From 6ea5efbcc3f22906c6ff938a06ea5ca31608ce55 Mon Sep 17 00:00:00 2001 From: spruce Date: Mon, 22 Apr 2013 23:01:41 +0300 Subject: [PATCH 1/2] Update SocketIORouter.js Changed the setting of client.remoteAddress --- src/node/handler/SocketIORouter.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/node/handler/SocketIORouter.js b/src/node/handler/SocketIORouter.js index 483bb1d1..5998a4c4 100644 --- a/src/node/handler/SocketIORouter.js +++ b/src/node/handler/SocketIORouter.js @@ -55,7 +55,12 @@ exports.setSocketIO = function(_socket) socket.sockets.on('connection', function(client) { - client.set('remoteAddress', client.handshake.address.address); + if(client.handshake.headers['x-forwarded-for'] === undefined){ + client.set('remoteAddress', client.handshake.address.address); + } + else{ + client.set('remoteAddress', client.handshake.headers['x-forwarded-for']); + } var clientAuthorized = false; //wrap the original send function to log the messages From fb0bc3105687c1a49d2189a22750e95c3df67351 Mon Sep 17 00:00:00 2001 From: "Spruce (Felix Fichte)" Date: Wed, 24 Apr 2013 12:19:41 +0200 Subject: [PATCH 2/2] updated to use settings updated handler/SocketIORouter.js to use new setting updated hooks/express.js to use new setting updated utils/Settings.js to accept new setting updated settings.json.template so new setting is present --- settings.json.template | 5 ++++- src/node/handler/SocketIORouter.js | 13 +++++++------ src/node/hooks/express.js | 4 ++++ src/node/utils/Settings.js | 5 +++++ 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/settings.json.template b/settings.json.template index ec0e6f83..011c9e6e 100644 --- a/settings.json.template +++ b/settings.json.template @@ -78,7 +78,10 @@ /* Require authorization by a module, or a user with is_admin set, see below. */ "requireAuthorization": false, - + + /*when you use NginX or another proxy/ load-balancer set this to true*/ + "trustProxy": false, + /* Users for basic authentication. is_admin = true gives access to /admin. If you do not uncomment this, /admin will not be available! */ /* diff --git a/src/node/handler/SocketIORouter.js b/src/node/handler/SocketIORouter.js index 5998a4c4..03da0a4f 100644 --- a/src/node/handler/SocketIORouter.js +++ b/src/node/handler/SocketIORouter.js @@ -23,6 +23,7 @@ var ERR = require("async-stacktrace"); var log4js = require('log4js'); var messageLogger = log4js.getLogger("message"); var securityManager = require("../db/SecurityManager"); +var settings = require('../utils/Settings'); /** * Saves all components @@ -55,12 +56,12 @@ exports.setSocketIO = function(_socket) socket.sockets.on('connection', function(client) { - if(client.handshake.headers['x-forwarded-for'] === undefined){ - client.set('remoteAddress', client.handshake.address.address); - } - else{ - client.set('remoteAddress', client.handshake.headers['x-forwarded-for']); - } + if(settings.trustProxy && client.handshake.headers['x-forwarded-for'] !== undefined){ + client.set('remoteAddress', client.handshake.headers['x-forwarded-for']); + } + else{ + client.set('remoteAddress', client.handshake.address.address); + } var clientAuthorized = false; //wrap the original send function to log the messages diff --git a/src/node/hooks/express.js b/src/node/hooks/express.js index 34baca40..9e55a2ba 100644 --- a/src/node/hooks/express.js +++ b/src/node/hooks/express.js @@ -75,6 +75,10 @@ exports.restartServer = function () { next(); }); + if(settings.trustProxy){ + app.enable('trust proxy'); + } + app.configure(function() { hooks.callAll("expressConfigure", {"app": app}); }); diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index 72053ad3..50cfec7a 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -119,6 +119,11 @@ exports.logconfig = { appenders: [{ type: "console" }]}; */ exports.sessionKey = false; +/* +* Trust Proxy, whether or not trust the x-forwarded-for header. +*/ +exports.trustProxy = false; + /* This setting is used if you need authentication and/or * authorization. Note: /admin always requires authentication, and * either authorization by a module, or a user with is_admin set */