From 78cab77f819e8d8b283f95f2e48f635bcf66fea5 Mon Sep 17 00:00:00 2001 From: cvium Date: Thu, 10 Sep 2020 11:05:46 +0200 Subject: [PATCH] Add Known Proxies to system configuration --- .../Extensions/ApiServiceCollectionExtensions.cs | 13 +++++++++++-- Jellyfin.Server/Startup.cs | 3 ++- .../Configuration/ServerConfiguration.cs | 6 ++++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs index 9319b573a4..873e22819b 100644 --- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs +++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs @@ -2,6 +2,7 @@ using System; using System.Collections.Generic; using System.IO; using System.Linq; +using System.Net; using System.Reflection; using Jellyfin.Api.Auth; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy; @@ -17,7 +18,6 @@ using Jellyfin.Api.Constants; using Jellyfin.Api.Controllers; using Jellyfin.Server.Configuration; using Jellyfin.Server.Formatters; -using Jellyfin.Server.Middleware; using MediaBrowser.Common.Json; using MediaBrowser.Model.Entities; using Microsoft.AspNetCore.Authentication; @@ -28,6 +28,7 @@ using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.OpenApi.Models; using Swashbuckle.AspNetCore.SwaggerGen; +using AuthenticationSchemes = Jellyfin.Api.Constants.AuthenticationSchemes; namespace Jellyfin.Server.Extensions { @@ -136,8 +137,9 @@ namespace Jellyfin.Server.Extensions /// /// The service collection. /// An IEnumerable containing all plugin assemblies with API controllers. + /// A list of all known proxies to trust for X-Forwarded-For. /// The MVC builder. - public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable pluginAssemblies) + public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable pluginAssemblies, IReadOnlyList knownProxies) { IMvcBuilder mvcBuilder = serviceCollection .AddCors() @@ -145,6 +147,13 @@ namespace Jellyfin.Server.Extensions .Configure(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + for (var i = 0; i < knownProxies.Count; i++) + { + if (IPAddress.TryParse(knownProxies[i], out var address)) + { + options.KnownProxies.Add(address); + } + } }) .AddMvc(opts => { diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs index 9e969c0c16..2f4620aa63 100644 --- a/Jellyfin.Server/Startup.cs +++ b/Jellyfin.Server/Startup.cs @@ -52,7 +52,7 @@ namespace Jellyfin.Server { options.HttpsPort = _serverApplicationHost.HttpsPort; }); - services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies()); + services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies(), _serverConfigurationManager.Configuration.KnownProxies); services.AddJellyfinApiSwagger(); @@ -103,6 +103,7 @@ namespace Jellyfin.Server mainApp.UseDeveloperExceptionPage(); } + mainApp.UseForwardedHeaders(); mainApp.UseMiddleware(); mainApp.UseMiddleware(); diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs index 68dc1cc83d..48d1a7346a 100644 --- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs +++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs @@ -268,6 +268,11 @@ namespace MediaBrowser.Model.Configuration /// public string[] CorsHosts { get; set; } + /// + /// Gets or sets the known proxies. + /// + public string[] KnownProxies { get; set; } + /// /// Initializes a new instance of the class. /// @@ -378,6 +383,7 @@ namespace MediaBrowser.Model.Configuration EnableSlowResponseWarning = true; SlowResponseThresholdMs = 500; CorsHosts = new[] { "*" }; + KnownProxies = Array.Empty(); } }