match forwarded spec more closely

2021-06-25 17:41:56 +01:00 · 2021-06-25 17:41:56 +01:00 · 81589d4654
parent 2766fb1fbd
commit 81589d4654
6 changed files with 221 additions and 73 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -48,7 +48,6 @@ jobs:
        uses: actions-rs/cargo@v1
        with:
          command: generate-lockfile
-
      - name: Cache Dependencies
        uses: Swatinem/rust-cache@v1.2.0

@ -96,7 +95,6 @@ jobs:
        run: |
          cargo install cargo-tarpaulin --vers "^0.13"
          cargo tarpaulin --out Xml --verbose
-
      - name: Upload to Codecov
        if: >
          matrix.target.os == 'ubuntu-latest'
--- a/CHANGES.md
+++ b/CHANGES.md
@ -10,6 +10,7 @@
 ### Changed
 * Change compression algorithm features flags. [#2250]
 * Deprecate `App::data` and `App::data_factory`. [#2271]
+* Smarter extraction of `ConnectionInfo` parts. [#2282]

 ### Fixed
 * Scope and Resource middleware can access data items set on their own layer. [#2288]
@ -19,6 +20,7 @@
 [#2271]: https://github.com/actix/actix-web/pull/2271
 [#2262]: https://github.com/actix/actix-web/pull/2262
 [#2263]: https://github.com/actix/actix-web/pull/2263
+[#2282]: https://github.com/actix/actix-web/pull/2282
 [#2288]: https://github.com/actix/actix-web/pull/2288


--- a/Cargo.toml
+++ b/Cargo.toml
@ -107,7 +107,7 @@ actix-test = { version = "0.1.0-beta.3", features = ["openssl", "rustls"] }
 awc = { version = "3.0.0-beta.6", features = ["openssl"] }

 brotli2 = "0.3.2"
-criterion = "0.3"
+criterion = { version = "0.3", features = ["html_reports"] }
 env_logger = "0.8"
 flate2 = "1.0.13"
 zstd = "0.7"
--- a/src/config.rs
+++ b/src/config.rs
@ -144,6 +144,11 @@ impl AppConfig {
    pub fn local_addr(&self) -> SocketAddr {
        self.addr
    }
+
+    #[cfg(test)]
+    pub(crate) fn set_host(&mut self, host: &str) {
+        self.host = host.to_owned();
+    }
 }

 impl Default for AppConfig {
--- a/src/info.rs
+++ b/src/info.rs
@ -2,19 +2,35 @@ use std::{cell::Ref, convert::Infallible, net::SocketAddr};

 use actix_utils::future::{err, ok, Ready};
 use derive_more::{Display, Error};
+use once_cell::sync::Lazy;

 use crate::{
    dev::{AppConfig, Payload, RequestHead},
    http::{
-        header,
+        header::{self, HeaderName},
        uri::{Authority, Scheme},
    },
    FromRequest, HttpRequest, ResponseError,
 };

-const X_FORWARDED_FOR: &str = "x-forwarded-for";
-const X_FORWARDED_HOST: &str = "x-forwarded-host";
-const X_FORWARDED_PROTO: &str = "x-forwarded-proto";
+static X_FORWARDED_FOR: Lazy<HeaderName> =
+    Lazy::new(|| HeaderName::from_static("x-forwarded-for"));
+static X_FORWARDED_HOST: Lazy<HeaderName> =
+    Lazy::new(|| HeaderName::from_static("x-forwarded-host"));
+static X_FORWARDED_PROTO: Lazy<HeaderName> =
+    Lazy::new(|| HeaderName::from_static("x-forwarded-proto"));
+
+/// Trim whitespace then any quote marks.
+fn unquote(val: &str) -> &str {
+    val.trim().trim_start_matches('"').trim_end_matches('"')
+}
+
+/// Extracts and trims first value for given header name.
+fn first_header_value<'a>(req: &'a RequestHead, name: &'_ HeaderName) -> Option<&'a str> {
+    let hdr = req.headers.get(name)?.to_str().ok()?;
+    let val = hdr.split(',').next()?.trim();
+    Some(val)
+}

