1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// Copyright 2020 Lauris BH. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package proxy
import (
"net"
)
// ForwardedHeadersOptions represents options for forwarded header middleware
type ForwardedHeadersOptions struct {
// ForwardLimit limits the number of entries in the headers that will be processed.
// The default value is 1. Set to 0 to disable the limit.
ForwardLimit int
// TrustingAllProxies option sets to trust all proxies.
TrustingAllProxies bool
// KnownProxies represents addresses of trusted proxies.
TrustedProxies []net.IP
// TrustedNetworks represents addresses of trusted networks.
TrustedNetworks []*net.IPNet
}
var defaultOptions = &ForwardedHeadersOptions{
ForwardLimit: 1,
TrustedProxies: []net.IP{
net.IPv4(127, 0, 0, 1),
},
}
// NewForwardedHeadersOptions creates new middleware options
func NewForwardedHeadersOptions() *ForwardedHeadersOptions {
return &ForwardedHeadersOptions{
ForwardLimit: defaultOptions.ForwardLimit,
TrustedProxies: defaultOptions.TrustedProxies,
TrustedNetworks: defaultOptions.TrustedNetworks,
}
}
// WithForwardLimit sets number of entries to be processed
func (opts *ForwardedHeadersOptions) WithForwardLimit(limit int) *ForwardedHeadersOptions {
opts.ForwardLimit = limit
return opts
}
// TrustAllProxies sets to trust all proxies
func (opts *ForwardedHeadersOptions) TrustAllProxies() *ForwardedHeadersOptions {
opts.TrustingAllProxies = true
return opts
}
// ClearTrustedProxies clears trusted proxy list
func (opts *ForwardedHeadersOptions) ClearTrustedProxies() *ForwardedHeadersOptions {
opts.TrustingAllProxies = false
opts.TrustedProxies = make([]net.IP, 0)
return opts
}
// AddTrustedProxy adds proxy IP to trusted proxy list
func (opts *ForwardedHeadersOptions) AddTrustedProxy(ip string) *ForwardedHeadersOptions {
// Special option to trust all proxies if IP address is set as wildcard
if ip == "*" {
opts.TrustingAllProxies = true
return opts
}
ipaddr := net.ParseIP(ip)
if ipaddr == nil {
return opts
}
opts.TrustedProxies = append(opts.TrustedProxies, ipaddr)
return opts
}
// ClearTrustedNetworks clears trusted network list
func (opts *ForwardedHeadersOptions) ClearTrustedNetworks() *ForwardedHeadersOptions {
opts.TrustedNetworks = make([]*net.IPNet, 0)
return opts
}
// AddTrustedNetwork adds network to trusted network list
func (opts *ForwardedHeadersOptions) AddTrustedNetwork(cidr string) *ForwardedHeadersOptions {
_, netmask, err := net.ParseCIDR(cidr)
if err != nil || netmask == nil {
return opts
}
opts.TrustedNetworks = append(opts.TrustedNetworks, netmask)
return opts
}
func (opts *ForwardedHeadersOptions) isTrustedProxy(ip net.IP) bool {
if opts.TrustingAllProxies {
return true
}
if ip == nil {
return false
}
for _, tip := range opts.TrustedProxies {
if tip.Equal(ip) {
return true
}
}
for _, tnet := range opts.TrustedNetworks {
if tnet.Contains(ip) {
return true
}
}
return false
}
|
