TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-03-05 16:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Get the client host first from x-forwarded-host header

Browse Source 
Then use the x-forwarded-for header (doing a reverse lookup, if
possible). At last use the Host header.
This commit is contained in:
Eike Kettner 2020-10-09 11:10:22 +02:00
parent d4a2596b1f
commit df646dfabe
3 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/restserver/src/main/scala/docspell/restserver/auth/CookieData.scala
View File

@ -11,8 +11,8 @@ case class CookieData(auth: AuthToken) {
def accountId: AccountId = auth.account
def asString: String = auth.asString
def asCookie(cfg: Config, host: Option[String]): ResponseCookie = {
val domain = CookieData.getDomain(cfg, host)
def asCookie(cfg: Config): ResponseCookie = {
val domain = CookieData.getDomain(cfg)
val sec = cfg.baseUrl.scheme.exists(_.endsWith("s"))
val path = cfg.baseUrl.path / "api" / "v1" / "sec"
ResponseCookie(
@ -29,8 +29,8 @@ object CookieData {
val cookieName = "docspell_auth"
val headerName = "X-Docspell-Auth"
private def getDomain(cfg: Config, remote: Option[String]): Option[String] =
if (cfg.baseUrl.isLocal) remote.orElse(cfg.baseUrl.host)
private def getDomain(cfg: Config): Option[String] =
if (cfg.baseUrl.isLocal) None
else cfg.baseUrl.host
def authenticator[F[_]](r: Request[F]): Either[String, String] =
@ -51,11 +51,11 @@ object CookieData {
.map(_.value)
.toRight("Couldn't find an authenticator")
def deleteCookie(cfg: Config, remoteHost: Option[String]): ResponseCookie =
def deleteCookie(cfg: Config): ResponseCookie =
ResponseCookie(
cookieName,
"",
domain = getDomain(cfg, remoteHost),
domain = getDomain(cfg),
path = Some(cfg.baseUrl.path / "api" / "v1" / "sec").map(_.asString),
httpOnly = true,
secure = cfg.baseUrl.scheme.exists(_.endsWith("s")),

4
modules/restserver/src/main/scala/docspell/restserver/http4s/ClientHost.scala
View File

@ -9,8 +9,8 @@ import org.http4s.util.CaseInsensitiveString
object ClientHost {
def get[F[_]](req: Request[F]): Option[String] =
xForwardedFor(req)
.orElse(xForwardedHost(req))
xForwardedHost(req)
.orElse(xForwardedFor(req))
.orElse(host(req))
private def host[F[_]](req: Request[F]): Option[String] =

13
modules/restserver/src/main/scala/docspell/restserver/routes/LoginRoutes.scala
View File

@ -7,7 +7,6 @@ import docspell.backend.auth._
import docspell.restapi.model._
import docspell.restserver._
import docspell.restserver.auth._
import docspell.restserver.http4s.ClientHost
import org.http4s._
import org.http4s.circe.CirceEntityDecoder._
@ -24,8 +23,7 @@ object LoginRoutes {
for {
up <- req.as[UserPass]
res <- S.loginUserPass(cfg.auth)(Login.UserPass(up.account, up.password))
remote = ClientHost.get(req)
resp <- makeResponse(dsl, cfg, remote, res, up.account)
resp <- makeResponse(dsl, cfg, res, up.account)
} yield resp
}
}
@ -38,17 +36,16 @@ object LoginRoutes {
case req @ POST -> Root / "session" =>
Authenticate
.authenticateRequest(S.loginSession(cfg.auth))(req)
.flatMap(res => makeResponse(dsl, cfg, ClientHost.get(req), res, ""))
.flatMap(res => makeResponse(dsl, cfg, res, ""))
case req @ POST -> Root / "logout" =>
Ok().map(_.addCookie(CookieData.deleteCookie(cfg, ClientHost.get(req))))
case POST -> Root / "logout" =>
Ok().map(_.addCookie(CookieData.deleteCookie(cfg)))
}
}
def makeResponse[F[_]: Effect](
dsl: Http4sDsl[F],
cfg: Config,
remoteHost: Option[String],
res: Login.Result,
account: String
): F[Response[F]] = {
@ -66,7 +63,7 @@ object LoginRoutes {
Some(cd.asString),
cfg.auth.sessionValid.millis
)
).map(_.addCookie(cd.asCookie(cfg, remoteHost)))
).map(_.addCookie(cd.asCookie(cfg)))
} yield resp
case _ =>
Ok(AuthResult("", account, false, "Login failed.", None, 0L))