add trust proxy env config

This commit is contained in:
blek 2023-10-23 20:54:15 +10:00
parent bc6f8921fb
commit 0cdf8fe7fc
Signed by: blek
GPG Key ID: 14546221E3595D0C
2 changed files with 33 additions and 1 deletions

View File

@ -1,6 +1,11 @@
APP_LOGGING=true
APP_HOST=0.0.0.0:80
# The IP to trust X-Forwarded-For header
# To serve to WAN directly, use 127.0.0.1
# You can also use domains!
PROXY_IP=127.0.0.1
REDIS_PASS=bfile
REDIS_HOST=redis
REDIS_PORT=6379

View File

@ -3,7 +3,7 @@
This file provides the `loadenv` function that will do just that.
*/
use std::{env::var, net::SocketAddr, path::Path, fs};
use std::{env::var, net::{SocketAddr, ToSocketAddrs, IpAddr}, path::Path, fs};
pub const DEFAULT_CONFIG: &'static str = include_str!("../config/filed.toml.example");
@ -19,6 +19,7 @@ pub struct Redis {
pub struct Env {
pub logging: bool,
pub listen: SocketAddr,
pub proxy_addr: IpAddr,
pub redis: Redis,
pub filedir: String,
pub instanceurl: String,
@ -40,6 +41,32 @@ pub fn loadenv() -> Result<Env, Box<dyn std::error::Error>> {
Env {
logging: get_var::<&str, String>("APP_LOGGING")?.to_lowercase() == "true",
listen: get_var::<&str, String>("APP_HOST")?.parse::<SocketAddr>().unwrap(),
proxy_addr: {
let env_var = get_var::<&str, String>("PROXY_IP")?;
let ip = env_var.parse::<IpAddr>();
if let Ok(ip) = ip {
if ip == IpAddr::from([127, 0, 0, 1]) {
log::warn!("Proxy address is 127.0.0.1. No proxy will be trusted")
}
if ip == IpAddr::from([0, 0, 0, 0]) {
log::warn!("Proxy address is 0.0.0.0. All proxies will be trusted.");
#[cfg(not(debug_assertions))]
log::warn!("The warning above will not work well with production mode! Please consider setting the proxy address to a proper IP.")
}
ip
} else {
let sock = env_var.to_socket_addrs();
if let Err(err) = sock {
return Err(format!("Can't resolve {env_var}: {:?}", err).into());
}
let mut addrs = sock.unwrap();
if addrs.len() == 0 {
return Err(format!("{env_var} resolved to nothing").into());
}
addrs.next().unwrap().ip()
}
},
redis: Redis {
pass: get_var("REDIS_PASS")?,
host: get_var("REDIS_HOST")?,