removed duplication of X-Forwarded header generation

This commit is contained in:
tigerbot 2017-06-16 17:51:03 -06:00
parent 0a0f06094e
commit fb288bfdbc
1 changed files with 21 additions and 28 deletions

View File

@ -236,32 +236,19 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
proxy.ws(req, socket, head, socket.proxyOpts);
});
}
function proxyRequest(mod, conn, opts, headers) {
function proxyRequest(mod, conn, opts, xHeaders) {
if (!proxyServer) {
createProxyServer();
}
var xHeaders = {};
// Then add our own `X-Forwarded` headers at the end.
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto'];
} else {
xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http';
}
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
xHeaders['X-Forwarded-For'] = proxyChain.join(', ');
xHeaders['X-Forwarded-Host'] = headers.host;
conn.proxyOpts = {
target: 'http://'+(mod.address || (mod.host || 'localhost')+':'+mod.port)
, headers: xHeaders
};
proxyServer.emit('connection', conn);
conn.unshift(opts.firstChunk);
return emitConnection(proxyServer, conn, opts);
}
function proxyWebsocket(mod, conn, opts, headers) {
function proxyWebsocket(mod, conn, opts, headers, xHeaders) {
var index = opts.firstChunk.indexOf('\r\n\r\n');
var body = opts.firstChunk.slice(index);
@ -272,15 +259,9 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
return !/^x-forwarded/i.test(line);
});
// Then add our own `X-Forwarded` headers at the end.
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
headLines.push('X-Forwarded-Proto: ' + headers['x-forwarded-proto']);
} else {
headLines.push('X-Forwarded-Proto: ' + (conn.encrypted ? 'https' : 'http'));
}
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
headLines.push('X-Forwarded-For: ' + proxyChain.join(', '));
headLines.push('X-Forwarded-Host: ' + headers.host);
Object.keys(xHeaders).forEach(function (key) {
headLines.push(key + ': ' +xHeaders[key]);
});
// Then convert all of the head lines back into a header buffer.
head = Buffer.from(headLines.join('\r\n'));
@ -300,10 +281,22 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
}
function checkProxy(mod, conn, opts, headers) {
if ((headers.connection || '').toLowerCase() === 'upgrade') {
proxyWebsocket(mod, conn, opts, headers);
var xHeaders = {};
// Then add our own `X-Forwarded` headers at the end.
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto'];
} else {
proxyRequest(mod, conn, opts, headers);
xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http';
}
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
xHeaders['X-Forwarded-For'] = proxyChain.join(', ');
xHeaders['X-Forwarded-Host'] = headers.host;
if ((headers.connection || '').toLowerCase() === 'upgrade') {
proxyWebsocket(mod, conn, opts, headers, xHeaders);
} else {
proxyRequest(mod, conn, opts, xHeaders);
}
return true;
}