From 02aceb9140c16ec8998683cb44537ae64d2586ed Mon Sep 17 00:00:00 2001
From: FrostWalk <federico.frigerio@protonmail.com>
Date: Sat, 14 Sep 2024 18:37:24 +0200
Subject: [PATCH] Redirect da http a https

---
 Dockerfile         |  5 ++++-
 README.md          | 18 +++++++++++-------
 config/config.go   | 24 +++++++++++++++++-------
 docker-compose.yml | 10 ++++++----
 main.go            | 22 +++++++++++++++++-----
 5 files changed, 55 insertions(+), 24 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f08c57c..d2a04bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,8 @@ RUN CGO_ENABLED=0 go build -ldflags="-s -w" -trimpath -o inviter
 FROM gcr.io/distroless/static
 
 LABEL org.opencontainers.image.source=https://github.com/FrostWalk/GitHub-Inviter
+LABEL org.opencontainers.image.description="linux/amd64"
+LABEL org.opencontainers.image.licenses=MIT
 
 COPY --from=buildenv /go/src/build/inviter /inviter
 COPY --from=buildenv /go/src/build/static/ /static/
@@ -24,4 +26,5 @@ ENV GITHUB_GROUP_NAME=""
 ENV INVITE_CODE=""
 ENV TLS_CERT=""
 ENV TLS_KEY=""
-ENV PORT="8080"
+ENV HTTP_PORT="80"
+ENV HTTPS_PORT="443"
diff --git a/README.md b/README.md
index c8fe637..bd7a7c8 100644
--- a/README.md
+++ b/README.md
@@ -9,9 +9,10 @@ provided invitation code to get added to the organization's team.
 - Simple web interface for user input
 - Secure invitation process using a pre-defined invitation code
 - Configurable for different GitHub organizations and teams
-- Optional TLS support for secure connections
+- Optional TLS support for secure connections, with automatic redirect
 
 ## Screenshot
+
 ![Screenshot](/assets/images/index.png)
 
 ## Configuration
@@ -24,7 +25,8 @@ The application is configured using environment variables. Here are the availabl
 | `GITHUB_TOKEN`       | GitHub personal access token with necessary permissions | Yes      | -       |
 | `GITHUB_GROUP_NAME`  | The name of the team in your organization               | Yes      | -       |
 | `INVITE_CODE`        | The invitation code users need to provide               | Yes      | -       |
-| `PORT`               | The port on which the application will run              | No       | 8080    |
+| `HTTP_PORT`          | The port on which the application will run              | No       | 80      |
+| `HTTPS_PORT`         | The port on which the application will run (https)      | No       | 443     |
 | `TLS_CERT`           | Path to the TLS certificate file                        | No       | -       |
 | `TLS_KEY`            | Path to the TLS key file                                | No       | -       |
 
