flag for trusting proxy headers
This commit is contained in:
Matt Drollette
@@ -38,12 +38,10 @@ func NewReseedCommand() cli.Command {
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "tlscert",
|
||||
Value: "cert.pem",
|
||||
Usage: "Path to tls certificate",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "tlskey",
|
||||
Value: "key.pem",
|
||||
Usage: "Path to tls key",
|
||||
},
|
||||
cli.StringFlag{
|
||||
@@ -61,6 +59,14 @@ func NewReseedCommand() cli.Command {
|
||||
Value: "12h",
|
||||
Usage: "Duration between SU3 cache rebuilds (ex. 12h, 15m)",
|
||||
},
|
||||
cli.StringFlag{
|
||||
Name: "prefix",
|
||||
Usage: "Prefix path for server. (ex. /netdb)",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "trustProxy",
|
||||
Usage: "If provided, we will trust the 'X-Forwarded-For' header in requests (ex. behind cloudflare)",
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -103,17 +109,22 @@ func reseedAction(c *cli.Context) {
|
||||
reseeder := reseed.NewReseeder(netdb)
|
||||
reseeder.SigningKey = privKey
|
||||
reseeder.SignerId = []byte(signerId)
|
||||
reseeder.NumRi = c.Int("numRI")
|
||||
reseeder.NumRi = c.Int("numRi")
|
||||
reseeder.RebuildInterval = reloadIntvl
|
||||
reseeder.Start()
|
||||
|
||||
// create a server
|
||||
server := reseed.NewServer()
|
||||
server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
|
||||
server.Reseeder = reseeder
|
||||
server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
|
||||
|
||||
// @todo check if tls cert exists, prompt to generate a new one if not
|
||||
|
||||
log.Printf("Server listening on %s\n", server.Addr)
|
||||
server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey"))
|
||||
|
||||
if c.String("tlscert") != "" && c.String("tlskey") != "" {
|
||||
log.Fatalln(server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey")))
|
||||
} else {
|
||||
log.Fatalln(server.ListenAndServe())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,17 +23,21 @@ type Server struct {
|
||||
Reseeder Reseeder
|
||||
}
|
||||
|
||||
func NewServer() *Server {
|
||||
func NewServer(prefix string, trustProxy bool) *Server {
|
||||
config := &tls.Config{MinVersion: tls.VersionTLS10}
|
||||
h := &http.Server{TLSConfig: config}
|
||||
server := Server{h, nil}
|
||||
|
||||
th := throttled.RateLimit(throttled.PerHour(120), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(10000))
|
||||
|
||||
middlewareChain := alice.New(proxiedMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle)
|
||||
middlewareChain := alice.New()
|
||||
if trustProxy {
|
||||
middlewareChain.Append(proxiedMiddleware)
|
||||
}
|
||||
middlewareChain.Append(loggingMiddleware, verifyMiddleware, th.Throttle)
|
||||
|
||||
mux := http.NewServeMux()
|
||||
mux.Handle("/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler)))
|
||||
mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler)))
|
||||
server.Handler = mux
|
||||
|
||||
return &server
|
||||
|
||||
Reference in New Issue
Block a user