2017-10-16 12:46:03 +02:00
package server
import (
"net/http"
"os"
2017-12-04 20:04:08 +01:00
"github.com/containous/traefik/log"
2017-10-16 12:46:03 +02:00
"github.com/containous/traefik/whitelist"
"github.com/vulcand/oxy/forward"
)
// NewHeaderRewriter Create a header rewriter
func NewHeaderRewriter ( trustedIPs [ ] string , insecure bool ) ( forward . ReqRewriter , error ) {
2018-04-23 16:20:05 +02:00
ips , err := whitelist . NewIP ( trustedIPs , insecure , true )
2017-10-16 12:46:03 +02:00
if err != nil {
return nil , err
}
2018-04-23 16:20:05 +02:00
hostname , err := os . Hostname ( )
2017-10-16 12:46:03 +02:00
if err != nil {
2018-04-23 16:20:05 +02:00
hostname = "localhost"
2017-10-16 12:46:03 +02:00
}
return & headerRewriter {
2018-04-23 16:20:05 +02:00
secureRewriter : & forward . HeaderRewriter { TrustForwardHeader : false , Hostname : hostname } ,
insecureRewriter : & forward . HeaderRewriter { TrustForwardHeader : true , Hostname : hostname } ,
ips : ips ,
2017-10-16 12:46:03 +02:00
insecure : insecure ,
} , nil
}
type headerRewriter struct {
secureRewriter forward . ReqRewriter
insecureRewriter forward . ReqRewriter
insecure bool
ips * whitelist . IP
}
func ( h * headerRewriter ) Rewrite ( req * http . Request ) {
2018-04-23 16:20:05 +02:00
if h . insecure {
h . insecureRewriter . Rewrite ( req )
return
}
err := h . ips . IsAuthorized ( req )
2017-12-04 20:04:08 +01:00
if err != nil {
2018-05-30 09:26:03 +02:00
log . Debug ( err )
2017-12-04 20:04:08 +01:00
h . secureRewriter . Rewrite ( req )
return
}
2018-04-23 16:20:05 +02:00
h . insecureRewriter . Rewrite ( req )
2017-10-16 12:46:03 +02:00
}