colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add trusted proxies property and find a solution to unix sockets

This commit is contained in:
Laurence 2024-01-20 17:45:32 +00:00 committed by Jannis Mattheis
parent d32d131d08
commit c68b2b5a72
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.example.yml
View File

@ -23,6 +23,10 @@ server:
responseheaders: # response headers are added to every response (default: none) responseheaders: # response headers are added to every response (default: none)
# X-Custom-Header: "custom value" # X-Custom-Header: "custom value"
#
trustedproxies: # IPs or IP ranges of trusted proxies. Used to obtain the remote ip via the X-Forwarded-For header. (configure 127.0.0.1 to trust sockets)
# - 127.0.0.1/32
# - ::1
cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers. cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
alloworigins: alloworigins:

2
config/config.go
View File

@ -39,6 +39,8 @@ type Configuration struct {
AllowMethods []string AllowMethods []string
AllowHeaders []string AllowHeaders []string
} }
TrustedProxies []string
} }
Database struct { Database struct {
Dialect string `default:"sqlite3"` Dialect string `default:"sqlite3"`

12
router/router.go
View File

@ -27,6 +27,18 @@ import (
func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) { func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) {
g := gin.New() g := gin.New()
if conf.Server.TrustedProxies != nil {
g.SetTrustedProxies(conf.Server.TrustedProxies)
g.ForwardedByClientIP = true
}
g.Use(func(ctx *gin.Context) {
// Map sockets "@" to 127.0.0.1, because gin-gonic can only trust IPs.
if ctx.Request.RemoteAddr == "@" {
ctx.Request.RemoteAddr = "127.0.0.1:65535"
}
})
g.Use(gin.LoggerWithFormatter(logFormatter), gin.Recovery(), gerror.Handler(), location.Default()) g.Use(gin.LoggerWithFormatter(logFormatter), gin.Recovery(), gerror.Handler(), location.Default())
g.NoRoute(gerror.NotFound()) g.NoRoute(gerror.NotFound())