mirror of
https://github.com/diced/zipline.git
synced 2025-12-05 20:40:12 -08:00
feat: trust proxies option (#879)
This commit is contained in:
diced
@@ -0,0 +1,2 @@
|
|||||||
|
-- AlterTable
|
||||||
|
ALTER TABLE "public"."Zipline" ADD COLUMN "coreTrustProxy" BOOLEAN NOT NULL DEFAULT false;
|
||||||
@@ -20,6 +20,7 @@ model Zipline {
|
|||||||
coreReturnHttpsUrls Boolean @default(false)
|
coreReturnHttpsUrls Boolean @default(false)
|
||||||
coreDefaultDomain String?
|
coreDefaultDomain String?
|
||||||
coreTempDirectory String // default join(tmpdir(), 'zipline')
|
coreTempDirectory String // default join(tmpdir(), 'zipline')
|
||||||
|
coreTrustProxy Boolean @default(false)
|
||||||
|
|
||||||
chunksEnabled Boolean @default(true)
|
chunksEnabled Boolean @default(true)
|
||||||
chunksMax String @default("95mb")
|
chunksMax String @default("95mb")
|
||||||
|
|||||||
@@ -17,11 +17,13 @@ export default function Core({
|
|||||||
coreReturnHttpsUrls: boolean;
|
coreReturnHttpsUrls: boolean;
|
||||||
coreDefaultDomain: string | null | undefined;
|
coreDefaultDomain: string | null | undefined;
|
||||||
coreTempDirectory: string;
|
coreTempDirectory: string;
|
||||||
|
coreTrustProxy: boolean;
|
||||||
}>({
|
}>({
|
||||||
initialValues: {
|
initialValues: {
|
||||||
coreReturnHttpsUrls: false,
|
coreReturnHttpsUrls: false,
|
||||||
coreDefaultDomain: '',
|
coreDefaultDomain: '',
|
||||||
coreTempDirectory: '/tmp/zipline',
|
coreTempDirectory: '/tmp/zipline',
|
||||||
|
coreTrustProxy: false,
|
||||||
},
|
},
|
||||||
enhanceGetInputProps: (payload) => ({
|
enhanceGetInputProps: (payload) => ({
|
||||||
disabled: data?.tampered?.includes(payload.field) || false,
|
disabled: data?.tampered?.includes(payload.field) || false,
|
||||||
@@ -45,6 +47,7 @@ export default function Core({
|
|||||||
coreReturnHttpsUrls: data.settings.coreReturnHttpsUrls ?? false,
|
coreReturnHttpsUrls: data.settings.coreReturnHttpsUrls ?? false,
|
||||||
coreDefaultDomain: data.settings.coreDefaultDomain ?? '',
|
coreDefaultDomain: data.settings.coreDefaultDomain ?? '',
|
||||||
coreTempDirectory: data.settings.coreTempDirectory ?? '/tmp/zipline',
|
coreTempDirectory: data.settings.coreTempDirectory ?? '/tmp/zipline',
|
||||||
|
coreTrustProxy: data.settings.coreTrustProxy ?? false,
|
||||||
});
|
});
|
||||||
}, [data]);
|
}, [data]);
|
||||||
|
|
||||||
@@ -55,14 +58,20 @@ export default function Core({
|
|||||||
<Title order={2}>Core</Title>
|
<Title order={2}>Core</Title>
|
||||||
|
|
||||||
<form onSubmit={form.onSubmit(onSubmit)}>
|
<form onSubmit={form.onSubmit(onSubmit)}>
|
||||||
<Switch
|
|
||||||
mt='md'
|
|
||||||
label='Return HTTPS URLs'
|
|
||||||
description='Return URLs with HTTPS protocol.'
|
|
||||||
{...form.getInputProps('coreReturnHttpsUrls', { type: 'checkbox' })}
|
|
||||||
/>
|
|
||||||
|
|
||||||
<SimpleGrid mt='md' cols={{ base: 1, md: 2 }} spacing='lg'>
|
<SimpleGrid mt='md' cols={{ base: 1, md: 2 }} spacing='lg'>
|
||||||
|
<Switch
|
||||||
|
mt='md'
|
||||||
|
label='Return HTTPS URLs'
|
||||||
|
description='Return URLs with HTTPS protocol.'
|
||||||
|
{...form.getInputProps('coreReturnHttpsUrls', { type: 'checkbox' })}
|
||||||
|
/>
|
||||||
|
|
||||||
|
<Switch
|
||||||
|
label='Trust Proxies'
|
||||||
|
description='Trust the X-Forwarded-* headers set by proxies. Only enable this if you are behind a trusted proxy (nginx, caddy, etc.). Requires a server restart.'
|
||||||
|
{...form.getInputProps('coreTrustProxy', { type: 'checkbox' })}
|
||||||
|
/>
|
||||||
|
|
||||||
<TextInput
|
<TextInput
|
||||||
label='Default Domain'
|
label='Default Domain'
|
||||||
description='The domain to use when generating URLs. This value should not include the protocol.'
|
description='The domain to use when generating URLs. This value should not include the protocol.'
