summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWolfy-J <[email protected]>2019-09-06 13:05:16 +0300
committerWolfy-J <[email protected]>2019-09-06 13:05:16 +0300
commit461db7f19195f70306e41e8920616c53eb00c1f3 (patch)
tree4f54e937e1a3cba255ff3a712cc7b55d6515aed7
parent2ac01468ee745ace3a72742aa97cbd3e51d6dae2 (diff)
- bugfix: proper proxy IP validation + CS
-rw-r--r--Makefile3
-rw-r--r--service/http/config.go8
-rw-r--r--service/http/config_test.go37
-rw-r--r--service/http/handler.go3
-rw-r--r--src/PSR7Client.php2
5 files changed, 7 insertions, 46 deletions
diff --git a/Makefile b/Makefile
index 9facdf1b..d8200446 100644
--- a/Makefile
+++ b/Makefile
@@ -20,3 +20,6 @@ test:
go test -v -race -cover ./service/limit
go test -v -race -cover ./service/headers
go test -v -race -cover ./service/metrics
+lint:
+ go fmt ./...
+ golint ./... \ No newline at end of file
diff --git a/service/http/config.go b/service/http/config.go
index 25be205c..ff15e83e 100644
--- a/service/http/config.go
+++ b/service/http/config.go
@@ -189,14 +189,6 @@ func (c *Config) IsTrusted(ip string) bool {
return false
}
-func (c *Config) IsValid(ip string) bool {
- i := net.ParseIP(ip)
- if i == nil {
- return false
- }
- return true
-}
-
// Valid validates the configuration.
func (c *Config) Valid() error {
if c.Uploads == nil {
diff --git a/service/http/config_test.go b/service/http/config_test.go
index 800c87ce..d8b92247 100644
--- a/service/http/config_test.go
+++ b/service/http/config_test.go
@@ -83,43 +83,6 @@ func Test_Trusted_Subnets(t *testing.T) {
assert.False(t, cfg.IsTrusted("127.0.0.0.1"))
}
-func TestConfig_IsValid(t *testing.T) {
-
- cfg := &Config{
- Address: ":8080",
- MaxRequestSize: 1024,
- Uploads: &UploadsConfig{
- Dir: os.TempDir(),
- Forbid: []string{".go"},
- },
- HTTP2: &HTTP2Config{
- Enabled: true,
- },
- TrustedSubnets: []string{"200.1.0.0/16"},
- Workers: &roadrunner.ServerConfig{
- Command: "php tests/client.php echo pipes",
- Relay: "pipes",
- Pool: &roadrunner.Config{
- NumWorkers: 1,
- AllocateTimeout: time.Second,
- DestroyTimeout: time.Second,
- },
- },
- }
-
- ip6 := "FE80::0202:B3FF:FE1E:8329"
- ip4 := "127.0.0.1"
-
- assert.True(t, cfg.IsValid(ip4))
- assert.True(t, cfg.IsValid(ip6))
-
- ip4Invalid := "127.0.0.0.1"
- ip6Invalid := "FE80::0202::B3FF:FE1E:8329" // Can only use :: once in an address
-
- assert.False(t, cfg.IsValid(ip4Invalid))
- assert.False(t, cfg.IsValid(ip6Invalid))
-}
-
func Test_Trusted_Subnets_Err(t *testing.T) {
cfg := &Config{
Address: ":8080",
diff --git a/service/http/handler.go b/service/http/handler.go
index 19179b72..a4da224d 100644
--- a/service/http/handler.go
+++ b/service/http/handler.go
@@ -3,6 +3,7 @@ package http
import (
"github.com/pkg/errors"
"github.com/spiral/roadrunner"
+ "net"
"net/http"
"strconv"
"strings"
@@ -157,7 +158,7 @@ func (h *Handler) resolveIP(r *Request) {
for i := ipCount - 1; i >= 0; i-- {
addr := strings.TrimSpace(ips[i])
- if h.cfg.IsValid(addr) {
+ if net.ParseIP(addr) != nil {
r.RemoteAddr = addr
return
}
diff --git a/src/PSR7Client.php b/src/PSR7Client.php
index 5b9425d6..cb3b7a7b 100644
--- a/src/PSR7Client.php
+++ b/src/PSR7Client.php
@@ -132,6 +132,8 @@ class PSR7Client
protected function configureServer(array $ctx): array
{
$server = $this->originalServer;
+
+ $server['REQUEST_URI'] = $rawRequest['ctx']['uri'];
$server['REQUEST_TIME'] = time();
$server['REQUEST_TIME_FLOAT'] = microtime(true);
$server['REMOTE_ADDR'] = $ctx['attributes']['ipAddress'] ?? $ctx['remoteAddr'] ?? '127.0.0.1';