Annikka/evennia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow X-Forwarded-For to be accepted for the WebSocket connections.

Browse source
This commit is contained in:
GulliblePsychologist 2020-01-11 16:20:19 +00:00
parent edff348d87
commit 5dee0873d1
3 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
evennia/server/portal/portal.py
View file

@ -58,6 +58,7 @@ SSL_PORTS = settings.SSL_PORTS
SSH_PORTS = settings.SSH_PORTS SSH_PORTS = settings.SSH_PORTS
WEBSERVER_PORTS = settings.WEBSERVER_PORTS WEBSERVER_PORTS = settings.WEBSERVER_PORTS
WEBSOCKET_CLIENT_PORT = settings.WEBSOCKET_CLIENT_PORT WEBSOCKET_CLIENT_PORT = settings.WEBSOCKET_CLIENT_PORT
WEBSOCKET_TRUST_X_FORWARDED_FOR = settings.WEBSOCKET_TRUST_X_FORWARDED_FOR
TELNET_INTERFACES = ["127.0.0.1"] if LOCKDOWN_MODE else settings.TELNET_INTERFACES TELNET_INTERFACES = ["127.0.0.1"] if LOCKDOWN_MODE else settings.TELNET_INTERFACES
SSL_INTERFACES = ["127.0.0.1"] if LOCKDOWN_MODE else settings.SSL_INTERFACES SSL_INTERFACES = ["127.0.0.1"] if LOCKDOWN_MODE else settings.SSL_INTERFACES
@ -386,6 +387,7 @@ if WEBSERVER_ENABLED:
factory.noisy = False factory.noisy = False
factory.protocol = webclient.WebSocketClient factory.protocol = webclient.WebSocketClient
factory.sessionhandler = PORTAL_SESSIONS factory.sessionhandler = PORTAL_SESSIONS
factory.setProtocolOptions(trustXForwardedFor=WEBSOCKET_TRUST_X_FORWARDED_FOR)
websocket_service = internet.TCPServer( websocket_service = internet.TCPServer(
port, factory, interface=w_interface port, factory, interface=w_interface
) )

9
evennia/server/portal/webclient.py
View file

@ -73,8 +73,13 @@ class WebSocketClient(WebSocketServerProtocol, Session):
This is called when the WebSocket connection is fully established. This is called when the WebSocket connection is fully established.
""" """
client_address = self.transport.client if 'x-forwarded-for' in self.http_headers and self.trustXForwardedFor:
client_address = client_address[0] if client_address else None addresses = [x.strip() for x in self.http_headers['x-forwarded-for'].split(',')]
trusted_addresses = addresses[-self.trustXForwardedFor:]
client_address = trusted_addresses[0]
else:
client_address = self.transport.client
client_address = client_address[0] if client_address else None
self.init_session("websocket", client_address, self.factory.sessionhandler) self.init_session("websocket", client_address, self.factory.sessionhandler)
csession = self.get_client_session() # this sets self.csessid csession = self.get_client_session() # this sets self.csessid

3
evennia/settings_default.py
View file

@ -102,6 +102,9 @@ WEBSOCKET_CLIENT_INTERFACE = "0.0.0.0"
# the client will itself figure out this url based on the server's hostname. # the client will itself figure out this url based on the server's hostname.
# e.g. ws://external.example.com or wss://external.example.com:443 # e.g. ws://external.example.com or wss://external.example.com:443
WEBSOCKET_CLIENT_URL = None WEBSOCKET_CLIENT_URL = None
# Number of trusted web servers (reverse proxies) in front of this server which
# set the X-Forwarded-For header.
WEBSOCKET_TRUST_X_FORWARDED_FOR = None
# This determine's whether Evennia's custom admin page is used, or if the # This determine's whether Evennia's custom admin page is used, or if the
# standard Django admin is used. # standard Django admin is used.
EVENNIA_ADMIN = True EVENNIA_ADMIN = True