add trust proxy env config

2023-10-23 20:54:15 +10:00 · 2023-10-23 20:54:15 +10:00 · 0cdf8fe7fc
parent bc6f8921fb
commit 0cdf8fe7fc
2 changed files with 33 additions and 1 deletions
--- a/filed/.env.example
+++ b/filed/.env.example
@ -1,6 +1,11 @@
 APP_LOGGING=true
 APP_HOST=0.0.0.0:80
 # The IP to trust X-Forwarded-For header
 # To serve to WAN directly, use 127.0.0.1
 # You can also use domains!
 PROXY_IP=127.0.0.1
 REDIS_PASS=bfile
 REDIS_HOST=redis
 REDIS_PORT=6379
--- a/filed/src/env.rs
+++ b/filed/src/env.rs
@ -3,7 +3,7 @@
 This file provides the `loadenv` function that will do just that.
 */
-use std::{env::var, net::SocketAddr, path::Path, fs};
+use std::{env::var, net::{SocketAddr, ToSocketAddrs, IpAddr}, path::Path, fs};
 pub const DEFAULT_CONFIG: &'static str = include_str!("../config/filed.toml.example");
@ -19,6 +19,7 @@ pub struct Redis {
 pub struct Env {
    pub logging: bool,
    pub listen: SocketAddr,
    pub proxy_addr: IpAddr,
    pub redis: Redis,
    pub filedir: String,
    pub instanceurl: String,
@ -40,6 +41,32 @@ pub fn loadenv() -> Result<Env, Box<dyn std::error::Error>> {
        Env {
            logging: get_var::<&str, String>("APP_LOGGING")?.to_lowercase() == "true",
            listen: get_var::<&str, String>("APP_HOST")?.parse::<SocketAddr>().unwrap(),
            proxy_addr: {
                let env_var = get_var::<&str, String>("PROXY_IP")?;
                let ip = env_var.parse::<IpAddr>();
                if let Ok(ip) = ip {
                    if ip == IpAddr::from([127, 0, 0, 1]) {
                        log::warn!("Proxy address is 127.0.0.1. No proxy will be trusted")
                    }
                    if ip == IpAddr::from([0, 0, 0, 0]) {
                        log::warn!("Proxy address is 0.0.0.0. All proxies will be trusted.");
                        #[cfg(not(debug_assertions))]
                            log::warn!("The warning above will not work well with production mode! Please consider setting the proxy address to a proper IP.")
                    }
                    ip
                } else {
                    let sock = env_var.to_socket_addrs();
                    if let Err(err) = sock {
                        return Err(format!("Can't resolve {env_var}: {:?}", err).into());
                    }
                    let mut addrs = sock.unwrap();
                    if addrs.len() == 0 {
                        return Err(format!("{env_var} resolved to nothing").into());
                    }
                    addrs.next().unwrap().ip()
                }
            },
            redis: Redis {
                pass: get_var("REDIS_PASS")?,
                host: get_var("REDIS_HOST")?,