From fb288bfdbc1088f6e9616c88645ab622cd52797a Mon Sep 17 00:00:00 2001 From: tigerbot Date: Fri, 16 Jun 2017 17:51:03 -0600 Subject: [PATCH] removed duplication of X-Forwarded header generation --- lib/modules/http.js | 49 +++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/lib/modules/http.js b/lib/modules/http.js index 81ea132..351937e 100644 --- a/lib/modules/http.js +++ b/lib/modules/http.js @@ -236,32 +236,19 @@ module.exports.create = function (deps, conf, greenlockMiddleware) { proxy.ws(req, socket, head, socket.proxyOpts); }); } - function proxyRequest(mod, conn, opts, headers) { + function proxyRequest(mod, conn, opts, xHeaders) { if (!proxyServer) { createProxyServer(); } - var xHeaders = {}; - // Then add our own `X-Forwarded` headers at the end. - if (conf.http.trustProxy && headers['x-forwarded-proto']) { - xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto']; - } else { - xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http'; - } - var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean); - proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress); - xHeaders['X-Forwarded-For'] = proxyChain.join(', '); - xHeaders['X-Forwarded-Host'] = headers.host; - conn.proxyOpts = { target: 'http://'+(mod.address || (mod.host || 'localhost')+':'+mod.port) , headers: xHeaders }; - proxyServer.emit('connection', conn); - conn.unshift(opts.firstChunk); + return emitConnection(proxyServer, conn, opts); } - function proxyWebsocket(mod, conn, opts, headers) { + function proxyWebsocket(mod, conn, opts, headers, xHeaders) { var index = opts.firstChunk.indexOf('\r\n\r\n'); var body = opts.firstChunk.slice(index); @@ -272,15 +259,9 @@ module.exports.create = function (deps, conf, greenlockMiddleware) { return !/^x-forwarded/i.test(line); }); // Then add our own `X-Forwarded` headers at the end. - if (conf.http.trustProxy && headers['x-forwarded-proto']) { - headLines.push('X-Forwarded-Proto: ' + headers['x-forwarded-proto']); - } else { - headLines.push('X-Forwarded-Proto: ' + (conn.encrypted ? 'https' : 'http')); - } - var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean); - proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress); - headLines.push('X-Forwarded-For: ' + proxyChain.join(', ')); - headLines.push('X-Forwarded-Host: ' + headers.host); + Object.keys(xHeaders).forEach(function (key) { + headLines.push(key + ': ' +xHeaders[key]); + }); // Then convert all of the head lines back into a header buffer. head = Buffer.from(headLines.join('\r\n')); @@ -300,10 +281,22 @@ module.exports.create = function (deps, conf, greenlockMiddleware) { } function checkProxy(mod, conn, opts, headers) { - if ((headers.connection || '').toLowerCase() === 'upgrade') { - proxyWebsocket(mod, conn, opts, headers); + var xHeaders = {}; + // Then add our own `X-Forwarded` headers at the end. + if (conf.http.trustProxy && headers['x-forwarded-proto']) { + xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto']; } else { - proxyRequest(mod, conn, opts, headers); + xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http'; + } + var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean); + proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress); + xHeaders['X-Forwarded-For'] = proxyChain.join(', '); + xHeaders['X-Forwarded-Host'] = headers.host; + + if ((headers.connection || '').toLowerCase() === 'upgrade') { + proxyWebsocket(mod, conn, opts, headers, xHeaders); + } else { + proxyRequest(mod, conn, opts, xHeaders); } return true; }