x-forwaded-... headers in proxy module

author: metamuffin <metamuffin@disroot.org> 2025-03-04 21:46:50 +0100
committer: metamuffin <metamuffin@disroot.org> 2025-03-04 21:51:06 +0100
commit: 5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f (patch)
tree: 088ba186f750bda0cee5e214e80f89f7266412ae /src/modules/proxy.rs
parent: 96da4a575ebcfa38ab0a789ac8c25a0af03896a7 (diff)
download: gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar
gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar.bz2
gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar.zst
1 files changed, 32 insertions, 4 deletions
diff --git a/src/modules/proxy.rs b/src/modules/proxy.rs
index 763129f..b1af3d9 100644
--- a/src/modules/proxy.rs
+++ b/src/modules/proxy.rs
@@ -15,9 +15,16 @@ pub struct ProxyKind;
 
 #[derive(Debug, Deserialize)]
 struct Proxy {
+    set_forwarded_for: bool,
+    #[serde(default = "ret_true")]
+    set_real_ip: bool,
     backend: SocketAddr,
 }
 
+fn ret_true() -> bool {
+    true
+}
+
 impl NodeKind for ProxyKind {
     fn name(&self) -> &'static str {
         "proxy"
@@ -33,10 +40,31 @@ impl Node for Proxy {
         mut request: NodeRequest,
     ) -> Pin<Box<dyn Future<Output = Result<NodeResponse, ServiceError>> + Send + Sync + 'a>> {
         Box::pin(async move {
-            request.headers_mut().insert(
-                "x-real-ip",
-                HeaderValue::from_str(&format!("{}", context.addr.ip())).unwrap(),
-            );
+            if self.set_real_ip {
+                request.headers_mut().insert(
+                    "x-real-ip",
+                    HeaderValue::from_str(&format!("{}", context.addr.ip())).unwrap(),
+                );
+            }
+            if self.set_forwarded_for {
+                request.headers_mut().insert(
+                    "x-forwarded-for",
+                    HeaderValue::from_str(&format!("{}", context.addr.ip())).unwrap(),
+                );
+                request.headers_mut().insert(
+                    "x-forwarded-port",
+                    HeaderValue::from_str(&context.addr.port().to_string()).unwrap(),
+                );
+                let scheme =
+                    HeaderValue::from_str(if context.secure { "https" } else { "http" }).unwrap();
+                request
+                    .headers_mut()
+                    .insert("x-forwarded-scheme", scheme.clone());
+                request.headers_mut().insert("x-forwarded-proto", scheme);
+                if let Some(host) = request.headers().get("host").cloned() {
+                    request.headers_mut().insert("x-forwarded-host", host);
+                }
+            }
 
             let on_upgrade_downstream = request.extensions_mut().remove::<OnUpgrade>();
author	metamuffin <metamuffin@disroot.org>	2025-03-04 21:46:50 +0100
committer	metamuffin <metamuffin@disroot.org>	2025-03-04 21:51:06 +0100
commit	5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f (patch)
tree	088ba186f750bda0cee5e214e80f89f7266412ae /src/modules/proxy.rs
parent	96da4a575ebcfa38ab0a789ac8c25a0af03896a7 (diff)
download	gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar.bz2 gnix-5d3cc44e423e40b0485167fc5d2e89a80d4d6e8f.tar.zst