From 001727ab8500d94eb62bc303acb906022c4cc3f1 Mon Sep 17 00:00:00 2001
From: Kshitij <kshitijk@tuta.io>
Date: Fri, 18 Jul 2025 01:21:07 +0530
Subject: [PATCH] Added helmet secure headers and HTTPS redirection.

---
 Backend/app.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Backend/app.js b/Backend/app.js
index f236985..c404fb2 100644
--- a/Backend/app.js
+++ b/Backend/app.js
@@ -1,6 +1,7 @@
 const express = require("express");
 const cors = require("cors");
 const cookieParser = require("cookie-parser");
+const helmet = require("helmet");
 
 const userRoute = require("./Routes/user.routes.js");
 const farmRoute = require("./Routes/farm.routes.js");
@@ -17,6 +18,8 @@ dotenv.config({
 
 const app = express();
 
+app.use(helmet()); // Secure headers
+
 const corsOptions = {
   origin: process.env.FRONTEND_URI,
   methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
@@ -43,4 +46,12 @@ app.use("/api/v1/finance", financeRoute);
 
 app.use("/api/v1/task", taskRoute);
 
+// Redirect HTTP to HTTPS (works behind proxy)
+app.use((req, res, next) => {
+  if (req.headers["x-forwarded-proto"] !== "https" && process.env.NODE_ENV === "production") {
+    return res.redirect(`https://${req.headers.host}${req.url}`);
+  }
+  next();
+});
+
 module.exports = app;