diff --git a/README.md b/README.md index 497ed6d..59dde90 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,8 @@ Commandline arguments have the highest priority and take precedence over both en Set log verbosity: disable, error, warn, info, debug or trace (default "info") -manifestPath string The directory to search for package manifest files (default "./packages") + -trustedProxies string + List of IPs from which to trust Client-IP headers (comma or space to separate) -version Print the version information and exit ``` @@ -89,6 +91,7 @@ REWINGED_HTTPSPRIVATEKEYFILE (string) REWINGED_LISTEN (string) REWINGED_LOGLEVEL (string) REWINGED_MANIFESTPATH (string) +REWINGED_TRUSTEDPROXIES (string) ``` @@ -109,7 +112,8 @@ rewinged will not look for any configuration file by default. Config file must b "httpsPrivateKeyFile": "./private.key", "listen": "localhost:8080", "logLevel": "info", - "manifestPath": "./packages" + "manifestPath": "./packages", + "trustedProxies": "" } ``` diff --git a/main.go b/main.go index 631ef14..d442635 100644 --- a/main.go +++ b/main.go @@ -11,7 +11,6 @@ import ( "strings" "unicode" "path/filepath" - // Configuration "github.com/peterbourgon/ff/v3" @@ -46,6 +45,7 @@ func main() { autoInternalizePathPtr = fs.String("autoInternalizePath", "./installers", "The directory where auto-internalized installers will be stored") autoInternalizeSkipPtr = fs.String("autoInternalizeSkip", "", "List of hostnames excluded from auto-internalization (comma or space to separate)") logLevelPtr = fs.String("logLevel", "info", "Set log verbosity: disable, error, warn, info, debug or trace") + trustedProxiesPtr = fs.String("trustedProxies", "", "List of IPs from which to trust Client-IP headers (comma or space to separate)") _ = fs.String("configFile", "", "Path to a json configuration file (optional)") ) @@ -145,7 +145,17 @@ func main() { } router := gin.New() - router.SetTrustedProxies(nil) + + // Users can set 0.0.0.0/0 or ::/0 to trust all proxies if need be + if (*trustedProxiesPtr != "") { + trustedProxies := strings.FieldsFunc(*trustedProxiesPtr, func(c rune) bool { + return unicode.IsSpace(c) || c == ',' + }) + router.SetTrustedProxies(trustedProxies) + } else { + // From my testing, both nil and '0.0.0.0' result in gin trusting noone + router.SetTrustedProxies(nil) + } router.Use(logging.GinLogger()) router.Use(gin.Recovery()) router.Static("/installers", *autoInternalizePathPtr)