diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-03-28 14:45:22 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-28 14:45:22 -0400 |
| commit | dfd4d42d17400e0291bcbf2a6373a32b35462350 (patch) | |
| tree | 7ff7052a1d3721970abb655dcec191a510b28b5b /internal | |
| parent | 236e32ee9557cda24e8a20b5da0a904c8cd2ebd1 (diff) | |
| parent | bb4f49cfd94783111e2fbed99b4ea7a2077fa0bf (diff) | |
| download | anubis-Xe/deblob.tar.xz anubis-Xe/deblob.zip | |
Merge branch 'main' into Xe/deblobXe/deblob
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/headers.go | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/internal/headers.go b/internal/headers.go index 681d076..d73fa33 100644 --- a/internal/headers.go +++ b/internal/headers.go @@ -2,7 +2,9 @@ package internal import ( "log/slog" + "net" "net/http" + "strings" "github.com/TecharoHQ/anubis" "github.com/sebest/xff" @@ -21,16 +23,29 @@ func UnchangingCache(next http.Handler) http.Handler { }) } -// DefaultXRealIP sets the X-Real-Ip header to the given value if and only if -// it is not an empty string. -func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler { - if defaultIP == "" { - slog.Debug("skipping middleware, defaultIP is empty") +// RemoteXRealIP sets the X-Real-Ip header to the request's real IP if +// the setting is enabled by the user. +func RemoteXRealIP(useRemoteAddress bool, bindNetwork string, next http.Handler) http.Handler { + if useRemoteAddress == false { + slog.Debug("skipping middleware, useRemoteAddress is empty") return next } + if bindNetwork == "unix" { + // For local sockets there is no real remote address but the localhost + // address should be sensible. + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + r.Header.Set("X-Real-Ip", "127.0.0.1") + next.ServeHTTP(w, r) + }) + } + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - r.Header.Set("X-Real-Ip", defaultIP) + host, _, err := net.SplitHostPort(r.RemoteAddr) + if err != nil { + panic(err) // this should never happen + } + r.Header.Set("X-Real-Ip", host) next.ServeHTTP(w, r) }) } @@ -48,3 +63,14 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler { next.ServeHTTP(w, r) }) } + +// Do not allow browsing directory listings in paths that end with / +func NoBrowsing(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if strings.HasSuffix(r.URL.Path, "/") { + http.NotFound(w, r) + return + } + next.ServeHTTP(w, r) + }) +} |