From 58bf3698bbddb1d40366772f31b59c0f8c227363 Mon Sep 17 00:00:00 2001
From: Andrew Lindesay <apl@lindesay.co.nz>
Date: Thu, 11 Jun 2020 21:29:54 +1200
Subject: [PATCH] correct handling of the forwarded-for headers

---
 haikudepotserver-docs/src/docbkx/part-deployment.xml       | 2 +-
 .../java/org/haiku/haikudepotserver/config/AppConfig.java  | 7 +++++++
 .../java/org/haiku/haikudepotserver/config/WebConfig.java  | 2 ++
 .../org/haiku/haikudepotserver/config/WebInitializer.java  | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/haikudepotserver-docs/src/docbkx/part-deployment.xml b/haikudepotserver-docs/src/docbkx/part-deployment.xml
index b5e5aa60a..d9ba2feac 100644
--- a/haikudepotserver-docs/src/docbkx/part-deployment.xml
+++ b/haikudepotserver-docs/src/docbkx/part-deployment.xml
@@ -206,7 +206,7 @@ Distributed under the terms of the MIT License.
             </para>
 
             <para>
-                <programlisting>docker run -v secrets:/secrets -it &lt;image-id&gt; /bin/bash</programlisting>
+                <programlisting>docker run -v secrets:/secrets -p 8080:8080 &lt;image-id&gt;</programlisting>
             </para>
 
             <para>
diff --git a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/AppConfig.java b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/AppConfig.java
index 71c8271ba..0436a0299 100644
--- a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/AppConfig.java
+++ b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/AppConfig.java
@@ -29,7 +29,9 @@
 import org.springframework.mail.MailSender;
 import org.springframework.mail.javamail.JavaMailSenderImpl;
 import org.springframework.web.context.support.ServletContextAttributeExporter;
+import org.springframework.web.filter.ForwardedHeaderFilter;
 
+import javax.servlet.Filter;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;
@@ -148,4 +150,9 @@ public RepositoryAuthenticationFilter repositoryAuthenticationFilter(
         );
     }
 
+    @Bean
+    public Filter forwardedHeaderFilter() {
+        return new ForwardedHeaderFilter();
+    }
+
 }
diff --git a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebConfig.java b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebConfig.java
index 159bac304..a30642f18 100644
--- a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebConfig.java
+++ b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebConfig.java
@@ -20,9 +20,11 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.filter.ForwardedHeaderFilter;
 import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.config.annotation.*;
 
+import javax.servlet.Filter;
 import java.util.stream.Stream;
 
 @EnableWebMvc
diff --git a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebInitializer.java b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebInitializer.java
index 936f848b1..bc53896e4 100644
--- a/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebInitializer.java
+++ b/haikudepotserver-webapp/src/main/java/org/haiku/haikudepotserver/config/WebInitializer.java
@@ -13,12 +13,15 @@
 import org.haiku.haikudepotserver.support.web.ErrorServlet;
 import org.haiku.haikudepotserver.support.web.RemoteLogCaptureServlet;
 import org.haiku.haikudepotserver.support.web.SessionListener;
+import org.springframework.context.annotation.Bean;
 import org.springframework.web.WebApplicationInitializer;
 import org.springframework.web.context.ContextLoaderListener;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import org.springframework.web.filter.DelegatingFilterProxy;
+import org.springframework.web.filter.ForwardedHeaderFilter;
 import org.springframework.web.servlet.DispatcherServlet;
 
+import javax.servlet.Filter;
 import javax.servlet.FilterRegistration;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRegistration;
@@ -46,6 +49,7 @@ public void onStartup(ServletContext servletContext) {
         registerJawrServlet(servletContext, "css");
         registerJawrServlet(servletContext, "js");
 
+        registerSpringFilter(servletContext, "forwardedHeaderFilter", "/*");
         registerSpringFilter(servletContext, "metricsFilter", "/*");
         registerSpringFilter(servletContext, "authenticationFilter", "/*");
         registerSpringFilter(servletContext, "repositoryAuthenticationFilter", "/" + RepositoryController.SEGMENT_REPOSITORY + "/*");