traefik/server/header_rewriter.go

54 lines
1.1 KiB
Go
Raw Normal View History

2017-10-16 10:46:03 +00:00
package server
import (
"net/http"
"os"
2017-12-04 19:04:08 +00:00
"github.com/containous/traefik/log"
2017-10-16 10:46:03 +00:00
"github.com/containous/traefik/whitelist"
"github.com/vulcand/oxy/forward"
)
// NewHeaderRewriter Create a header rewriter
func NewHeaderRewriter(trustedIPs []string, insecure bool) (forward.ReqRewriter, error) {
2018-04-23 14:20:05 +00:00
ips, err := whitelist.NewIP(trustedIPs, insecure, true)
2017-10-16 10:46:03 +00:00
if err != nil {
return nil, err
}
2018-04-23 14:20:05 +00:00
hostname, err := os.Hostname()
2017-10-16 10:46:03 +00:00
if err != nil {
2018-04-23 14:20:05 +00:00
hostname = "localhost"
2017-10-16 10:46:03 +00:00
}
return &headerRewriter{
2018-04-23 14:20:05 +00:00
secureRewriter: &forward.HeaderRewriter{TrustForwardHeader: false, Hostname: hostname},
insecureRewriter: &forward.HeaderRewriter{TrustForwardHeader: true, Hostname: hostname},
ips: ips,
2017-10-16 10:46:03 +00:00
insecure: insecure,
}, nil
}
type headerRewriter struct {
secureRewriter forward.ReqRewriter
insecureRewriter forward.ReqRewriter
insecure bool
ips *whitelist.IP
}
func (h *headerRewriter) Rewrite(req *http.Request) {
2018-04-23 14:20:05 +00:00
if h.insecure {
h.insecureRewriter.Rewrite(req)
return
}
err := h.ips.IsAuthorized(req)
2017-12-04 19:04:08 +00:00
if err != nil {
log.Error(err)
h.secureRewriter.Rewrite(req)
return
}
2018-04-23 14:20:05 +00:00
h.insecureRewriter.Rewrite(req)
2017-10-16 10:46:03 +00:00
}