add trust proxy env config
This commit is contained in:
parent
bc6f8921fb
commit
0cdf8fe7fc
|
@ -1,6 +1,11 @@
|
||||||
APP_LOGGING=true
|
APP_LOGGING=true
|
||||||
APP_HOST=0.0.0.0:80
|
APP_HOST=0.0.0.0:80
|
||||||
|
|
||||||
|
# The IP to trust X-Forwarded-For header
|
||||||
|
# To serve to WAN directly, use 127.0.0.1
|
||||||
|
# You can also use domains!
|
||||||
|
PROXY_IP=127.0.0.1
|
||||||
|
|
||||||
REDIS_PASS=bfile
|
REDIS_PASS=bfile
|
||||||
REDIS_HOST=redis
|
REDIS_HOST=redis
|
||||||
REDIS_PORT=6379
|
REDIS_PORT=6379
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
This file provides the `loadenv` function that will do just that.
|
This file provides the `loadenv` function that will do just that.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
use std::{env::var, net::SocketAddr, path::Path, fs};
|
use std::{env::var, net::{SocketAddr, ToSocketAddrs, IpAddr}, path::Path, fs};
|
||||||
|
|
||||||
pub const DEFAULT_CONFIG: &'static str = include_str!("../config/filed.toml.example");
|
pub const DEFAULT_CONFIG: &'static str = include_str!("../config/filed.toml.example");
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ pub struct Redis {
|
||||||
pub struct Env {
|
pub struct Env {
|
||||||
pub logging: bool,
|
pub logging: bool,
|
||||||
pub listen: SocketAddr,
|
pub listen: SocketAddr,
|
||||||
|
pub proxy_addr: IpAddr,
|
||||||
pub redis: Redis,
|
pub redis: Redis,
|
||||||
pub filedir: String,
|
pub filedir: String,
|
||||||
pub instanceurl: String,
|
pub instanceurl: String,
|
||||||
|
@ -40,6 +41,32 @@ pub fn loadenv() -> Result<Env, Box<dyn std::error::Error>> {
|
||||||
Env {
|
Env {
|
||||||
logging: get_var::<&str, String>("APP_LOGGING")?.to_lowercase() == "true",
|
logging: get_var::<&str, String>("APP_LOGGING")?.to_lowercase() == "true",
|
||||||
listen: get_var::<&str, String>("APP_HOST")?.parse::<SocketAddr>().unwrap(),
|
listen: get_var::<&str, String>("APP_HOST")?.parse::<SocketAddr>().unwrap(),
|
||||||
|
proxy_addr: {
|
||||||
|
let env_var = get_var::<&str, String>("PROXY_IP")?;
|
||||||
|
|
||||||
|
let ip = env_var.parse::<IpAddr>();
|
||||||
|
if let Ok(ip) = ip {
|
||||||
|
if ip == IpAddr::from([127, 0, 0, 1]) {
|
||||||
|
log::warn!("Proxy address is 127.0.0.1. No proxy will be trusted")
|
||||||
|
}
|
||||||
|
if ip == IpAddr::from([0, 0, 0, 0]) {
|
||||||
|
log::warn!("Proxy address is 0.0.0.0. All proxies will be trusted.");
|
||||||
|
#[cfg(not(debug_assertions))]
|
||||||
|
log::warn!("The warning above will not work well with production mode! Please consider setting the proxy address to a proper IP.")
|
||||||
|
}
|
||||||
|
ip
|
||||||
|
} else {
|
||||||
|
let sock = env_var.to_socket_addrs();
|
||||||
|
if let Err(err) = sock {
|
||||||
|
return Err(format!("Can't resolve {env_var}: {:?}", err).into());
|
||||||
|
}
|
||||||
|
let mut addrs = sock.unwrap();
|
||||||
|
if addrs.len() == 0 {
|
||||||
|
return Err(format!("{env_var} resolved to nothing").into());
|
||||||
|
}
|
||||||
|
addrs.next().unwrap().ip()
|
||||||
|
}
|
||||||
|
},
|
||||||
redis: Redis {
|
redis: Redis {
|
||||||
pass: get_var("REDIS_PASS")?,
|
pass: get_var("REDIS_PASS")?,
|
||||||
host: get_var("REDIS_HOST")?,
|
host: get_var("REDIS_HOST")?,
|
||||||
|
|
Loading…
Reference in New Issue