From aae91b0ad6cddae6d7ea17085f4713567aba248a Mon Sep 17 00:00:00 2001
From: Josh Michielsen <github@mickey.dev>
Date: Thu, 17 Oct 2019 16:30:48 +0100
Subject: [PATCH] Add new handler to redirect to HTTPS if flag is set

Signed-off-by: Josh Michielsen <github@mickey.dev>
---
 http.go | 10 ++++++++++
 main.go |  4 ++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/http.go b/http.go
index 2cee227b..0c84fb4b 100644
--- a/http.go
+++ b/http.go
@@ -152,3 +152,13 @@ func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
 	tc.SetKeepAlivePeriod(3 * time.Minute)
 	return tc, nil
 }
+
+func redirectToHTTPS(opts *Options, h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if opts.ForceHTTPS {
+			http.Redirect(w, r, opts.HTTPSAddress, http.StatusPermanentRedirect)
+		}
+
+		h.ServeHTTP(w, r)
+	})
+}
diff --git a/main.go b/main.go
index 5baa8cd2..fb859064 100644
--- a/main.go
+++ b/main.go
@@ -186,9 +186,9 @@ func main() {
 
 	var handler http.Handler
 	if opts.GCPHealthChecks {
-		handler = gcpHealthcheck(LoggingHandler(oauthproxy))
+		handler = redirectToHTTPS(opts, gcpHealthcheck(LoggingHandler(oauthproxy)))
 	} else {
-		handler = LoggingHandler(oauthproxy)
+		handler = redirectToHTTPS(opts, LoggingHandler(oauthproxy))
 	}
 	s := &Server{
 		Handler: handler,