redirect to https on production

app.js

@@ -7,6 +7,7 @@ const config = require('./config');
 const db = require('./config/db');
 const path = require('path');
 const hsts = require('hsts');
+const { redirectToHTTPS } = require('express-http-to-https');
 
 require('./models/TodoList');
 require('./models/User');
@@ -21,6 +22,7 @@ process.env.NODE_ENV === 'production'
   : app.use(morgan('dev'));
 
 if (process.env.NODE_ENV === 'production' && process.env.HSTS === 'true') {
+  app.use(redirectToHTTPS([/localhost:(\d{4})/]));
   app.use(
     hsts({
       maxAge: 31536000,

package-lock.json

@@ -2682,6 +2682,14 @@
         }
       }
     },
+    "express-http-to-https": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/express-http-to-https/-/express-http-to-https-1.1.4.tgz",
+      "integrity": "sha512-jPe7xNKz+KdTYn0uJSBPug/AE5hCIgYrXed0SsmCm5TyydxeSK/U3sVyJyMaQmluJcIS+sbq6E/iB4CBZQIN1g==",
+      "requires": {
+        "express": "^4.15.3"
+      }
+    },
     "express-jwt": {
       "version": "5.3.1",
       "resolved": "https://registry.npmjs.org/express-jwt/-/express-jwt-5.3.1.tgz",

package.json

@@ -23,6 +23,7 @@
     "cors": "^2.8.4",
     "dotenv": "^5.0.1",
     "express": "^4.16.3",
+    "express-http-to-https": "^1.1.4",
     "express-jwt": "^5.3.1",
     "hsts": "^2.1.0",
     "jsonwebtoken": "^8.2.1",