@@ -42,17 +44,19 @@ services:
       - GITHUB_TOKEN=your-github-token
       - GITHUB_GROUP_NAME=your-team-name
       - INVITE_CODE=your-invite-code
-      - PORT=8080
+      - HTTP_PORT=80
+      - HTTPS_PORT=443
       # Uncomment the following lines if you want to use TLS
       # - TLS_CERT=/path/to/your/cert.pem
       # - TLS_KEY=/path/to/your/key.pem
     ports:
-      - "8080:8080"
+      - "80:80"
     # Uncomment the following lines if you want to use TLS
+    #  - "443:443"
     # volumes:
-    #   - /path/to/your/cert.pem:/path/to/your/cert.pem:ro
-    #   - /path/to/your/key.pem:/path/to/your/key.pem:ro
-```
+    #  - /path/to/your/cert.pem:/path/to/your/cert.pem:ro
+    #  - /path/to/your/key.pem:/path/to/your/key.pem:ro
+  ```
 
 To run the application:
 
diff --git a/config/config.go b/config/config.go
index fcd881b..e4a30a5 100644
--- a/config/config.go
+++ b/config/config.go
@@ -13,7 +13,8 @@ type AppConfig struct {
 	Token      string //mandatory
 	GroupName  string //mandatory
 	InviteCode []byte //mandatory
-	Port       string //optional (default 8080)
+	HttpPort   string //optional (default 80)
+	HttpsPort  string //optional (default 443)
 	TlsCert    string //optional
 	TlsKey     string //optional
 }
@@ -43,9 +44,13 @@ func Load() bool {
 	}
 
 	// Set the optional environment variables, using defaults if not set
-	port := strings.Trim(os.Getenv("PORT"), " ")
-	if len(port) == 0 {
-		port = "8080"
+	httpPort := strings.Trim(os.Getenv("HTTP_PORT"), " ")
+	if len(httpPort) == 0 {
+		httpPort = "80"
+	}
+	httpsPort := strings.Trim(os.Getenv("HTTPS_PORT"), " ")
+	if len(httpsPort) == 0 {
+		httpsPort = "443"
 	}
 
 	conf = AppConfig{
@@ -53,7 +58,8 @@ func Load() bool {
 		Token:      token,
 		GroupName:  strings.ToLower(groupName),
 		InviteCode: hash.CalculateHash(inviteCode),
-		Port:       port,
+		HttpPort:   httpPort,
+		HttpsPort:  httpsPort,
 		TlsCert:    strings.Trim(os.Getenv("TLS_CERT"), " "),
 		TlsKey:     strings.Trim(os.Getenv("TLS_KEY"), " "),
 	}
@@ -88,8 +94,12 @@ func InviteCode() []byte {
 	return conf.InviteCode
 }
 
-func Port() string {
-	return conf.Port
+func HttpPort() string {
+	return conf.HttpPort
+}
+
+func HttpsPort() string {
+	return conf.HttpsPort
 }
 
 func TlsCert() string {
diff --git a/docker-compose.yml b/docker-compose.yml
index 3d51235..df60732 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,13 +7,15 @@ services:
       - GITHUB_TOKEN=your-github-token
       - GITHUB_GROUP_NAME=your-team-name
       - INVITE_CODE=your-invite-code
-      - PORT=8080
+      - HTTP_PORT=80
+      - HTTPS_PORT=443
       # Uncomment the following lines if you want to use TLS
       # - TLS_CERT=/path/to/your/cert.pem
       # - TLS_KEY=/path/to/your/key.pem
     ports:
-      - "8080:8080"
+      - "80:80"
     # Uncomment the following lines if you want to use TLS
+    #  - "443:443"
     # volumes:
-    #   - /path/to/your/cert.pem:/path/to/your/cert.pem:ro
-    #   - /path/to/your/key.pem:/path/to/your/key.pem:ro
\ No newline at end of file
+    #  - /path/to/your/cert.pem:/path/to/your/cert.pem:ro
+    #  - /path/to/your/key.pem:/path/to/your/key.pem:ro
\ No newline at end of file
diff --git a/main.go b/main.go
index 901de23..9287b86 100644
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"inviter/handlers"
 	"log"
 	"net/http"
+	"strings"
 )
 
 func main() {
@@ -29,11 +30,22 @@ func main() {
 	}
 
 	if tlsEnable {
-		fmt.Println("Server is running on https://127.0.0.1:" + config.Port())
-		log.Fatal(http.ListenAndServeTLS(fmt.Sprintf(":%s", config.Port()), config.TlsCert(), config.TlsKey(), nil))
-
+		go func() {
+			// Start HTTP server that redirects all traffic to HTTPS
+			log.Println("Starting HTTP to HTTPS redirect")
+			log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", config.HttpPort()), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				// Redirect to HTTPS
+				index := strings.Index(r.Host, ":")
+				target := fmt.Sprintf("https://%s:%s%s", r.Host[:index], config.HttpsPort(), r.RequestURI)
+				http.Redirect(w, r, target, http.StatusMovedPermanently)
+			})))
+		}()
+
+		// Start HTTPS server
+		fmt.Println("Server is running on https://127.0.0.1:" + config.HttpsPort())
+		log.Fatal(http.ListenAndServeTLS(fmt.Sprintf(":%s", config.HttpsPort()), config.TlsCert(), config.TlsKey(), nil))
 	} else {
-		fmt.Println("Server is running on http://127.0.0.1:" + config.Port())
-		log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", config.Port()), nil))
+		fmt.Println("Server is running on http://127.0.0.1:" + config.HttpPort())
+		log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", config.HttpPort()), nil))
 	}
 }