mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Support the Forwarded header.
This commit is contained in:
Ruben Verborgh
committed by
Joachim Van Herwegen
Joachim Van Herwegen
parent
3362eee2c2
commit
ecfe3cfc46
@@ -3,6 +3,7 @@ import type WebSocket from 'ws';
|
||||
import { getLoggerFor } from '../logging/LogUtil';
|
||||
import type { HttpRequest } from '../server/HttpRequest';
|
||||
import { WebSocketHandler } from '../server/WebSocketHandler';
|
||||
import { parseForwarded } from '../util/HeaderUtil';
|
||||
import type { ResourceIdentifier } from './representation/ResourceIdentifier';
|
||||
|
||||
const VERSION = 'solid/0.1.0-alpha';
|
||||
@@ -26,13 +27,13 @@ class WebSocketListener extends EventEmitter {
|
||||
socket.addListener('message', (message: string): void => this.onMessage(message));
|
||||
}
|
||||
|
||||
public start(upgradeRequest: HttpRequest): void {
|
||||
public start({ headers, socket }: HttpRequest): void {
|
||||
// Greet the client
|
||||
this.sendMessage('protocol', VERSION);
|
||||
this.sendMessage('warning', 'Unstandardized protocol version, proceed with care');
|
||||
|
||||
// Verify the WebSocket protocol version
|
||||
const protocolHeader = upgradeRequest.headers['sec-websocket-protocol'];
|
||||
const protocolHeader = headers['sec-websocket-protocol'];
|
||||
if (!protocolHeader) {
|
||||
this.sendMessage('warning', `Missing Sec-WebSocket-Protocol header, expected value '${VERSION}'`);
|
||||
} else {
|
||||
@@ -44,8 +45,9 @@ class WebSocketListener extends EventEmitter {
|
||||
}
|
||||
|
||||
// Store the HTTP host and protocol
|
||||
this.host = upgradeRequest.headers.host ?? '';
|
||||
this.protocol = (upgradeRequest.socket as any).secure ? 'https:' : 'http:';
|
||||
const forwarded = parseForwarded(headers.forwarded);
|
||||
this.host = forwarded.host ?? headers.host ?? 'localhost';
|
||||
this.protocol = forwarded.proto === 'https' || (socket as any).secure ? 'https:' : 'http:';
|
||||
}
|
||||
|
||||
private stop(): void {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import type { TLSSocket } from 'tls';
|
||||
import { getLoggerFor } from '../../logging/LogUtil';
|
||||
import type { HttpRequest } from '../../server/HttpRequest';
|
||||
import { parseForwarded } from '../../util/HeaderUtil';
|
||||
import { toCanonicalUriPath } from '../../util/PathUtil';
|
||||
import type { ResourceIdentifier } from '../representation/ResourceIdentifier';
|
||||
import { TargetExtractor } from './TargetExtractor';
|
||||
@@ -11,28 +11,35 @@ import { TargetExtractor } from './TargetExtractor';
|
||||
* TODO: input requires more extensive cleaning/parsing based on headers (see #22).
|
||||
*/
|
||||
export class BasicTargetExtractor extends TargetExtractor {
|
||||
protected readonly logger = getLoggerFor(this);
|
||||
|
||||
public async handle({ url, headers: { host }, connection }: HttpRequest): Promise<ResourceIdentifier> {
|
||||
public async handle({ url, connection, headers }: HttpRequest): Promise<ResourceIdentifier> {
|
||||
if (!url) {
|
||||
this.logger.error('The request has no URL');
|
||||
throw new Error('Missing URL');
|
||||
}
|
||||
|
||||
// Extract host and protocol (possibly overridden by the Forwarded header)
|
||||
let { host } = headers;
|
||||
let protocol = (connection as TLSSocket)?.encrypted ? 'https' : 'http';
|
||||
if (headers.forwarded) {
|
||||
const forwarded = parseForwarded(headers.forwarded);
|
||||
if (forwarded.host) {
|
||||
({ host } = forwarded);
|
||||
}
|
||||
if (forwarded.proto) {
|
||||
({ proto: protocol } = forwarded);
|
||||
}
|
||||
}
|
||||
|
||||
// Perform a sanity check on the host
|
||||
if (!host) {
|
||||
this.logger.error('The request has no Host header');
|
||||
throw new Error('Missing Host header');
|
||||
}
|
||||
if (/[/\\*]/u.test(host)) {
|
||||
throw new Error(`The request has an invalid Host header: ${host}`);
|
||||
}
|
||||
|
||||
const isHttps = (connection as TLSSocket)?.encrypted;
|
||||
this.logger.debug(`Request is using HTTPS: ${isHttps}`);
|
||||
|
||||
// URL object applies punycode encoding to domain
|
||||
const base = `http${isHttps ? 's' : ''}://${host}`;
|
||||
const base = `${protocol}://${host}`;
|
||||
const path = new URL(toCanonicalUriPath(url), base).href;
|
||||
|
||||
return { path };
|
||||
}
|
||||
}
|
||||
|
||||
@@ -378,3 +378,37 @@ export const addHeader = (response: HttpResponse, name: string, value: string |
|
||||
}
|
||||
response.setHeader(name, allValues.length === 1 ? allValues[0] : allValues);
|
||||
};
|
||||
|
||||
/**
|
||||
* The Forwarded header from RFC7239
|
||||
*/
|
||||
export interface Forwarded {
|
||||
/** The user-agent facing interface of the proxy */
|
||||
by?: string;
|
||||
/** The node making the request to the proxy */
|
||||
for?: string;
|
||||
/** The host request header field as received by the proxy */
|
||||
host?: string;
|
||||
/** The protocol used to make the request */
|
||||
proto?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses a Forwarded header value.
|
||||
*
|
||||
* @param value - The Forwarded header value.
|
||||
*
|
||||
* @returns The parsed Forwarded header.
|
||||
*/
|
||||
export const parseForwarded = (value = ''): Forwarded => {
|
||||
const forwarded: Record<string, string> = {};
|
||||
if (value) {
|
||||
for (const pair of value.replace(/\s*,.*$/u, '').split(';')) {
|
||||
const components = /^(by|for|host|proto)=(.+)$/u.exec(pair);
|
||||
if (components) {
|
||||
forwarded[components[1]] = components[2];
|
||||
}
|
||||
}
|
||||
}
|
||||
return forwarded;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user