From 76c594b83affd6fe0e03659aaba44d97b6f9ad7d Mon Sep 17 00:00:00 2001
From: Matt Drollette <matt@drollette.com>
Date: Thu, 11 Dec 2014 15:02:18 -0600
Subject: [PATCH] flag for trusting proxy headers

---
 cmd/reseeder.go  | 21 ++++++++++++++++-----
 reseed/server.go | 10 +++++++---
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/cmd/reseeder.go b/cmd/reseeder.go
index 26d8de6..bb86287 100644
--- a/cmd/reseeder.go
+++ b/cmd/reseeder.go
@@ -38,12 +38,10 @@ func NewReseedCommand() cli.Command {
 			},
 			cli.StringFlag{
 				Name:  "tlscert",
-				Value: "cert.pem",
 				Usage: "Path to tls certificate",
 			},
 			cli.StringFlag{
 				Name:  "tlskey",
-				Value: "key.pem",
 				Usage: "Path to tls key",
 			},
 			cli.StringFlag{
@@ -61,6 +59,14 @@ func NewReseedCommand() cli.Command {
 				Value: "12h",
 				Usage: "Duration between SU3 cache rebuilds (ex. 12h, 15m)",
 			},
+			cli.StringFlag{
+				Name:  "prefix",
+				Usage: "Prefix path for server. (ex. /netdb)",
+			},
+			cli.BoolFlag{
+				Name:  "trustProxy",
+				Usage: "If provided, we will trust the 'X-Forwarded-For' header in requests (ex. behind cloudflare)",
+			},
 		},
 	}
 }
@@ -103,17 +109,22 @@ func reseedAction(c *cli.Context) {
 	reseeder := reseed.NewReseeder(netdb)
 	reseeder.SigningKey = privKey
 	reseeder.SignerId = []byte(signerId)
-	reseeder.NumRi = c.Int("numRI")
+	reseeder.NumRi = c.Int("numRi")
 	reseeder.RebuildInterval = reloadIntvl
 	reseeder.Start()
 
 	// create a server
-	server := reseed.NewServer()
+	server := reseed.NewServer(c.String("prefix"), c.Bool("trustProxy"))
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
 
 	// @todo check if tls cert exists, prompt to generate a new one if not
 
 	log.Printf("Server listening on %s\n", server.Addr)
-	server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey"))
+
+	if c.String("tlscert") != "" && c.String("tlskey") != "" {
+		log.Fatalln(server.ListenAndServeTLS(c.String("tlscert"), c.String("tlskey")))
+	} else {
+		log.Fatalln(server.ListenAndServe())
+	}
 }
diff --git a/reseed/server.go b/reseed/server.go
index 1aea464..c55939c 100644
--- a/reseed/server.go
+++ b/reseed/server.go
@@ -23,17 +23,21 @@ type Server struct {
 	Reseeder Reseeder
 }
 
-func NewServer() *Server {
+func NewServer(prefix string, trustProxy bool) *Server {
 	config := &tls.Config{MinVersion: tls.VersionTLS10}
 	h := &http.Server{TLSConfig: config}
 	server := Server{h, nil}
 
 	th := throttled.RateLimit(throttled.PerHour(120), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(10000))
 
-	middlewareChain := alice.New(proxiedMiddleware, loggingMiddleware, verifyMiddleware, th.Throttle)
+	middlewareChain := alice.New()
+	if trustProxy {
+		middlewareChain.Append(proxiedMiddleware)
+	}
+	middlewareChain.Append(loggingMiddleware, verifyMiddleware, th.Throttle)
 
 	mux := http.NewServeMux()
-	mux.Handle("/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler)))
+	mux.Handle(prefix+"/i2pseeds.su3", middlewareChain.Then(http.HandlerFunc(server.reseedHandler)))
 	server.Handler = mux
 
 	return &server