Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add behindProxy option to App.listen() #2663

Closed
wants to merge 1 commit into from
Closed

Add behindProxy option to App.listen() #2663

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 54 additions & 3 deletions src/app.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,16 +35,25 @@ const DEFAULT_NOT_ALLOWED_METHOD = () => {
throw new HttpError(405);
};

export interface HandlerOptions {
/**
* Whether to respect `X-Forwarded-Proto`, `X-Forwarded-Host`,
* `X-Forwarded-Port`, and `X-Forwarded-For` headers. This is useful when
* Fresh is behind a reverse proxy like Nginx or Caddy.
* @default {false}
*/
behindProxy?: boolean;
}

export type ListenOptions =
& Partial<
Deno.ServeTcpOptions & Deno.TlsCertifiedKeyPem
>
& HandlerOptions
& {
remoteAddress?: string;
};

Deno.serve;

export let getRouter: <State>(app: App<State>) => Router<MiddlewareFn<State>>;
// deno-lint-ignore no-explicit-any
export let getIslandRegistry: (app: App<any>) => ServerIslandRegistry;
Expand Down Expand Up @@ -173,7 +182,7 @@ export class App<State> {
return this;
}

async handler(): Promise<
async handler(options: HandlerOptions = {}): Promise<
(request: Request, info?: Deno.ServeHandlerInfo) => Promise<Response>
> {
if (this.#buildCache === null) {
Expand All @@ -190,6 +199,8 @@ export class App<State> {
return missingBuildHandler;
}

const behindProxy = options.behindProxy ?? false;

return async (
req: Request,
conn: Deno.ServeHandlerInfo = DEFAULT_CONN_INFO,
Expand All @@ -198,6 +209,46 @@ export class App<State> {
// Prevent open redirect attacks
url.pathname = url.pathname.replace(/\/+/g, "/");

// If Fresh is behind a reverse proxy, we need to respect the headers
// that the proxy sets
if (behindProxy) {
const proto = req.headers.get("X-Forwarded-Proto") ?? "http";
const host = req.headers.get("X-Forwarded-Host");
const port = req.headers.get("X-Forwarded-Port");
if (
url.protocol !== `${proto}:` || host != null && url.hostname !== host
) {
url.protocol = proto;
if (host != null) url.hostname = host;
if (
port != null &&
(proto === "http" && port !== "80" ||
proto === "https" && port !== "443")
) url.port = port;

req = new Request(url, req);
}

conn = {
remoteAddr: {
transport: "tcp",
hostname: req.headers.get("X-Forwarded-For") ??
("hostname" in conn.remoteAddr
? conn.remoteAddr.hostname
: "localhost"),
port: port
? parseInt(port)
: proto === "https"
? 443
: proto === "http"
? 80
: "port" in conn.remoteAddr
? conn.remoteAddr.port
: 80,
},
};
}

const method = req.method.toUpperCase() as Method;
const matched = this.#router.match(method, url);

Expand Down
Loading