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ export const DATABASE_TO_PROP = {
|
|||||||
coreReturnHttpsUrls: 'core.returnHttpsUrls',
|
coreReturnHttpsUrls: 'core.returnHttpsUrls',
|
||||||
coreDefaultDomain: 'core.defaultDomain',
|
coreDefaultDomain: 'core.defaultDomain',
|
||||||
coreTempDirectory: 'core.tempDirectory',
|
coreTempDirectory: 'core.tempDirectory',
|
||||||
|
coreTrustProxy: 'core.trustProxy',
|
||||||
|
|
||||||
chunksMax: 'chunks.max',
|
chunksMax: 'chunks.max',
|
||||||
chunksSize: 'chunks.size',
|
chunksSize: 'chunks.size',
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ export const ENVS = [
|
|||||||
env('ssl.cert', 'SSL_CERT', 'string'),
|
env('ssl.cert', 'SSL_CERT', 'string'),
|
||||||
|
|
||||||
// database stuff
|
// database stuff
|
||||||
|
env('core.trustProxy', 'CORE_TRUST_PROXY', 'boolean', true),
|
||||||
env('core.returnHttpsUrls', 'CORE_RETURN_HTTPS_URLS', 'boolean', true),
|
env('core.returnHttpsUrls', 'CORE_RETURN_HTTPS_URLS', 'boolean', true),
|
||||||
env('core.defaultDomain', 'CORE_DEFAULT_DOMAIN', 'string', true),
|
env('core.defaultDomain', 'CORE_DEFAULT_DOMAIN', 'string', true),
|
||||||
env('core.tempDirectory', 'CORE_TEMP_DIRECTORY', 'string', true),
|
env('core.tempDirectory', 'CORE_TEMP_DIRECTORY', 'string', true),
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ export const rawConfig: any = {
|
|||||||
databaseUrl: undefined,
|
databaseUrl: undefined,
|
||||||
returnHttpsUrls: undefined,
|
returnHttpsUrls: undefined,
|
||||||
tempDirectory: undefined,
|
tempDirectory: undefined,
|
||||||
|
trustProxy: undefined,
|
||||||
},
|
},
|
||||||
chunks: {
|
chunks: {
|
||||||
max: undefined,
|
max: undefined,
|
||||||
|
|||||||
@@ -74,6 +74,7 @@ export const schema = z.object({
|
|||||||
.string()
|
.string()
|
||||||
.transform((s) => resolve(s))
|
.transform((s) => resolve(s))
|
||||||
.default(join(tmpdir(), 'zipline')),
|
.default(join(tmpdir(), 'zipline')),
|
||||||
|
trustProxy: z.boolean().default(false),
|
||||||
}),
|
}),
|
||||||
chunks: z.object({
|
chunks: z.object({
|
||||||
max: z.string().default('95mb'),
|
max: z.string().default('95mb'),
|
||||||
|
|||||||
@@ -65,6 +65,13 @@ async function main() {
|
|||||||
|
|
||||||
await mkdir(config.core.tempDirectory, { recursive: true });
|
await mkdir(config.core.tempDirectory, { recursive: true });
|
||||||
|
|
||||||
|
logger.debug('creating server', {
|
||||||
|
port: config.core.port,
|
||||||
|
hostname: config.core.hostname,
|
||||||
|
ssl: notNull(config.ssl.key, config.ssl.cert),
|
||||||
|
trustProxy: config.core.trustProxy,
|
||||||
|
});
|
||||||
|
|
||||||
const server = fastify({
|
const server = fastify({
|
||||||
https: notNull(config.ssl.key, config.ssl.cert)
|
https: notNull(config.ssl.key, config.ssl.cert)
|
||||||
? {
|
? {
|
||||||
@@ -72,6 +79,7 @@ async function main() {
|
|||||||
cert: await readFile(config.ssl.cert!, 'utf8'),
|
cert: await readFile(config.ssl.cert!, 'utf8'),
|
||||||
}
|
}
|
||||||
: null,
|
: null,
|
||||||
|
trustProxy: config.core.trustProxy,
|
||||||
});
|
});
|
||||||
|
|
||||||
await server.register(fastifyCookie, {
|
await server.register(fastifyCookie, {
|
||||||
|
|||||||
@@ -118,6 +118,7 @@ export default fastifyPlugin(
|
|||||||
.nullable()
|
.nullable()
|
||||||
.refine((value) => !value || /^[a-z0-9-.]+$/.test(value), 'Invalid domain format'),
|
.refine((value) => !value || /^[a-z0-9-.]+$/.test(value), 'Invalid domain format'),
|
||||||
coreReturnHttpsUrls: z.boolean(),
|
coreReturnHttpsUrls: z.boolean(),
|
||||||
|
coreTrustProxy: z.boolean(),
|
||||||
|
|
||||||
chunksEnabled: z.boolean(),
|
chunksEnabled: z.boolean(),
|
||||||
chunksMax: zBytes,
|
chunksMax: zBytes,
|
||||||
|
|||||||
Reference in New Issue
Block a user