add test that push server is a trusted proxy

9141741e · Robin Appelman · eed590ea · 9141741e · 9141741e · 9141741e
Commit 9141741e authored 4 years ago by Robin Appelman
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -28,5 +28,10 @@ return [
 			'url' => '/test/cookie',
 			'verb' => 'GET',
 		],
+		[
+			'name' => 'test#remote',
+			'url' => '/test/remote',
+			'verb' => 'GET',
+		],
 	],
 ];
--- a/lib/Controller/TestController.php
+++ b/lib/Controller/TestController.php
@@ -24,6 +24,7 @@ declare(strict_types=1);
 namespace OCA\NotifyPush\Controller;

 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\DataDisplayResponse;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IConfig;
 use OCP\IRequest;
@@ -48,4 +49,13 @@ class TestController extends Controller {
 	public function cookie() {
 		return new DataResponse((int)$this->config->getAppValue('notify_push', 'cookie', '0'));
 	}
+
+	/**
+	 * @NoAdminRequired
+	 * @PublicPage
+	 * @NoCSRFRequired
+	 */
+	public function remote() {
+		return new DataDisplayResponse($this->request->getRemoteAddress());
+	}
 }
--- a/lib/SelfTest.php
+++ b/lib/SelfTest.php
@@ -120,6 +120,22 @@ class SelfTest {
 			return 1;
 		}

+		// test that the push server is a trusted proxy
+		try {
+			$remote = $this->client->get($this->server . '/test/remote/1.2.3.4')->getBody();
+		} catch (\Exception $e) {
+			$msg = $e->getMessage();
+			$output->writeln("<error>🗴 can't connect to push server: $msg</error>");
+			return 1;
+		}
+
+		if ($remote === '1.2.3.4') {
+			$output->writeln("<info>✓ push server is a trusted proxy</info>");
+		} else {
+			$output->writeln("<error>🗴 push server is not a trusted proxy, please add '$remote' to the list of trusted proxies</error>");
+			return 1;
+		}
+
 		return 0;
 	}


--- a/src/main.rs
+++ b/src/main.rs
@@ -94,10 +94,22 @@ async fn main() -> Result<()> {
        },
    );

+    let remote_test =
+        warp::path!("test" / "remote" / IpAddr).and_then(|remote: IpAddr| async move {
+            let client = NC_CLIENT.get().unwrap();
+            let result = client
+                .test_set_remote(remote)
+                .await
+                .map(|remote| remote.to_string())
+                .unwrap_or_else(|e| e.to_string());
+            Result::<_, Infallible>::Ok(result)
+        });
+
    let routes = socket
        .or(cookie_test)
        .or(reverse_cookie_test)
-        .or(mapping_test);
+        .or(mapping_test)
+        .or(remote_test);

    warp::serve(routes).run(([127, 0, 0, 1], 3030)).await;
    Ok(())

--- a/src/nc.rs
+++ b/src/nc.rs
@@ -31,7 +31,7 @@ impl Client {
            .head(self.dav_url.clone())
            .basic_auth(username, Some(password))
            .header(
-                "X_FORWARDED_FOR",
+                "x-forwarded-for",
                addr.map(|addr| addr.to_string()).unwrap_or_default(),
            )
            .send()
@@ -60,4 +60,16 @@ impl Client {
            .json()
            .await?)
    }
+
+    pub async fn test_set_remote(&self, addr: IpAddr) -> Result<IpAddr> {
+        Ok(self
+            .http
+            .get(self.base_url.join("apps/notify_push/test/remote")?)
+            .header("x-forwarded-for", addr.to_string())
+            .send()
+            .await?
+            .text()
+            .await?
+            .parse()?)
+    }
 }