Merge pull request #1229 from voodoos/cleanup/SocketSharp

Cleaning WebSocketSharp continued

3 files changed, 26 insertions, 115 deletions

diff --git a/Emby.Server.Implementations/SocketSharp/WebSocketSharpRequest.cs b/Emby.Server.Implementations/SocketSharp/WebSocketSharpRequest.cs
index 792615a0f..00465b63e 100644
--- a/Emby.Server.Implementations/SocketSharp/WebSocketSharpRequest.cs
+++ b/Emby.Server.Implementations/SocketSharp/WebSocketSharpRequest.cs
@@ -4,6 +4,7 @@ using System.Globalization;
 using System.IO;
 using System.Net;
 using System.Text;
+using MediaBrowser.Common.Net;
 using MediaBrowser.Model.Services;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
@@ -38,16 +39,9 @@ namespace Emby.Server.Implementations.SocketSharp
         public string RawUrl => request.GetEncodedPathAndQuery();
 
         public string AbsoluteUri => request.GetDisplayUrl().TrimEnd('/');
+        // Header[name] returns "" when undefined
 
-        public string XForwardedFor
-            => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-For"]) ? null : request.Headers["X-Forwarded-For"].ToString();
-
-        public int? XForwardedPort
-            => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-Port"]) ? (int?)null : int.Parse(request.Headers["X-Forwarded-Port"], CultureInfo.InvariantCulture);
-
-        public string XForwardedProtocol => StringValues.IsNullOrEmpty(request.Headers["X-Forwarded-Proto"]) ? null : request.Headers["X-Forwarded-Proto"].ToString();
-
-        public string XRealIp => StringValues.IsNullOrEmpty(request.Headers["X-Real-IP"]) ? null : request.Headers["X-Real-IP"].ToString();
+        private string GetHeader(string name) => request.Headers[name].ToString();
 
         private string remoteIp;
         public string RemoteIp
@@ -59,101 +53,27 @@ namespace Emby.Server.Implementations.SocketSharp
                     return remoteIp;
                 }
 
-                var temp = CheckBadChars(XForwardedFor.AsSpan());
-                if (temp.Length != 0)
-                {
-                    return remoteIp = temp.ToString();
-                }
+                IPAddress ip;
 
-                temp = CheckBadChars(XRealIp.AsSpan());
-                if (temp.Length != 0)
+                // "Real" remote ip might be in X-Forwarded-For of X-Real-Ip
+                // (if the server is behind a reverse proxy for example)
+                if (!IPAddress.TryParse(GetHeader(CustomHeaderNames.XForwardedFor), out ip))
                 {
-                    return remoteIp = NormalizeIp(temp).ToString();
-                }
-
-                return remoteIp = NormalizeIp(request.HttpContext.Connection.RemoteIpAddress.ToString().AsSpan()).ToString();
-            }
-        }
-
-        private static readonly char[] HttpTrimCharacters = new char[] { (char)0x09, (char)0xA, (char)0xB, (char)0xC, (char)0xD, (char)0x20 };
-
-        // CheckBadChars - throws on invalid chars to be not found in header name/value
-        internal static ReadOnlySpan<char> CheckBadChars(ReadOnlySpan<char> name)
-        {
-            if (name.Length == 0)
-            {
-                return name;
-            }
-
-            // VALUE check
-            // Trim spaces from both ends
-            name = name.Trim(HttpTrimCharacters);
-
-            // First, check for correctly formed multi-line value
-            // Second, check for absence of CTL characters
-            int crlf = 0;
-            for (int i = 0; i < name.Length; ++i)
-            {
-                char c = (char)(0x000000ff & (uint)name[i]);
-                switch (crlf)
-                {
-                    case 0:
-                        if (c == '\r')
-                        {
-                            crlf = 1;
-                        }
-                        else if (c == '\n')
-                        {
-                            // Technically this is bad HTTP.  But it would be a breaking change to throw here.
-                            // Is there an exploit?
-                            crlf = 2;
-                        }
-                        else if (c == 127 || (c < ' ' && c != '\t'))
-                        {
-                            throw new ArgumentException("net_WebHeaderInvalidControlChars", nameof(name));
-                        }
-
-                        break;
-
-                    case 1:
-                        if (c == '\n')
-                        {
-                            crlf = 2;
-                            break;
-                        }
-
-                        throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
-
-                    case 2:
-                        if (c == ' ' || c == '\t')
-                        {
-                            crlf = 0;
-                            break;
-                        }
-
-                        throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
+                    if (!IPAddress.TryParse(GetHeader(CustomHeaderNames.XRealIP), out ip))
+                    {
+                        ip = request.HttpContext.Connection.RemoteIpAddress;
+                    }
                 }
-            }
 
-            if (crlf != 0)
-            {
-                throw new ArgumentException("net_WebHeaderInvalidCRLFChars", nameof(name));
+                return remoteIp = NormalizeIp(ip).ToString();
             }
-
-            return name;
         }
 
-        private ReadOnlySpan<char> NormalizeIp(ReadOnlySpan<char> ip)
+        private static IPAddress NormalizeIp(IPAddress ip)
         {
-            if (ip.Length != 0 && !ip.IsWhiteSpace())
+            if (ip.IsIPv4MappedToIPv6)
             {
-                // Handle ipv4 mapped to ipv6
-                const string srch = "::ffff:";
-                var index = ip.IndexOf(srch.AsSpan(), StringComparison.OrdinalIgnoreCase);
-                if (index == 0)
-                {
-                    ip = ip.Slice(srch.Length);
-                }
+                return ip.MapToIPv4();
             }
 
             return ip;
diff --git a/MediaBrowser.Common/Net/CustomHeaderNames.cs b/MediaBrowser.Common/Net/CustomHeaderNames.cs
new file mode 100644
index 000000000..ff148dc80
--- /dev/null
+++ b/MediaBrowser.Common/Net/CustomHeaderNames.cs
@@ -0,0 +1,11 @@
+namespace MediaBrowser.Common.Net
+{
+    public static class CustomHeaderNames
+    {
+        // Other Headers
+        public const string XForwardedFor = "X-Forwarded-For";
+        public const string XForwardedPort = "X-Forwarded-Port";
+        public const string XForwardedProto = "X-Forwarded-Proto";
+        public const string XRealIP = "X-Real-IP";
+    }
+}
\ No newline at end of file
diff --git a/MediaBrowser.Model/Services/IHttpRequest.cs b/MediaBrowser.Model/Services/IHttpRequest.cs
index 50c6076f3..daf91488f 100644
--- a/MediaBrowser.Model/Services/IHttpRequest.cs
+++ b/MediaBrowser.Model/Services/IHttpRequest.cs
@@ -8,26 +8,6 @@ namespace MediaBrowser.Model.Services
         string HttpMethod { get; }
 
         /// <summary>
-        /// The IP Address of the X-Forwarded-For header, null if null or empty
-        /// </summary>
-        string XForwardedFor { get; }
-
-        /// <summary>
-        /// The Port number of the X-Forwarded-Port header, null if null or empty
-        /// </summary>
-        int? XForwardedPort { get; }
-
-        /// <summary>
-        /// The http or https scheme of the X-Forwarded-Proto header, null if null or empty
-        /// </summary>
-        string XForwardedProtocol { get; }
-
-        /// <summary>
-        /// The value of the X-Real-IP header, null if null or empty
-        /// </summary>
-        string XRealIp { get; }
-
-        /// <summary>
         /// The value of the Accept HTTP Request Header
         /// </summary>
         string Accept { get; }