From a13c321de8a39654178ea4123f9aad79cf087926 Mon Sep 17 00:00:00 2001 From: Aziz Khoury Date: Mon, 20 Jan 2014 13:23:40 -0500 Subject: [PATCH] added "trust proxy" config option with default to true --- src/install.js | 11 +++++++++-- src/login.js | 8 ++++---- src/webserver.js | 20 +++++++++++++++++++- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/src/install.js b/src/install.js index 7d4106b058..eae4de5dfa 100644 --- a/src/install.js +++ b/src/install.js @@ -25,7 +25,13 @@ var async = require('async'), description: 'Use a port number to access NodeBB?', 'default': (nconf.get('use_port') !== undefined ? (nconf.get('use_port') ? 'y' : 'n') : 'y'), pattern: /y[es]*|n[o]?/, - message: 'Please enter \'yes\' or \'no\'', + message: 'Please enter \'yes\' or \'no\'' + }, { + name: 'use_proxy', + description: 'is NodeBB behind a proxy?', + 'default': (nconf.get('use_proxy') !== undefined ? (nconf.get('use_proxy') ? 'y' : 'n') : 'y'), + pattern: /y[es]*|n[o]?/, + message: 'Please enter \'yes\' or \'no\'' }, { name: 'secret', description: 'Please enter a NodeBB secret', @@ -141,6 +147,7 @@ var async = require('async'), config.bcrypt_rounds = 12; config.upload_path = '/public/uploads'; config.use_port = config.use_port.slice(0, 1) === 'y'; + config.use_proxy = config.use_proxy.slice(0, 1) === 'y'; var urlObject = url.parse(config.base_url), relative_path = (urlObject.pathname && urlObject.pathname.length > 1) ? urlObject.pathname : '', @@ -218,7 +225,7 @@ var async = require('async'), value: 1 }, { field: 'allowFileUploads', - value: 0, + value: 0 }, { field: 'maximumFileSize', value: 2048 diff --git a/src/login.js b/src/login.js index b6341b93b6..79e02eab65 100644 --- a/src/login.js +++ b/src/login.js @@ -93,7 +93,7 @@ var user = require('./user'), }); } }); - } + }; Login.loginViaGoogle = function(gplusid, handle, email, callback) { user.getUidByGoogleId(gplusid, function(err, uid) { @@ -115,7 +115,7 @@ var user = require('./user'), callback(null, { uid: uid }); - } + }; user.getUidByEmail(email, function(err, uid) { if(err) { @@ -136,7 +136,7 @@ var user = require('./user'), }); } }); - } + }; Login.loginViaFacebook = function(fbid, name, email, callback) { user.getUidByFbid(fbid, function(err, uid) { @@ -158,7 +158,7 @@ var user = require('./user'), callback(null, { uid: uid }); - } + }; user.getUidByEmail(email, function(err, uid) { if(err) { diff --git a/src/webserver.js b/src/webserver.js index ff28b203c6..f613864610 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -191,6 +191,24 @@ if(nconf.get('ssl')) { app.use(express.csrf()); + // double negative here to support config.json without 'use_proxy' set to true, so unless it's specifically set to false, it's true + // todo: remove double negative with a minor release, where backward compatibility can be broken + // and if dev mode, then it's probably not behind a proxy but it can be forced by setting 'use_proxy' to '1' + + if (nconf.get('use_proxy') === false) { + winston.info('\'use_proxy\' is set to false in config file, skipping \'trust proxy\''); + + } else if (!nconf.get('use_proxy') && process.env.NODE_ENV === 'development') { + winston.info('\'use_proxy\' is not set, skipping because you\'re in development env. Set to true to force enabling it.'); + + } else { + winston.info('\'use_proxy\'' + + (nconf.get('use_proxy') === true ? ' is set to true ' : ' is not set ') + + 'in config file, enabling \'trust proxy\', set to false to disable it.'); + + app.enable('trust proxy'); + } + // Local vars, other assorted setup app.use(function (req, res, next) { nconf.set('https', req.secure); @@ -210,7 +228,7 @@ if(nconf.get('ssl')) { user.setUserField(req.user.uid, 'lastonline', Date.now()); } next(); - }) + }); next(); },