Add Known Proxies to system configuration

author: cvium <clausvium@gmail.com> 2020-09-10 11:05:46 +0200
committer: cvium <clausvium@gmail.com> 2020-09-10 11:05:46 +0200
commit: 78cab77f819e8d8b283f95f2e48f635bcf66fea5 (patch)
tree: 88ec0fdfbfbbdd090a54a4e9e8ded2ad2cf3a8cc
parent: b76d4ba454c43cc6293b733f2bba363e34a9bf5e (diff)
3 files changed, 19 insertions, 3 deletions
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 9319b573a..873e22819 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Net;
 using System.Reflection;
 using Jellyfin.Api.Auth;
 using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
@@ -17,7 +18,6 @@ using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
 using Jellyfin.Server.Configuration;
 using Jellyfin.Server.Formatters;
-using Jellyfin.Server.Middleware;
 using MediaBrowser.Common.Json;
 using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authentication;
@@ -28,6 +28,7 @@ using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using Swashbuckle.AspNetCore.SwaggerGen;
+using AuthenticationSchemes = Jellyfin.Api.Constants.AuthenticationSchemes;
 
 namespace Jellyfin.Server.Extensions
 {
@@ -136,8 +137,9 @@ namespace Jellyfin.Server.Extensions
         /// </summary>
         /// <param name="serviceCollection">The service collection.</param>
         /// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param>
+        /// <param name="knownProxies">A list of all known proxies to trust for X-Forwarded-For.</param>
         /// <returns>The MVC builder.</returns>
-        public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable<Assembly> pluginAssemblies)
+        public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable<Assembly> pluginAssemblies, IReadOnlyList<string> knownProxies)
         {
             IMvcBuilder mvcBuilder = serviceCollection
                 .AddCors()
@@ -145,6 +147,13 @@ namespace Jellyfin.Server.Extensions
                 .Configure<ForwardedHeadersOptions>(options =>
                 {
                     options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+                    for (var i = 0; i < knownProxies.Count; i++)
+                    {
+                        if (IPAddress.TryParse(knownProxies[i], out var address))
+                        {
+                            options.KnownProxies.Add(address);
+                        }
+                    }
                 })
                 .AddMvc(opts =>
                 {
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index 9e969c0c1..2f4620aa6 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -52,7 +52,7 @@ namespace Jellyfin.Server
             {
                 options.HttpsPort = _serverApplicationHost.HttpsPort;
             });
-            services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies());
+            services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies(), _serverConfigurationManager.Configuration.KnownProxies);
 
             services.AddJellyfinApiSwagger();
 
@@ -103,6 +103,7 @@ namespace Jellyfin.Server
                     mainApp.UseDeveloperExceptionPage();
                 }
 
+                mainApp.UseForwardedHeaders();
                 mainApp.UseMiddleware<ExceptionMiddleware>();
 
                 mainApp.UseMiddleware<ResponseTimeMiddleware>();
diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index 68dc1cc83..48d1a7346 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -269,6 +269,11 @@ namespace MediaBrowser.Model.Configuration
         public string[] CorsHosts { get; set; }
 
         /// <summary>
+        /// Gets or sets the known proxies.
+        /// </summary>
+        public string[] KnownProxies { get; set; }
+
+        /// <summary>
         /// Initializes a new instance of the <see cref="ServerConfiguration" /> class.
         /// </summary>
         public ServerConfiguration()
@@ -378,6 +383,7 @@ namespace MediaBrowser.Model.Configuration
             EnableSlowResponseWarning = true;
             SlowResponseThresholdMs = 500;
             CorsHosts = new[] { "*" };
+            KnownProxies = Array.Empty<string>();
         }
     }
author	cvium <clausvium@gmail.com>	2020-09-10 11:05:46 +0200
committer	cvium <clausvium@gmail.com>	2020-09-10 11:05:46 +0200
commit	78cab77f819e8d8b283f95f2e48f635bcf66fea5 (patch)
tree	88ec0fdfbfbbdd090a54a4e9e8ded2ad2cf3a8cc
parent	b76d4ba454c43cc6293b733f2bba363e34a9bf5e (diff)