diff options
| author | Peter Powell <petpow@saberuk.com> | 2019-11-28 17:59:35 +0000 |
|---|---|---|
| committer | Peter Powell <petpow@saberuk.com> | 2019-11-28 17:59:35 +0000 |
| commit | bb1f892f68cb70537b224bca85cc40f1ed23017d (patch) | |
| tree | c4722306888be6c4864b5b39220313affbb886d2 /src/modules | |
| parent | 6f2d0b505f4715c696cc5d49874d442cf790b98a (diff) | |
Implement support for websocket connections via a proxy like nginx.
Diffstat (limited to 'src/modules')
| -rw-r--r-- | src/modules/m_websocket.cpp | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp index 3437fdb1a..79cabf4e5 100644 --- a/src/modules/m_websocket.cpp +++ b/src/modules/m_websocket.cpp @@ -36,6 +36,9 @@ struct WebSocketConfig // The HTTP origins that can connect to the server. OriginList allowedorigins; + // Whether to trust the X-Real-IP or X-Forwarded-For headers. + bool behindproxy; + // Whether to send as UTF-8 text instead of binary data. bool sendastext; }; @@ -340,6 +343,29 @@ class WebSocketHook : public IOHookMiddle return -1; } + if (config.behindproxy && sock->type == StreamSocket::SS_USER) + { + LocalUser* luser = static_cast<UserIOHandler*>(sock)->user; + irc::sockets::sockaddrs realsa(luser->client_sa); + + HTTPHeaderFinder proxyheader; + if (proxyheader.Find(recvq, "X-Real-IP:", 10, reqend) + && irc::sockets::aptosa(proxyheader.ExtractValue(recvq), realsa.port(), realsa)) + { + // Nothing to do here. + } + else if (proxyheader.Find(recvq, "X-Forwarded-For:", 16, reqend) + && irc::sockets::aptosa(proxyheader.ExtractValue(recvq), realsa.port(), realsa)) + { + // Nothing to do here. + } + + // Give the user their real IP address. + if (realsa != luser->client_sa) + luser->SetClientIP(realsa); + } + + HTTPHeaderFinder keyheader; if (!keyheader.Find(recvq, "Sec-WebSocket-Key:", 18, reqend)) { @@ -492,6 +518,7 @@ class ModuleWebSocket : public Module } ConfigTag* tag = ServerInstance->Config->ConfValue("websocket"); + config.behindproxy = tag->getBool("behindproxy"); config.sendastext = tag->getBool("sendastext", true); // Everything is okay; apply the new config. |