Enfore SSL in prod

app.js

@@ -11,10 +11,12 @@ var express = require('express'); // Express web server framework
 var request = require('request'); // "Request" library
 var querystring = require('querystring');
 var cookieParser = require('cookie-parser');
+var enforce = require('express-sslify');
 
 var client_id = process.env.CLIENT_ID; // Your client id
 var client_secret = process.env.CLIENT_SECRET; // Your client secret
 var redirect_uri = process.env.CALLBACK; // Your redirect uri
+var environment = process.env.NODE_ENV;
 
 /**
  * Generates a random string containing numbers and letters
@@ -35,6 +37,10 @@ var stateKey = 'spotify_auth_state';
 
 var app = express();
 
+if (environment == 'prod' || environment == 'production') {
+    app.use(enforce.HTTPS({ trustProtoHeader: true }));
+}
+
 app.use(express.static(__dirname + '/public'))
     .use(cookieParser());
 

package.json

@@ -8,6 +8,7 @@
     "cookie-parser": "1.3.2",
     "dotenv": "^2.0.0",
     "express": "~4.0.0",
+    "express-sslify": "^1.0.1",
     "querystring": "~0.2.0",
     "request": "~2.34.0",
     "throng": "^4.0.0"