1
mirror of https://github.com/xddxdd/bird-lg-go synced 2024-11-27 08:53:38 +01:00

frontend: allow webserver to trust proxy headers (#106)

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
Marc 'risson' Schmitt 2024-07-15 00:50:18 +02:00 committed by GitHub
parent 39a129db9d
commit 0fdde8afc7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 3 deletions

View File

@ -26,6 +26,7 @@ type settingType struct {
nameFilter string
timeOut int
connectionTimeOut int
trustProxyHeaders bool
}
var setting settingType

View File

@ -27,6 +27,7 @@ type viperSettingType struct {
NameFilter string `mapstructure:"name_filter"`
TimeOut int `mapstructure:"timeout"`
ConnectionTimeOut int `mapstructure:"connection_timeout"`
TrustProxyHeaders bool `mapstructure:"trust_proxy_headers"`
}
// Parse settings with viper, and convert to legacy setting format
@ -94,6 +95,9 @@ func parseSettings() {
pflag.Int("connection-time-out", 5, "time before backend TCP connection times out, in seconds; defaults to 5 if not set")
viper.BindPFlag("connection_timeout", pflag.Lookup("connection-time-out"))
pflag.Bool("trust-proxy-headers", false, "Trust X-Forwared-For, X-Real-IP, X-Forwarded-Proto, X-Forwarded-Scheme and X-Forwarded-Host sent by the client")
viper.BindPFlag("trust_proxy_headers", pflag.Lookup("trust-proxy-headers"))
pflag.Parse()
if err := viper.ReadInConfig(); err != nil {
@ -144,6 +148,7 @@ func parseSettings() {
setting.nameFilter = viperSettings.NameFilter
setting.timeOut = viperSettings.TimeOut
setting.connectionTimeOut = viperSettings.ConnectionTimeOut
setting.trustProxyHeaders = viperSettings.TrustProxyHeaders
fmt.Printf("%#v\n", setting)
}

View File

@ -75,7 +75,6 @@ func webHandlerWhois(w http.ResponseWriter, r *http.Request) {
// serve up results from bird
func webBackendCommunicator(endpoint string, command string) func(w http.ResponseWriter, r *http.Request) {
backendCommandPrimitive, commandPresent := primitiveMap[command]
if !commandPresent {
panic("invalid command: " + command)
@ -195,7 +194,6 @@ func webHandlerBGPMap(endpoint string, command string) func(w http.ResponseWrite
// set up routing paths and start webserver
func webServerStart(l net.Listener) {
// redirect main page to all server summary
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/summary/"+url.PathEscape(strings.Join(setting.servers, "+")), 302)
@ -239,5 +237,11 @@ func webServerStart(l net.Listener) {
http.HandleFunc("/telegram/", webHandlerTelegramBot)
// Start HTTP server
http.Serve(l, handlers.LoggingHandler(os.Stdout, http.DefaultServeMux))
var handler http.Handler
handler = http.DefaultServeMux
if setting.trustProxyHeaders {
handler = handlers.ProxyHeaders(handler)
}
handler = handlers.LoggingHandler(os.Stdout, handler)
http.Serve(l, handler)
}