github/bird-lg-go
1
Fork 0
mirror of https://github.com/xddxdd/bird-lg-go synced 2025-02-25 19:28:08 +01:00
Code Releases Activity

frontend: allow webserver to trust proxy headers (#106)

Browse Source 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2024-07-15 00:50:18 +02:00 committed by GitHub
parent 39a129db9d
commit 0fdde8afc7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/main.go
View File

@ -26,6 +26,7 @@ type settingType struct {
nameFilter string nameFilter string
timeOut int timeOut int
connectionTimeOut int connectionTimeOut int
trustProxyHeaders bool
} }
var setting settingType var setting settingType

5
frontend/settings.go
View File

@ -27,6 +27,7 @@ type viperSettingType struct {
NameFilter string `mapstructure:"name_filter"` NameFilter string `mapstructure:"name_filter"`
TimeOut int `mapstructure:"timeout"` TimeOut int `mapstructure:"timeout"`
ConnectionTimeOut int `mapstructure:"connection_timeout"` ConnectionTimeOut int `mapstructure:"connection_timeout"`
TrustProxyHeaders bool `mapstructure:"trust_proxy_headers"`
} }
// Parse settings with viper, and convert to legacy setting format // Parse settings with viper, and convert to legacy setting format
@ -94,6 +95,9 @@ func parseSettings() {
pflag.Int("connection-time-out", 5, "time before backend TCP connection times out, in seconds; defaults to 5 if not set") pflag.Int("connection-time-out", 5, "time before backend TCP connection times out, in seconds; defaults to 5 if not set")
viper.BindPFlag("connection_timeout", pflag.Lookup("connection-time-out")) viper.BindPFlag("connection_timeout", pflag.Lookup("connection-time-out"))
pflag.Bool("trust-proxy-headers", false, "Trust X-Forwared-For, X-Real-IP, X-Forwarded-Proto, X-Forwarded-Scheme and X-Forwarded-Host sent by the client")
viper.BindPFlag("trust_proxy_headers", pflag.Lookup("trust-proxy-headers"))
pflag.Parse() pflag.Parse()
if err := viper.ReadInConfig(); err != nil { if err := viper.ReadInConfig(); err != nil {
@ -144,6 +148,7 @@ func parseSettings() {
setting.nameFilter = viperSettings.NameFilter setting.nameFilter = viperSettings.NameFilter
setting.timeOut = viperSettings.TimeOut setting.timeOut = viperSettings.TimeOut
setting.connectionTimeOut = viperSettings.ConnectionTimeOut setting.connectionTimeOut = viperSettings.ConnectionTimeOut
setting.trustProxyHeaders = viperSettings.TrustProxyHeaders
fmt.Printf("%#v\n", setting) fmt.Printf("%#v\n", setting)
} }

10
frontend/webserver.go
View File

@ -75,7 +75,6 @@ func webHandlerWhois(w http.ResponseWriter, r *http.Request) {
// serve up results from bird // serve up results from bird
func webBackendCommunicator(endpoint string, command string) func(w http.ResponseWriter, r *http.Request) { func webBackendCommunicator(endpoint string, command string) func(w http.ResponseWriter, r *http.Request) {
backendCommandPrimitive, commandPresent := primitiveMap[command] backendCommandPrimitive, commandPresent := primitiveMap[command]
if !commandPresent { if !commandPresent {
panic("invalid command: " + command) panic("invalid command: " + command)
@ -195,7 +194,6 @@ func webHandlerBGPMap(endpoint string, command string) func(w http.ResponseWrite
// set up routing paths and start webserver // set up routing paths and start webserver
func webServerStart(l net.Listener) { func webServerStart(l net.Listener) {
// redirect main page to all server summary // redirect main page to all server summary
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/summary/"+url.PathEscape(strings.Join(setting.servers, "+")), 302) http.Redirect(w, r, "/summary/"+url.PathEscape(strings.Join(setting.servers, "+")), 302)
@ -239,5 +237,11 @@ func webServerStart(l net.Listener) {
http.HandleFunc("/telegram/", webHandlerTelegramBot) http.HandleFunc("/telegram/", webHandlerTelegramBot)
// Start HTTP server // Start HTTP server
http.Serve(l, handlers.LoggingHandler(os.Stdout, http.DefaultServeMux)) var handler http.Handler
handler = http.DefaultServeMux
if setting.trustProxyHeaders {
handler = handlers.ProxyHeaders(handler)
}
handler = handlers.LoggingHandler(os.Stdout, handler)
http.Serve(l, handler)
} }