 /// HTTP connection information.
 ///
@ -34,6 +50,19 @@ const X_FORWARDED_PROTO: &str = "x-forwarded-proto";
 /// }
 /// # let _svc = actix_web::web::to(handler);
 /// ```
+///
+/// # Implementation Notes
+/// Parses `Forwarded` header information according to [RFC 7239][rfc7239] but does not try to
+/// interpret the values for each property. As such, the getter methods on `ConnectionInfo` return
+/// strings instead of IP addresses or other types to acknowledge that they may be
+/// [obfuscated][rfc7239-63] or [unknown][rfc7239-62].
+///
+/// If the older, related headers are also present (eg. `X-Forwarded-For`), then `Forwarded`
+/// is preferred.
+///
+/// [rfc7239]: https://datatracker.ietf.org/doc/html/rfc7239
+/// [rfc7239-62]: https://datatracker.ietf.org/doc/html/rfc7239#section-6.2
+/// [rfc7239-63]: https://datatracker.ietf.org/doc/html/rfc7239#section-6.3
 #[derive(Debug, Clone, Default)]
 pub struct ConnectionInfo {
    scheme: String,
@ -56,62 +85,64 @@ impl ConnectionInfo {
        let mut scheme = None;
        let mut realip_remote_addr = None;

-        for el in req
+        for (name, val) in req
            .headers
            .get_all(&header::FORWARDED)
            .into_iter()
            .filter_map(|hdr| hdr.to_str().ok())
+            // "for=1.2.3.4, for=5.6.7.8; scheme=https"
            .flat_map(|val| val.split(';'))
-            .flat_map(|pair| pair.split(','))
+            // ["for=1.2.3.4, for=5.6.7.8", " scheme=https"]
+            .flat_map(|vals| vals.split(','))
+            // ["for=1.2.3.4", " for=5.6.7.8", " scheme=https"]
+            .flat_map(|pair| {
+                let mut items = pair.trim().splitn(2, '=');
+                Some((items.next()?, items.next()?))
+            })
        {
-            let mut items = el.trim().splitn(2, '=');
-            if let (Some(name), Some(val)) = (items.next(), items.next()) {
-                match name.to_lowercase().as_ref() {
-                    "for" => {
-                        realip_remote_addr.get_or_insert_with(|| val.trim());
-                    }
-                    "proto" => {
-                        scheme.get_or_insert_with(|| val.trim());
-                    }
-                    "host" => {
-                        host.get_or_insert_with(|| val.trim());
-                    }
-                    _ => {}
+            // [(name , val      ), ...                                    ]
+            // [("for", "1.2.3.4"), ("for", "5.6.7.8"), ("scheme", "https")]
+
+            // taking the first value for each property is correct because spec states that first
+            // "for" value is client and rest are proxies; multiple values other properties have
+            // no defined semantics
+            //
+            // > In a chain of proxy servers where this is fully utilized, the first
+            // > "for" parameter will disclose the client where the request was first
+            // > made, followed by any subsequent proxy identifiers.
+            // --- https://datatracker.ietf.org/doc/html/rfc7239#section-5.2
+
+            match name.trim().to_lowercase().as_str() {
+                "for" => realip_remote_addr.get_or_insert_with(|| unquote(val)),
+                "proto" => scheme.get_or_insert_with(|| unquote(val)),
+                "host" => host.get_or_insert_with(|| unquote(val)),
+                "by" => {
+                    // TODO: implement https://datatracker.ietf.org/doc/html/rfc7239#section-5.1
+                    continue;
                }
-            }
+                _ => continue,
+            };
        }

-        let first_header_value = |name| {
-            let val = req
-                .headers
-                .get(name)?
-                .to_str()
-                .ok()?
-                .split(',')
-                .next()?
-                .trim();
-            Some(val)
-        };
-
        let scheme = scheme
-            .or_else(|| first_header_value(X_FORWARDED_PROTO))
+            .or_else(|| first_header_value(req, &*X_FORWARDED_PROTO))
            .or_else(|| req.uri.scheme().map(Scheme::as_str))
            .or_else(|| Some("https").filter(|_| cfg.secure()))
            .unwrap_or("http")
            .to_owned();

        let host = host
-            .or_else(|| first_header_value(X_FORWARDED_HOST))
+            .or_else(|| first_header_value(req, &*X_FORWARDED_HOST))
            .or_else(|| req.headers.get(&header::HOST)?.to_str().ok())
            .or_else(|| req.uri.authority().map(Authority::as_str))
            .unwrap_or(cfg.host())
            .to_owned();

        let realip_remote_addr = realip_remote_addr
-            .or_else(|| first_header_value(X_FORWARDED_FOR))
+            .or_else(|| first_header_value(req, &*X_FORWARDED_FOR))
            .map(str::to_owned);

