Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00
Code Issues Projects Releases Wiki Activity

UseForwardedHeaders with known proxies

Browse Source
This commit is contained in:
Kyle Spearrin 2019-04-26 09:52:54 -04:00
parent 8b80478a97
commit e6baa1490c
5 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Admin/Startup.cs
View File

@ -104,10 +104,7 @@ namespace Bit.Admin
if(globalSettings.SelfHosted) if(globalSettings.SelfHosted)
{ {
app.UsePathBase("/admin"); app.UsePathBase("/admin");
app.UseForwardedHeaders(new ForwardedHeadersOptions app.UseForwardedHeaders(globalSettings);
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
} }
if(env.IsDevelopment()) if(env.IsDevelopment())

5
src/Api/Startup.cs
View File

@ -171,10 +171,7 @@ namespace Bit.Api
} }
else else
{ {
app.UseForwardedHeaders(new ForwardedHeadersOptions app.UseForwardedHeaders(globalSettings);
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
} }
// Add static files to the request pipeline. // Add static files to the request pipeline.

1
src/Core/GlobalSettings.cs
View File

@ -5,6 +5,7 @@ namespace Bit.Core
public class GlobalSettings public class GlobalSettings
{ {
public bool SelfHosted { get; set; } public bool SelfHosted { get; set; }
public virtual string KnownProxies { get; set; }
public virtual string SiteName { get; set; } public virtual string SiteName { get; set; }
public virtual string StripeApiKey { get; set; } public virtual string StripeApiKey { get; set; }
public virtual string ProjectName { get; set; } public virtual string ProjectName { get; set; }

26
src/Core/Utilities/ServiceCollectionExtensions.cs
View File

@ -27,6 +27,8 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
using IdentityServer4.AccessTokenValidation; using IdentityServer4.AccessTokenValidation;
using System.Security.Claims; using System.Security.Claims;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.HttpOverrides;
using System.Linq;
namespace Bit.Core.Utilities namespace Bit.Core.Utilities
{ {
@ -390,5 +392,29 @@ namespace Bit.Core.Utilities
await next.Invoke(); await next.Invoke();
}); });
} }
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
if(!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
{
var proxies = globalSettings.KnownProxies.Split(',');
foreach(var proxy in proxies)
{
if(System.Net.IPAddress.TryParse(proxy, out var ip))
{
options.KnownProxies.Add(ip);
}
}
}
if(options.KnownProxies.Count > 1)
{
options.ForwardLimit = null;
}
app.UseForwardedHeaders(options);
}
} }
} }

4
src/Identity/Startup.cs
View File

@ -97,6 +97,10 @@ namespace Bit.Identity
// Rate limiting // Rate limiting
app.UseMiddleware<CustomIpRateLimitMiddleware>(); app.UseMiddleware<CustomIpRateLimitMiddleware>();
} }
else
{
app.UseForwardedHeaders(globalSettings);
}
// Add current context // Add current context
app.UseMiddleware<CurrentContextMiddleware>(); app.UseMiddleware<CurrentContextMiddleware>();