diff options
author | Wolfy-J <[email protected]> | 2019-09-06 13:05:16 +0300 |
---|---|---|
committer | Wolfy-J <[email protected]> | 2019-09-06 13:05:16 +0300 |
commit | 461db7f19195f70306e41e8920616c53eb00c1f3 (patch) | |
tree | 4f54e937e1a3cba255ff3a712cc7b55d6515aed7 | |
parent | 2ac01468ee745ace3a72742aa97cbd3e51d6dae2 (diff) |
- bugfix: proper proxy IP validation + CS
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | service/http/config.go | 8 | ||||
-rw-r--r-- | service/http/config_test.go | 37 | ||||
-rw-r--r-- | service/http/handler.go | 3 | ||||
-rw-r--r-- | src/PSR7Client.php | 2 |
5 files changed, 7 insertions, 46 deletions
@@ -20,3 +20,6 @@ test: go test -v -race -cover ./service/limit go test -v -race -cover ./service/headers go test -v -race -cover ./service/metrics +lint: + go fmt ./... + golint ./...
\ No newline at end of file diff --git a/service/http/config.go b/service/http/config.go index 25be205c..ff15e83e 100644 --- a/service/http/config.go +++ b/service/http/config.go @@ -189,14 +189,6 @@ func (c *Config) IsTrusted(ip string) bool { return false } -func (c *Config) IsValid(ip string) bool { - i := net.ParseIP(ip) - if i == nil { - return false - } - return true -} - // Valid validates the configuration. func (c *Config) Valid() error { if c.Uploads == nil { diff --git a/service/http/config_test.go b/service/http/config_test.go index 800c87ce..d8b92247 100644 --- a/service/http/config_test.go +++ b/service/http/config_test.go @@ -83,43 +83,6 @@ func Test_Trusted_Subnets(t *testing.T) { assert.False(t, cfg.IsTrusted("127.0.0.0.1")) } -func TestConfig_IsValid(t *testing.T) { - - cfg := &Config{ - Address: ":8080", - MaxRequestSize: 1024, - Uploads: &UploadsConfig{ - Dir: os.TempDir(), - Forbid: []string{".go"}, - }, - HTTP2: &HTTP2Config{ - Enabled: true, - }, - TrustedSubnets: []string{"200.1.0.0/16"}, - Workers: &roadrunner.ServerConfig{ - Command: "php tests/client.php echo pipes", - Relay: "pipes", - Pool: &roadrunner.Config{ - NumWorkers: 1, - AllocateTimeout: time.Second, - DestroyTimeout: time.Second, - }, - }, - } - - ip6 := "FE80::0202:B3FF:FE1E:8329" - ip4 := "127.0.0.1" - - assert.True(t, cfg.IsValid(ip4)) - assert.True(t, cfg.IsValid(ip6)) - - ip4Invalid := "127.0.0.0.1" - ip6Invalid := "FE80::0202::B3FF:FE1E:8329" // Can only use :: once in an address - - assert.False(t, cfg.IsValid(ip4Invalid)) - assert.False(t, cfg.IsValid(ip6Invalid)) -} - func Test_Trusted_Subnets_Err(t *testing.T) { cfg := &Config{ Address: ":8080", diff --git a/service/http/handler.go b/service/http/handler.go index 19179b72..a4da224d 100644 --- a/service/http/handler.go +++ b/service/http/handler.go @@ -3,6 +3,7 @@ package http import ( "github.com/pkg/errors" "github.com/spiral/roadrunner" + "net" "net/http" "strconv" "strings" @@ -157,7 +158,7 @@ func (h *Handler) resolveIP(r *Request) { for i := ipCount - 1; i >= 0; i-- { addr := strings.TrimSpace(ips[i]) - if h.cfg.IsValid(addr) { + if net.ParseIP(addr) != nil { r.RemoteAddr = addr return } diff --git a/src/PSR7Client.php b/src/PSR7Client.php index 5b9425d6..cb3b7a7b 100644 --- a/src/PSR7Client.php +++ b/src/PSR7Client.php @@ -132,6 +132,8 @@ class PSR7Client protected function configureServer(array $ctx): array { $server = $this->originalServer; + + $server['REQUEST_URI'] = $rawRequest['ctx']['uri']; $server['REQUEST_TIME'] = time(); $server['REQUEST_TIME_FLOAT'] = microtime(true); $server['REMOTE_ADDR'] = $ctx['attributes']['ipAddress'] ?? $ctx['remoteAddr'] ?? '127.0.0.1'; |