Mercurial > libervia-web
annotate libervia/web/server/proxy.py @ 1543:f00497c00e38
pages (chat): fix `own_jid` exposure:
`own_jid` is a `JID` instance, and must be casted to str to be exposed.
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 06 Jul 2023 12:05:48 +0200 |
parents | eb00d593801d |
children |
rev | line source |
---|---|
1360 | 1 #!/usr/bin/env python3 |
2 | |
3 # Libervia: a Salut à Toi frontend | |
1396 | 4 # Copyright (C) 2011-2021 Jérôme Poisson <goffi@goffi.org> |
1360 | 5 |
6 # This program is free software: you can redistribute it and/or modify | |
7 # it under the terms of the GNU Affero General Public License as published by | |
8 # the Free Software Foundation, either version 3 of the License, or | |
9 # (at your option) any later version. | |
10 | |
11 # This program is distributed in the hope that it will be useful, | |
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 # GNU Affero General Public License for more details. | |
15 | |
16 # You should have received a copy of the GNU Affero General Public License | |
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
18 from twisted.web import proxy | |
19 from twisted.python.compat import urlquote | |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
20 from twisted.internet import address |
1518
eb00d593801d
refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents:
1454
diff
changeset
|
21 from libervia.backend.core.log import getLogger |
eb00d593801d
refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents:
1454
diff
changeset
|
22 from libervia.web.server.constants import Const as C |
1360 | 23 |
24 log = getLogger(__name__) | |
25 | |
26 | |
27 | |
28 class SatProxyClient(proxy.ProxyClient): | |
29 | |
30 def handleHeader(self, key, value): | |
31 if key.lower() == b"x-frame-options": | |
32 value = b"sameorigin" | |
33 elif key.lower() == b"content-security-policy": | |
34 value = value.replace(b"frame-ancestors 'none'", b"frame-ancestors 'self'") | |
35 | |
36 super().handleHeader(key, value) | |
37 | |
38 | |
39 class SatProxyClientFactory(proxy.ProxyClientFactory): | |
40 protocol = SatProxyClient | |
41 | |
42 | |
43 class SatReverseProxyResource(proxy.ReverseProxyResource): | |
44 """Resource Proxy rewritting headers to allow embedding in iframe on same domain""" | |
45 proxyClientFactoryClass = SatProxyClientFactory | |
46 | |
47 def getChild(self, path, request): | |
48 return SatReverseProxyResource( | |
49 self.host, self.port, | |
50 self.path + b'/' + urlquote(path, safe=b"").encode('utf-8'), | |
51 self.reactor | |
52 ) | |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
53 |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
54 def render(self, request): |
1454
fc91b78b71db
server: handle "proxy" scheme in configuration
Goffi <goffi@goffi.org>
parents:
1435
diff
changeset
|
55 # Forwarded and X-Forwarded-xxx headers can be set |
fc91b78b71db
server: handle "proxy" scheme in configuration
Goffi <goffi@goffi.org>
parents:
1435
diff
changeset
|
56 # if we have behind an other proxy |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
57 if ((not request.getHeader(C.H_FORWARDED) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
58 and not request.getHeader(C.H_X_FORWARDED_HOST))): |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
59 forwarded_data = [] |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
60 addr = request.getClientAddress() |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
61 if ((isinstance(addr, address.IPv4Address) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
62 or isinstance(addr, address.IPv6Address))): |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
63 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_FOR, [addr.host]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
64 forwarded_data.append(f"for={addr.host}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
65 host = request.getHeader("host") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
66 if host is None: |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
67 port = request.getHost().port |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
68 hostname = request.getRequestHostname() |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
69 host = hostname if port in (80, 443) else f"{hostname}:{port}" |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
70 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_HOST, [host]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
71 forwarded_data.append(f"host={host}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
72 proto = "https" if request.isSecure() else "http" |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
73 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_PROTO, [proto]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
74 forwarded_data.append(f"proto={proto}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
75 request.requestHeaders.setRawHeaders( |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
76 C.H_FORWARDED, [";".join(forwarded_data)] |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
77 ) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
78 |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
79 return super().render(request) |