-        let remote_addr = req.peer_addr.map(|addr| format!("{}", addr));
+        let remote_addr = req.peer_addr.map(|addr| addr.to_string());

        ConnectionInfo {
            remote_addr,
@ -146,19 +177,16 @@ impl ConnectionInfo {
        &self.host
    }

-    /// remote_addr address of the request.
+    /// Remote address of the connection.
    ///
-    /// Get remote_addr address from socket address
+    /// Get remote_addr address from socket address.
    pub fn remote_addr(&self) -> Option<&str> {
-        if let Some(ref remote_addr) = self.remote_addr {
-            Some(remote_addr)
-        } else {
-            None
-        }
+        self.remote_addr.as_deref()
    }
-    /// Real ip remote addr of client initiated HTTP request.
+
+    /// Real IP (remote address) of client that initiated request.
    ///
-    /// The addr is resolved through the following headers, in this order:
+    /// The address is resolved through the following headers, in this order:
    ///
    /// - Forwarded
    /// - X-Forwarded-For
@ -167,17 +195,14 @@ impl ConnectionInfo {
    /// # Security
    /// Do not use this function for security purposes, unless you can ensure the Forwarded and
    /// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
-    /// address explicitly, use
-    /// [`HttpRequest::peer_addr()`](super::web::HttpRequest::peer_addr()) instead.
+    /// address explicitly, use [`HttpRequest::peer_addr()`][peer_addr] instead.
+    ///
+    /// [peer_addr]: crate::web::HttpRequest::peer_addr()
    #[inline]
    pub fn realip_remote_addr(&self) -> Option<&str> {
-        if let Some(ref r) = self.realip_remote_addr {
-            Some(r)
-        } else if let Some(ref remote_addr) = self.remote_addr {
-            Some(remote_addr)
-        } else {
-            None
-        }
+        self.realip_remote_addr
+            .as_deref()
+            .or_else(|| self.remote_addr.as_deref())
    }
 }

@ -245,13 +270,60 @@ mod tests {
    use super::*;
    use crate::test::TestRequest;

+    const X_FORWARDED_FOR: &str = "x-forwarded-for";
+    const X_FORWARDED_HOST: &str = "x-forwarded-host";
+    const X_FORWARDED_PROTO: &str = "x-forwarded-proto";
+
    #[test]
-    fn test_forwarded() {
+    fn info_default() {
        let req = TestRequest::default().to_http_request();
        let info = req.connection_info();
        assert_eq!(info.scheme(), "http");
        assert_eq!(info.host(), "localhost:8080");
+    }

+    #[test]
+    fn host_header() {
+        let req = TestRequest::default()
+            .insert_header((header::HOST, "rust-lang.org"))
+            .to_http_request();
+
+        let info = req.connection_info();
+        assert_eq!(info.scheme(), "http");
+        assert_eq!(info.host(), "rust-lang.org");
+        assert_eq!(info.realip_remote_addr(), None);
+    }
+
+    #[test]
+    fn x_forwarded_for_header() {
+        let req = TestRequest::default()
+            .insert_header((X_FORWARDED_FOR, "192.0.2.60"))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
+    }
+
+    #[test]
+    fn x_forwarded_host_header() {
+        let req = TestRequest::default()
+            .insert_header((X_FORWARDED_HOST, "192.0.2.60"))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.host(), "192.0.2.60");
+        assert_eq!(info.realip_remote_addr(), None);
+    }
+
+    #[test]
+    fn x_forwarded_proto_header() {
+        let req = TestRequest::default()
+            .insert_header((X_FORWARDED_PROTO, "https"))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.scheme(), "https");
+    }
+
+    #[test]
+    fn forwarded_header() {
        let req = TestRequest::default()
            .insert_header((
                header::FORWARDED,
@ -265,45 +337,111 @@ mod tests {
        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));

        let req = TestRequest::default()
-            .insert_header((header::HOST, "rust-lang.org"))
+            .insert_header((
+                header::FORWARDED,
+                "for=192.0.2.60; proto=https; by=203.0.113.43; host=rust-lang.org",
+            ))
            .to_http_request();

        let info = req.connection_info();
-        assert_eq!(info.scheme(), "http");
+        assert_eq!(info.scheme(), "https");
        assert_eq!(info.host(), "rust-lang.org");
-        assert_eq!(info.realip_remote_addr(), None);
+        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
+    }

