From d960f0cef937ae8a4a19e4dfaf3c617f1e93b10c Mon Sep 17 00:00:00 2001 From: B Stack Date: Fri, 24 Sep 2021 15:17:35 -0400 Subject: fix x-forwarded-prefix header consumption Now that I have experimented with X-Forwarded-Prefix and reverse proxies, this logic works correctly now! --- NEWS | 3 +++ extra/fuss.conf.apache | 5 +++-- extra/fuss.conf.nginx | 11 +++++++++++ fuss.py | 15 ++++++++++----- 4 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 NEWS create mode 100644 extra/fuss.conf.nginx diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..efc80e4 --- /dev/null +++ b/NEWS @@ -0,0 +1,3 @@ +fuss 0.0.2 - 2021-09-24 +* Use X-Forwarded-Prefix header correctly +* Add nginx example diff --git a/extra/fuss.conf.apache b/extra/fuss.conf.apache index 661b708..d52c7ee 100644 --- a/extra/fuss.conf.apache +++ b/extra/fuss.conf.apache @@ -52,9 +52,10 @@ ProxyPassReverse /fuss http://localhost:5003/ # a2enmod headers. These are extra ones that are not provided by Apache natively. - RequestHeader append X-Forwarded-Prefix "/fuss" RequestHeader set X-Forwarded-Proto "https" + # This header is not required to be set manually. The ProxyPass orand Location directive already provide it! + #RequestHeader append X-Forwarded-Prefix "/fuss" -# vim:set syntax=apache ts=3 sw=3 sts=3 sr noet: +# vim:set syntax=apache ts=3 sw=3 sts=3 sr et: diff --git a/extra/fuss.conf.nginx b/extra/fuss.conf.nginx new file mode 100644 index 0000000..9607cf6 --- /dev/null +++ b/extra/fuss.conf.nginx @@ -0,0 +1,11 @@ +# Nginx example config for fuss application +location /fuss/ { + proxy_redirect off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Script-Name /albion; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Prefix "/fuss"; + proxy_pass https://localhost:5003/; +} diff --git a/fuss.py b/fuss.py index d3f915e..b67cbef 100644 --- a/fuss.py +++ b/fuss.py @@ -21,7 +21,7 @@ from flask_script import Manager, Server # python3-flask-script import magic # python3-magic, see below from hashlib import sha256 from mimetypes import guess_extension -import os, sys, time, json, base64 +import os, sys, time, json, base64, re from datetime import datetime, date from uwsgidecorators import * # python3-uwsgidecorators from logging.config import dictConfig @@ -48,6 +48,9 @@ def trim_dict(a,max_length=40): b[i] = a[i] return b +def normalize(instring): + return re.sub("//","/",instring) + # load config file # Load it from the current directory, which is not FHS-compliant #conf_file = os.path.join(os.path.dirname(os.path.realpath(__file__)),"fuss.conf") @@ -266,9 +269,10 @@ def print_files(path=None,format="text",header=False): _server = "http://" + request.headers["Host"] try: _prefix = request.headers["X-Forwarded-Prefix"] + #app.logger.warn("This is x-forwarded-prefix: {0}".format(request.headers["X-Forwarded-Prefix"])) # REMOVEME _temp = _prefix.replace(", ", "\n").split('\n') - if len(_temp) > 1: - _prefix = _temp[0] + _temp = normalize("/".join(_temp)) + _prefix = _temp except: _prefix = "/" app.logger.warn("Failed to get x-forwarded-prefix") @@ -453,9 +457,10 @@ def html_template(filename="",full=False): _server = "http://" + request.headers["Host"] try: _prefix = request.headers["X-Forwarded-Prefix"] + #app.logger.warn("This is x-forwarded-prefix: {0}".format(request.headers["X-Forwarded-Prefix"])) # REMOVEME _temp = _prefix.replace(", ", "\n").split('\n') - if len(_temp) > 1: - _prefix = _temp[0] + _temp = normalize("/".join(_temp)) + _prefix = _temp except: _prefix = "/" if full: -- cgit