feat: Support the Forwarded header.

This commit is contained in:
Ruben Verborgh
2020-12-01 21:24:43 +01:00
committed by Joachim Van Herwegen
parent 3362eee2c2
commit ecfe3cfc46
7 changed files with 162 additions and 53 deletions

View File

@@ -3,6 +3,7 @@ import type WebSocket from 'ws';
import { getLoggerFor } from '../logging/LogUtil';
import type { HttpRequest } from '../server/HttpRequest';
import { WebSocketHandler } from '../server/WebSocketHandler';
import { parseForwarded } from '../util/HeaderUtil';
import type { ResourceIdentifier } from './representation/ResourceIdentifier';
const VERSION = 'solid/0.1.0-alpha';
@@ -26,13 +27,13 @@ class WebSocketListener extends EventEmitter {
socket.addListener('message', (message: string): void => this.onMessage(message));
}
public start(upgradeRequest: HttpRequest): void {
public start({ headers, socket }: HttpRequest): void {
// Greet the client
this.sendMessage('protocol', VERSION);
this.sendMessage('warning', 'Unstandardized protocol version, proceed with care');
// Verify the WebSocket protocol version
const protocolHeader = upgradeRequest.headers['sec-websocket-protocol'];
const protocolHeader = headers['sec-websocket-protocol'];
if (!protocolHeader) {
this.sendMessage('warning', `Missing Sec-WebSocket-Protocol header, expected value '${VERSION}'`);
} else {
@@ -44,8 +45,9 @@ class WebSocketListener extends EventEmitter {
}
// Store the HTTP host and protocol
this.host = upgradeRequest.headers.host ?? '';
this.protocol = (upgradeRequest.socket as any).secure ? 'https:' : 'http:';
const forwarded = parseForwarded(headers.forwarded);
this.host = forwarded.host ?? headers.host ?? 'localhost';
this.protocol = forwarded.proto === 'https' || (socket as any).secure ? 'https:' : 'http:';
}
private stop(): void {

View File

@@ -1,6 +1,6 @@
import type { TLSSocket } from 'tls';
import { getLoggerFor } from '../../logging/LogUtil';
import type { HttpRequest } from '../../server/HttpRequest';
import { parseForwarded } from '../../util/HeaderUtil';
import { toCanonicalUriPath } from '../../util/PathUtil';
import type { ResourceIdentifier } from '../representation/ResourceIdentifier';
import { TargetExtractor } from './TargetExtractor';
@@ -11,28 +11,35 @@ import { TargetExtractor } from './TargetExtractor';
* TODO: input requires more extensive cleaning/parsing based on headers (see #22).
*/
export class BasicTargetExtractor extends TargetExtractor {
protected readonly logger = getLoggerFor(this);
public async handle({ url, headers: { host }, connection }: HttpRequest): Promise<ResourceIdentifier> {
public async handle({ url, connection, headers }: HttpRequest): Promise<ResourceIdentifier> {
if (!url) {
this.logger.error('The request has no URL');
throw new Error('Missing URL');
}
// Extract host and protocol (possibly overridden by the Forwarded header)
let { host } = headers;
let protocol = (connection as TLSSocket)?.encrypted ? 'https' : 'http';
if (headers.forwarded) {
const forwarded = parseForwarded(headers.forwarded);
if (forwarded.host) {
({ host } = forwarded);
}
if (forwarded.proto) {
({ proto: protocol } = forwarded);
}
}
// Perform a sanity check on the host
if (!host) {
this.logger.error('The request has no Host header');
throw new Error('Missing Host header');
}
if (/[/\\*]/u.test(host)) {
throw new Error(`The request has an invalid Host header: ${host}`);
}
const isHttps = (connection as TLSSocket)?.encrypted;
this.logger.debug(`Request is using HTTPS: ${isHttps}`);
// URL object applies punycode encoding to domain
const base = `http${isHttps ? 's' : ''}://${host}`;
const base = `${protocol}://${host}`;
const path = new URL(toCanonicalUriPath(url), base).href;
return { path };
}
}

View File

@@ -378,3 +378,37 @@ export const addHeader = (response: HttpResponse, name: string, value: string |
}
response.setHeader(name, allValues.length === 1 ? allValues[0] : allValues);
};
/**
* The Forwarded header from RFC7239
*/
export interface Forwarded {
/** The user-agent facing interface of the proxy */
by?: string;
/** The node making the request to the proxy */
for?: string;
/** The host request header field as received by the proxy */
host?: string;
/** The protocol used to make the request */
proto?: string;
}
/**
* Parses a Forwarded header value.
*
* @param value - The Forwarded header value.
*
* @returns The parsed Forwarded header.
*/
export const parseForwarded = (value = ''): Forwarded => {
const forwarded: Record<string, string> = {};
if (value) {
for (const pair of value.replace(/\s*,.*$/u, '').split(';')) {
const components = /^(by|for|host|proto)=(.+)$/u.exec(pair);
if (components) {
forwarded[components[1]] = components[2];
}
}
}
return forwarded;
};