+    #[test]
+    fn forwarded_case_sensitivity() {
        let req = TestRequest::default()
-            .insert_header((X_FORWARDED_FOR, "192.0.2.60"))
+            .insert_header((header::FORWARDED, "For=192.0.2.60"))
            .to_http_request();
        let info = req.connection_info();
        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
+    }

+    #[test]
+    fn forwarded_weird_whitespace() {
        let req = TestRequest::default()
-            .insert_header((X_FORWARDED_HOST, "192.0.2.60"))
+            .insert_header((header::FORWARDED, "for= 1.2.3.4; proto= https"))
            .to_http_request();
        let info = req.connection_info();
-        assert_eq!(info.host(), "192.0.2.60");
-        assert_eq!(info.realip_remote_addr(), None);
+        assert_eq!(info.realip_remote_addr(), Some("1.2.3.4"));
+        assert_eq!(info.scheme(), "https");

        let req = TestRequest::default()
-            .insert_header((X_FORWARDED_PROTO, "https"))
+            .insert_header((header::FORWARDED, "  for = 1.2.3.4  "))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.realip_remote_addr(), Some("1.2.3.4"));
+    }
+
+    #[test]
+    fn forwarded_for_quoted() {
+        let req = TestRequest::default()
+            .insert_header((header::FORWARDED, r#"for="192.0.2.60:8080""#))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60:8080"));
+    }
+
+    #[test]
+    fn forwarded_for_ipv6() {
+        let req = TestRequest::default()
+            .insert_header((header::FORWARDED, r#"for="[2001:db8:cafe::17]:4711""#))
+            .to_http_request();
+        let info = req.connection_info();
+        assert_eq!(info.realip_remote_addr(), Some("[2001:db8:cafe::17]:4711"));
+    }
+
+    #[test]
+    fn forwarded_for_multiple() {
+        let req = TestRequest::default()
+            .insert_header((header::FORWARDED, "for=192.0.2.60, for=198.51.100.17"))
+            .to_http_request();
+        let info = req.connection_info();
+        // takes the first value
+        assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
+    }
+
+    #[test]
+    fn scheme_from_uri() {
+        let req = TestRequest::get()
+            .uri("https://actix.rs/test")
            .to_http_request();
        let info = req.connection_info();
        assert_eq!(info.scheme(), "https");
    }

-    #[actix_rt::test]
-    async fn test_conn_info() {
-        let req = TestRequest::default()
-            .uri("http://actix.rs/")
+    #[test]
+    fn host_from_uri() {
+        let req = TestRequest::get()
+            .uri("https://actix.rs/test")
            .to_http_request();
-        let conn_info = ConnectionInfo::extract(&req).await.unwrap();
-        assert_eq!(conn_info.scheme(), "http");
+        let info = req.connection_info();
+        assert_eq!(info.host(), "actix.rs");
+    }
+
+    #[test]
+    fn host_from_server_hostname() {
+        let mut req = TestRequest::get();
+        req.set_server_hostname("actix.rs");
+        let req = req.to_http_request();
+
+        let info = req.connection_info();
+        assert_eq!(info.host(), "actix.rs");
    }

    #[actix_rt::test]
-    async fn test_peer_addr() {
+    async fn conn_info_extract() {
+        let req = TestRequest::default()
+            .uri("https://actix.rs/test")
+            .to_http_request();
+        let conn_info = ConnectionInfo::extract(&req).await.unwrap();
+        assert_eq!(conn_info.scheme(), "https");
+        assert_eq!(conn_info.host(), "actix.rs");
+    }
+
+    #[actix_rt::test]
+    async fn peer_addr_extract() {
        let addr = "127.0.0.1:8080".parse().unwrap();
        let req = TestRequest::default().peer_addr(addr).to_http_request();
        let peer_addr = PeerAddr::extract(&req).await.unwrap();
--- a/src/test.rs
+++ b/src/test.rs
@ -613,6 +613,11 @@ impl TestRequest {
        let req = self.to_request();
        call_service(app, req).await
    }
+
+    #[cfg(test)]
+    pub fn set_server_hostname(&mut self, host: &str) {
+        self.config.set_host(host)
+    }
 }

 #[cfg(test)]