traefik/server/header_rewriter.go

package server

import (
	"net/http"
	"os"

	"github.com/containous/traefik/log"
	"github.com/containous/traefik/whitelist"
	"github.com/vulcand/oxy/forward"
)

// NewHeaderRewriter Create a header rewriter
func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {
	ips, err := whitelist.NewIP(trustedIPs, insecure, true)
	if err != nil {
		return nil, err
	}

	hostname, err := os.Hostname()
	if err != nil {
		hostname = "localhost"
	}

	return &headerRewriter{
		secureRewriter:   &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: hostname},
		insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: hostname},
		ips:              ips,
		insecure:         insecure,
	}, nil
}

type headerRewriter struct {
	secureRewriter   forward.ReqRewriter
	insecureRewriter forward.ReqRewriter
	insecure         bool
	ips              *whitelist.IP
}

func (h *headerRewriter) Rewrite(req *http.Request) {
	if h.insecure {
		h.insecureRewriter.Rewrite(req)
		return
	}

	err := h.ips.IsAuthorized(req)
	if err != nil {
		log.Debug(err)
		h.secureRewriter.Rewrite(req)
		return
	}

	h.insecureRewriter.Rewrite(req)
}
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`package server`

			`import (`
			`"net/http"`
			`"os"`

refactor: fix some code. 2017-12-04 20:04:08 +01:00			`"github.com/containous/traefik/log"`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`"github.com/containous/traefik/whitelist"`
			`"github.com/vulcand/oxy/forward"`
			`)`

			`// NewHeaderRewriter Create a header rewriter`
			`func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {`
Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`ips, err := whitelist.NewIP(trustedIPs, insecure, true)`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`if err != nil {`
			`return nil, err`
			`}`

Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`hostname, err := os.Hostname()`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`if err != nil {`
Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`hostname = "localhost"`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`}`

			`return &headerRewriter{`
Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: hostname},`
			`insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: hostname},`
			`ips: ips,`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`insecure: insecure,`
			`}, nil`
			`}`

			`type headerRewriter struct {`
			`secureRewriter forward.ReqRewriter`
			`insecureRewriter forward.ReqRewriter`
			`insecure bool`
			`ips *whitelist.IP`
			`}`

			`func (h headerRewriter) Rewrite(req http.Request) {`
Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`if h.insecure {`
			`h.insecureRewriter.Rewrite(req)`
			`return`
			`}`

			`err := h.ips.IsAuthorized(req)`
refactor: fix some code. 2017-12-04 20:04:08 +01:00			`if err != nil {`
fix: whitelist and XFF. 2018-05-30 09:26:03 +02:00			`log.Debug(err)`
refactor: fix some code. 2017-12-04 20:04:08 +01:00			`h.secureRewriter.Rewrite(req)`
			`return`
			`}`

Fix whitelist and XFF. 2018-04-23 16:20:05 +02:00			`h.insecureRewriter.Rewrite(req)`
Add TrustForwardHeader options. 2017-10-16 12:46:03 +02:00			`}`