From 0cdf8fe7fc2187591f341e4563371487b84ea228 Mon Sep 17 00:00:00 2001 From: blek Date: Mon, 23 Oct 2023 20:54:15 +1000 Subject: [PATCH] add trust proxy env config --- filed/.env.example | 5 +++++ filed/src/env.rs | 29 ++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/filed/.env.example b/filed/.env.example index f399e1e..239125c 100644 --- a/filed/.env.example +++ b/filed/.env.example @@ -1,6 +1,11 @@ APP_LOGGING=true APP_HOST=0.0.0.0:80 +# The IP to trust X-Forwarded-For header +# To serve to WAN directly, use 127.0.0.1 +# You can also use domains! +PROXY_IP=127.0.0.1 + REDIS_PASS=bfile REDIS_HOST=redis REDIS_PORT=6379 diff --git a/filed/src/env.rs b/filed/src/env.rs index 7c7d80f..a7532f1 100644 --- a/filed/src/env.rs +++ b/filed/src/env.rs @@ -3,7 +3,7 @@ This file provides the `loadenv` function that will do just that. */ -use std::{env::var, net::SocketAddr, path::Path, fs}; +use std::{env::var, net::{SocketAddr, ToSocketAddrs, IpAddr}, path::Path, fs}; pub const DEFAULT_CONFIG: &'static str = include_str!("../config/filed.toml.example"); @@ -19,6 +19,7 @@ pub struct Redis { pub struct Env { pub logging: bool, pub listen: SocketAddr, + pub proxy_addr: IpAddr, pub redis: Redis, pub filedir: String, pub instanceurl: String, @@ -40,6 +41,32 @@ pub fn loadenv() -> Result> { Env { logging: get_var::<&str, String>("APP_LOGGING")?.to_lowercase() == "true", listen: get_var::<&str, String>("APP_HOST")?.parse::().unwrap(), + proxy_addr: { + let env_var = get_var::<&str, String>("PROXY_IP")?; + + let ip = env_var.parse::(); + if let Ok(ip) = ip { + if ip == IpAddr::from([127, 0, 0, 1]) { + log::warn!("Proxy address is 127.0.0.1. No proxy will be trusted") + } + if ip == IpAddr::from([0, 0, 0, 0]) { + log::warn!("Proxy address is 0.0.0.0. All proxies will be trusted."); + #[cfg(not(debug_assertions))] + log::warn!("The warning above will not work well with production mode! Please consider setting the proxy address to a proper IP.") + } + ip + } else { + let sock = env_var.to_socket_addrs(); + if let Err(err) = sock { + return Err(format!("Can't resolve {env_var}: {:?}", err).into()); + } + let mut addrs = sock.unwrap(); + if addrs.len() == 0 { + return Err(format!("{env_var} resolved to nothing").into()); + } + addrs.next().unwrap().ip() + } + }, redis: Redis { pass: get_var("REDIS_PASS")?, host: get_var("REDIS_HOST")?,