traefik/server/header_rewriter.go

package server

import (
	"net/http"
	"os"

	"github.com/containous/traefik/log"
	"github.com/containous/traefik/whitelist"
	"github.com/vulcand/oxy/forward"
)

// NewHeaderRewriter Create a header rewriter
func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {
	IPs, err := whitelist.NewIP(trustedIPs, insecure, true)
	if err != nil {
		return nil, err
	}

	h, err := os.Hostname()
	if err != nil {
		h = "localhost"
	}

	return &headerRewriter{
		secureRewriter:   &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: h},
		insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: h},
		ips:              IPs,
		insecure:         insecure,
	}, nil
}

type headerRewriter struct {
	secureRewriter   forward.ReqRewriter
	insecureRewriter forward.ReqRewriter
	insecure         bool
	ips              *whitelist.IP
}

func (h *headerRewriter) Rewrite(req *http.Request) {
	authorized, _, err := h.ips.IsAuthorized(req)
	if err != nil {
		log.Error(err)
		h.secureRewriter.Rewrite(req)
		return
	}

	if h.insecure || authorized {
		h.secureRewriter.Rewrite(req)
	} else {
		h.insecureRewriter.Rewrite(req)
	}
}
Add TrustForwardHeader options. 2017-10-16 10:46:03 +00:00			`package server`

			`import (`
			`"net/http"`
			`"os"`

refactor: fix some code. 2017-12-04 19:04:08 +00:00			`"github.com/containous/traefik/log"`
Add TrustForwardHeader options. 2017-10-16 10:46:03 +00:00			`"github.com/containous/traefik/whitelist"`
			`"github.com/vulcand/oxy/forward"`
			`)`

			`// NewHeaderRewriter Create a header rewriter`
			`func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {`
Ability to use "X-Forwarded-For" as a source of IP for white list. 2018-03-23 16:40:04 +00:00			`IPs, err := whitelist.NewIP(trustedIPs, insecure, true)`
Add TrustForwardHeader options. 2017-10-16 10:46:03 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`h, err := os.Hostname()`
			`if err != nil {`
			`h = "localhost"`
			`}`

			`return &headerRewriter{`
			`secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: h},`
			`insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: h},`
			`ips: IPs,`
			`insecure: insecure,`
			`}, nil`
			`}`

			`type headerRewriter struct {`
			`secureRewriter forward.ReqRewriter`
			`insecureRewriter forward.ReqRewriter`
			`insecure bool`
			`ips *whitelist.IP`
			`}`

			`func (h headerRewriter) Rewrite(req http.Request) {`
Ability to use "X-Forwarded-For" as a source of IP for white list. 2018-03-23 16:40:04 +00:00			`authorized, _, err := h.ips.IsAuthorized(req)`
refactor: fix some code. 2017-12-04 19:04:08 +00:00			`if err != nil {`
			`log.Error(err)`
			`h.secureRewriter.Rewrite(req)`
			`return`
			`}`

Add TrustForwardHeader options. 2017-10-16 10:46:03 +00:00			`if h.insecure \|\| authorized {`
			`h.secureRewriter.Rewrite(req)`
			`} else {`
			`h.insecureRewriter.Rewrite(req)`
			`}`
			`}`