From 0874f6ff21fb0489ad222ca65e9412dc3b360aca Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Tue, 17 Oct 2023 22:12:38 +0800 Subject: [PATCH 1/6] log x-forwarded-for header for debugging purpose --- packages/api/src/server.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index cc757acc3..c36d25148 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -72,6 +72,7 @@ export const createApp = (): { } }, keyGenerator: (req) => { + console.log('x-forwarded-for header', req.header('x-forwarded-for')) return getTokenByRequest(req) || req.ip }, // skip preflight requests and test requests From 91076014cded16d70449a50dba807a748ca881c2 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Tue, 17 Oct 2023 22:47:41 +0800 Subject: [PATCH 2/6] log req.ip --- packages/api/src/server.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index c36d25148..14004e642 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -73,6 +73,7 @@ export const createApp = (): { }, keyGenerator: (req) => { console.log('x-forwarded-for header', req.header('x-forwarded-for')) + console.log('ip', req.ip) return getTokenByRequest(req) || req.ip }, // skip preflight requests and test requests From 32ba744d20802e24a2ab0fdedb1c05267026ab20 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Wed, 18 Oct 2023 10:59:31 +0800 Subject: [PATCH 3/6] test trust proxy=1 --- packages/api/src/server.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index 14004e642..0c9456934 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -57,6 +57,7 @@ export const createApp = (): { app.use(cookieParser()) app.use(json({ limit: '100mb' })) app.use(urlencoded({ limit: '100mb', extended: true })) + app.set('trust proxy', 1) const apiLimiter = rateLimit({ windowMs: 60 * 1000, // 1 minute @@ -72,8 +73,8 @@ export const createApp = (): { } }, keyGenerator: (req) => { - console.log('x-forwarded-for header', req.header('x-forwarded-for')) - console.log('ip', req.ip) + console.log('x-forwarded-for header:', req.header('x-forwarded-for')) + console.log('ip:', req.ip) return getTokenByRequest(req) || req.ip }, // skip preflight requests and test requests From 506004d410de99fcc1bd0b1100ff22416d533be2 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Wed, 18 Oct 2023 11:58:15 +0800 Subject: [PATCH 4/6] test trust proxy=2 --- packages/api/src/server.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index 0c9456934..dbad3ec94 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -57,7 +57,7 @@ export const createApp = (): { app.use(cookieParser()) app.use(json({ limit: '100mb' })) app.use(urlencoded({ limit: '100mb', extended: true })) - app.set('trust proxy', 1) + app.set('trust proxy', 2) const apiLimiter = rateLimit({ windowMs: 60 * 1000, // 1 minute From 988b20e30caf8d60390aaff239957c1b04fd9dd3 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Wed, 18 Oct 2023 12:30:27 +0800 Subject: [PATCH 5/6] test trust proxy=true --- packages/api/src/server.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index dbad3ec94..00c7d0e09 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -57,7 +57,7 @@ export const createApp = (): { app.use(cookieParser()) app.use(json({ limit: '100mb' })) app.use(urlencoded({ limit: '100mb', extended: true })) - app.set('trust proxy', 2) + app.set('trust proxy', true) const apiLimiter = rateLimit({ windowMs: 60 * 1000, // 1 minute From 46313b14ba1fd4d5dcf03c9a08acb104b17fcbc5 Mon Sep 17 00:00:00 2001 From: Hongbo Wu Date: Wed, 18 Oct 2023 13:06:33 +0800 Subject: [PATCH 6/6] set trust proxy = true if set in env var --- packages/api/src/server.ts | 6 +++--- packages/api/src/util.ts | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/packages/api/src/server.ts b/packages/api/src/server.ts index 00c7d0e09..9e41af64d 100755 --- a/packages/api/src/server.ts +++ b/packages/api/src/server.ts @@ -57,7 +57,9 @@ export const createApp = (): { app.use(cookieParser()) app.use(json({ limit: '100mb' })) app.use(urlencoded({ limit: '100mb', extended: true })) - app.set('trust proxy', true) + + // set to true if behind a reverse proxy/load balancer + app.set('trust proxy', env.server.trustProxy) const apiLimiter = rateLimit({ windowMs: 60 * 1000, // 1 minute @@ -73,8 +75,6 @@ export const createApp = (): { } }, keyGenerator: (req) => { - console.log('x-forwarded-for header:', req.header('x-forwarded-for')) - console.log('ip:', req.ip) return getTokenByRequest(req) || req.ip }, // skip preflight requests and test requests diff --git a/packages/api/src/util.ts b/packages/api/src/util.ts index 71df1cbc5..5764307a2 100755 --- a/packages/api/src/util.ts +++ b/packages/api/src/util.ts @@ -21,6 +21,7 @@ interface BackendEnv { gateway_url: string apiEnv: string instanceId: string + trustProxy: boolean } client: { url: string @@ -159,6 +160,7 @@ const nullableEnvVars = [ 'RSS_FEED_TASK_HANDLER_URL', 'SENDGRID_VERIFICATION_TEMPLATE_ID', 'REMINDER_TASK_HANDLER_URL', + 'TRUST_PROXY', ] // Allow some vars to be null/empty /* If not in GAE and Prod/QA/Demo env (f.e. on localhost/dev env), allow following env vars to be null */ @@ -207,6 +209,7 @@ export function getEnv(): BackendEnv { apiEnv: parse('API_ENV'), instanceId: parse('GAE_INSTANCE') || `x${os.userInfo().username}_${os.hostname()}`, + trustProxy: parse('TRUST_PROXY') === 'true', } const client = { url: parse('CLIENT_URL'),