1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-23 17:07:42 +01:00

UseForwardedHeaders with known proxies

This commit is contained in:
Kyle Spearrin 2019-04-26 09:52:54 -04:00
parent 8b80478a97
commit e6baa1490c
5 changed files with 33 additions and 8 deletions

View File

@ -104,10 +104,7 @@ namespace Bit.Admin
if(globalSettings.SelfHosted)
{
app.UsePathBase("/admin");
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseForwardedHeaders(globalSettings);
}
if(env.IsDevelopment())

View File

@ -171,10 +171,7 @@ namespace Bit.Api
}
else
{
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseForwardedHeaders(globalSettings);
}
// Add static files to the request pipeline.

View File

@ -5,6 +5,7 @@ namespace Bit.Core
public class GlobalSettings
{
public bool SelfHosted { get; set; }
public virtual string KnownProxies { get; set; }
public virtual string SiteName { get; set; }
public virtual string StripeApiKey { get; set; }
public virtual string ProjectName { get; set; }

View File

@ -27,6 +27,8 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
using IdentityServer4.AccessTokenValidation;
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.HttpOverrides;
using System.Linq;
namespace Bit.Core.Utilities
{
@ -390,5 +392,29 @@ namespace Bit.Core.Utilities
await next.Invoke();
});
}
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
if(!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
{
var proxies = globalSettings.KnownProxies.Split(',');
foreach(var proxy in proxies)
{
if(System.Net.IPAddress.TryParse(proxy, out var ip))
{
options.KnownProxies.Add(ip);
}
}
}
if(options.KnownProxies.Count > 1)
{
options.ForwardLimit = null;
}
app.UseForwardedHeaders(options);
}
}
}

View File

@ -97,6 +97,10 @@ namespace Bit.Identity
// Rate limiting
app.UseMiddleware<CustomIpRateLimitMiddleware>();
}
else
{
app.UseForwardedHeaders(globalSettings);
}
// Add current context
app.UseMiddleware<CurrentContextMiddleware>();