Middleware for multiple proxies

2025-11-18 22:18:02 +00:00 · 2018-11-19 16:03:41 +01:00
parent ea3c586d3b
commit 033a288b8d
2 changed files with 40 additions and 8 deletions
--- a/config.py
+++ b/config.py
@@ -4,14 +4,16 @@ Configuration overrides for settings.py

 import os
 import sys
-from socket import gethostname, gethostbyname
 from django.urls import reverse_lazy
 from ivatar.settings import BASE_DIR

-ADMIN_USERS = []
-ALLOWED_HOSTS = [ '*' ]
+from ivatar.settings import MIDDLEWARE
+from ivatar.settings import INSTALLED_APPS
+from ivatar.settings import TEMPLATES
+
+ADMIN_USERS = []
+ALLOWED_HOSTS = ['*']

-from ivatar.settings import INSTALLED_APPS  # noqa
 INSTALLED_APPS.extend([
    'django_extensions',
    'django_openid_auth',
@@ -22,10 +24,12 @@ INSTALLED_APPS.extend([
    'ivatar.tools',
 ])

-from ivatar.settings import MIDDLEWARE  # noqa
 MIDDLEWARE.extend([
    'django.middleware.locale.LocaleMiddleware',
 ])
+MIDDLEWARE.insert(
+    0, 'ivatar.middleware.MultipleProxyMiddleware',
+)

 AUTHENTICATION_BACKENDS = (
    # Enable this to allow LDAP authentication.
@@ -35,7 +39,6 @@ AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
 )

-from ivatar.settings import TEMPLATES  # noqa
 TEMPLATES[0]['DIRS'].extend([
    os.path.join(BASE_DIR, 'templates'),
 ])
@@ -76,7 +79,8 @@ BOOTSTRAP4 = {
    'javascript_in_head': False,
    'css_url': {
        'href': '/static/css/bootstrap.min.css',
-        'integrity': 'sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId/iRN3ewGhXQFZCSftd1LZCfmhktB',  # noqa
+        'integrity':
+            'sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId/iRN3ewGhXQFZCSftd1LZCfmhktB',
        'crossorigin': 'anonymous',
    },
    'javascript_url': {
@@ -86,7 +90,8 @@ BOOTSTRAP4 = {
    },
    'popper_url': {
        'url': '/static/js/popper.min.js',
-        'integrity': 'sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49',  # noqa
+        'integrity':
+            'sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49',
        'crossorigin': 'anonymous',
    },
 }
@@ -134,3 +139,4 @@ if os.path.isfile(os.path.join(BASE_DIR, 'config_local.py')):
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'

 USE_X_FORWARDED_HOST = True
+ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = ['avatars.linux-kernel.at', 'localhost',]
--- a/ivatar/middleware.py
+++ b/ivatar/middleware.py
@@ -0,0 +1,26 @@
+"""
+Middleware classes
+"""
+from django.utils.deprecation import MiddlewareMixin
+
+class MultipleProxyMiddleware(MiddlewareMixin):  # pylint: disable=too-few-public-methods
+    """
+    Middleware to rewrite proxy headers for deployments
+    multiple proxies
+    """
+    FORWARDED_FOR_FIELDS = [
+        'HTTP_X_FORWARDED_FOR',
+        'HTTP_X_FORWARDED_HOST',
+        'HTTP_X_FORWARDED_SERVER',
+    ]
+
+    def process_request(self, request):
+        """
+        Rewrites the proxy headers so that only the most
+        recent proxy is used.
+        """
+        for field in self.FORWARDED_FOR_FIELDS:
+            if field in request.META:
+                if ',' in request.META[field]:
+                    parts = request.META[field].split(',')
+                    request.META[field] = parts[-1].strip()