requests handled by rack reverse
are not handled by a Rails controller.
Ideally one would create another Rack middleware to do this, but I think the
convenience is worth it (especially in a Rails environment).

Author: pigoz

README.md

@@ -51,6 +51,7 @@ run app
 * `:password` password for basic auth
 * `:matching` is a global only option, if set to :first the first matched url will be requested (no ambigous error). Default: :all.
 * `:timeout` seconds to timout the requests
+* `:force_ssl` redirects to ssl version, if not already using it (requires `:replace_response_host`). Default: false.
 
 ### Sample usage in a Ruby on Rails app
 

lib/rack_reverse_proxy/middleware.rb

@@ -60,6 +60,13 @@ def proxy(env, source_request, rule)
 
       options = @global_options.dup.merge(rule.options)
 
+      if options[:force_ssl] && options[:replace_response_host] &&
+         source_request.scheme == 'http'
+        rewrite_uri(uri, source_request)
+        uri.scheme = 'https'
+        return [301, {'Location' => uri.to_s}, '']
+      end
+
       # Initialize request
       target_request = Net::HTTP.const_get(
         source_request.request_method.capitalize
@@ -115,11 +122,7 @@ def proxy(env, source_request, rule)
       # Replace the location header with the proxy domain
       if response_headers["Location"] && options[:replace_response_host]
         response_location = URI(response_headers["location"])
-        response_location.scheme = source_request.scheme
-        response_location.host   = source_request.host
-        unless default_port_for_scheme?(source_request.scheme, source_request.port)
-          response_location.port = source_request.port
-        end
+        rewrite_uri(response_location, source_request)
         response_headers["Location"] = response_location.to_s
       end
 
@@ -162,5 +165,13 @@ def format_headers(headers)
     def default_port_for_scheme?(scheme, port)
       scheme == 'http' && port == 80 || scheme == 'https' && port == 443
     end
+
+    def rewrite_uri(rewritten, original)
+      rewritten.scheme = original.scheme
+      rewritten.host   = original.host
+      unless default_port_for_scheme?(original.scheme, original.port)
+        rewritten.port = original.port
+      end
+    end
   end
 end

spec/rack/reverse_proxy_spec.rb

@@ -298,6 +298,27 @@ def app
       end
     end
 
+    describe "with force ssl turned on" do
+      def app
+        Rack::ReverseProxy.new(dummy_app) do
+          reverse_proxy "/test", "http://example1.com/",
+            :force_ssl => true, :replace_response_host => true
+        end
+      end
+
+      it "redirects to the ssl version when requesting non-ssl" do
+        stub_request(:get, "http://example1.com/test/stuff").to_return(:body => "proxied")
+        get "http://example.com/test/stuff"
+        expect(last_response.headers["Location"]).to eq("https://example.com/test/stuff")
+      end
+
+      it "does nothing when already ssl" do
+        stub_request(:get, "http://example1.com/test/stuff").to_return(:body => "proxied")
+        get "https://example.com/test/stuff"
+        expect(last_response.body).to eq("proxied")
+      end
+    end
+
     describe "with a route as a regular expression" do
       def app
         Rack::ReverseProxy.new(dummy_app) do