Skip to content

Commit

Permalink
fixed handling of x-forwarded-for header in multi-proxy environments
Browse files Browse the repository at this point in the history
  • Loading branch information
@pk910
pk910 committed Oct 19, 2023
1 parent c9c73a5 commit 517250b
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 10 deletions.
3 changes: 3 additions & 0 deletions faucet-config.example.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ faucetPidFile: "faucet-pid.txt"
# faucet http/ws server port
serverPort: 8080

# number of http proxies in front of this faucet
httpProxyCount: 0

# title of the faucet
faucetTitle: "Goerli PoW Faucet"

Expand Down
1 change: 1 addition & 0 deletions src/config/ConfigSchema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ export interface IConfigSchema {
faucetLogFile: string; // logfile for faucet events / null for no log
faucetLogStatsInterval: number; // print faucet stats to log interval (10min default)
serverPort: number; // listener port
httpProxyCount: number; // number of http proxies in front of this faucet
faucetSecret: string; // random secret string that is used by the faucet to "sign" session data, so sessions can be restored automatically by clients when faucet is restarted / crashed

ethRpcHost: string; // ETH execution layer RPC host
Expand Down
1 change: 1 addition & 0 deletions src/config/DefaultConfig.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ export function getDefaultConfig(): IConfigSchema {
faucetLogFile: null,
faucetLogStatsInterval: 600,
serverPort: 8080,
httpProxyCount: 0,
faucetSecret: null, // mandatory

ethRpcHost: null, // mandatory
Expand Down
8 changes: 1 addition & 7 deletions src/webserv/FaucetHttpServer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,13 +157,7 @@ export class FaucetHttpServer {
}

this.wssServer.handleUpgrade(req, socket, head, (ws) => {
let remoteAddr: string = null;
if(req.headers['x-forwarded-for']) {
let proxyChain = (req.headers['x-forwarded-for'] as string).split(", ");
remoteAddr = proxyChain.pop();
}
if(!remoteAddr)
remoteAddr = req.socket.remoteAddress;
let remoteAddr = ServiceManager.GetService(FaucetWebApi).getRemoteAddr(req);
wssEndpoint.handler(req, ws, remoteAddr);
});
}
Expand Down
9 changes: 6 additions & 3 deletions src/webserv/FaucetWebApi.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,11 +125,14 @@ export class FaucetWebApi {
return urlRes;
}

private getRemoteAddr(req: IncomingMessage): string {
public getRemoteAddr(req: IncomingMessage): string {
let remoteAddr: string = null;
if(req.headers['x-forwarded-for']) {
if(faucetConfig.httpProxyCount > 0 && req.headers['x-forwarded-for']) {
let proxyChain = (req.headers['x-forwarded-for'] as string).split(", ");
remoteAddr = proxyChain.pop();
let clientIpIdx = proxyChain.length - faucetConfig.httpProxyCount;
if(clientIpIdx < 0)
clientIpIdx = 0;
remoteAddr = proxyChain[clientIpIdx];
}
if(!remoteAddr)
remoteAddr = req.socket.remoteAddress;
Expand Down

0 comments on commit 517250b

Please sign in to comment.