mirror of https://github.com/fafhrd91/actix-web
699 lines
25 KiB
Rust
699 lines
25 KiB
Rust
use std::{
|
|
convert::Infallible,
|
|
net::{IpAddr, SocketAddr},
|
|
};
|
|
|
|
use actix_utils::future::{err, ok, Ready};
|
|
use derive_more::derive::{Display, Error};
|
|
|
|
use crate::{
|
|
dev::{AppConfig, Payload, RequestHead},
|
|
http::{
|
|
header,
|
|
uri::{Authority, Scheme},
|
|
},
|
|
FromRequest, HttpRequest, ResponseError,
|
|
};
|
|
|
|
/// Trim whitespace then any quote marks.
|
|
fn unquote(val: &str) -> &str {
|
|
val.trim().trim_start_matches('"').trim_end_matches('"')
|
|
}
|
|
|
|
/// Remove port and IPv6 square brackets from a peer specification.
|
|
fn bare_address(val: &str) -> &str {
|
|
if val.starts_with('[') {
|
|
val.split("]:")
|
|
.next()
|
|
.map(|s| s.trim_start_matches('[').trim_end_matches(']'))
|
|
// this indicates that the IPv6 address is malformed so shouldn't
|
|
// usually happen, but if it does, just return the original input
|
|
.unwrap_or(val)
|
|
} else {
|
|
val.split(':').next().unwrap_or(val)
|
|
}
|
|
}
|
|
|
|
/// Extract default host from request or server configuration.
|
|
fn default_host<'a>(req: &'a RequestHead, cfg: &'a AppConfig) -> &'a str {
|
|
req.headers
|
|
.get(&header::HOST)
|
|
.and_then(|v| v.to_str().ok())
|
|
// skip host header if HTTP/2, we should use :authority instead
|
|
.filter(|_| req.version < actix_http::Version::HTTP_2)
|
|
.or_else(|| req.uri.authority().map(Authority::as_str))
|
|
// @TODO can we get the sni host if in secure context ?
|
|
.unwrap_or_else(|| cfg.host())
|
|
}
|
|
|
|
/// Extract default scheme from request or server configuration.
|
|
fn default_scheme<'a>(req: &'a RequestHead, cfg: &'a AppConfig) -> &'a str {
|
|
req.uri
|
|
.scheme()
|
|
.map(Scheme::as_str)
|
|
.or_else(|| Some("https").filter(|_| cfg.secure()))
|
|
.unwrap_or("http")
|
|
}
|
|
|
|
/// HTTP connection information.
|
|
///
|
|
/// `ConnectionInfo` implements `FromRequest` and can be extracted in handlers.
|
|
///
|
|
/// # Examples
|
|
/// ```
|
|
/// # use actix_web::{HttpResponse, Responder};
|
|
/// use actix_web::dev::ConnectionInfo;
|
|
///
|
|
/// async fn handler(conn: ConnectionInfo) -> impl Responder {
|
|
/// match conn.host() {
|
|
/// "actix.rs" => HttpResponse::Ok().body("Welcome!"),
|
|
/// "admin.actix.rs" => HttpResponse::Ok().body("Admin portal."),
|
|
/// _ => HttpResponse::NotFound().finish()
|
|
/// }
|
|
/// }
|
|
/// # let _svc = actix_web::web::to(handler);
|
|
/// ```
|
|
///
|
|
/// # Implementation Notes
|
|
/// Parses `Forwarded` header information according to [RFC 7239][rfc7239] but does not try to
|
|
/// interpret the values for each property. As such, the getter methods on `ConnectionInfo` return
|
|
/// strings instead of IP addresses or other types to acknowledge that they may be
|
|
/// [obfuscated][rfc7239-63] or [unknown][rfc7239-62].
|
|
///
|
|
/// If the older, related headers are also present (eg. `X-Forwarded-For`), then `Forwarded`
|
|
/// is preferred.
|
|
///
|
|
/// Header are parsed only if the peer address is trusted and the header is trusted, otherwise the
|
|
/// request is considered to be direct and the headers are ignored.
|
|
///
|
|
/// [rfc7239]: https://datatracker.ietf.org/doc/html/rfc7239
|
|
/// [rfc7239-62]: https://datatracker.ietf.org/doc/html/rfc7239#section-6.2
|
|
/// [rfc7239-63]: https://datatracker.ietf.org/doc/html/rfc7239#section-6.3
|
|
#[derive(Debug, Clone, Default)]
|
|
pub struct ConnectionInfo {
|
|
host: String,
|
|
scheme: String,
|
|
peer_addr: Option<String>,
|
|
realip_remote_addr: Option<String>,
|
|
}
|
|
|
|
impl ConnectionInfo {
|
|
pub(crate) fn new(req: &RequestHead, cfg: &AppConfig) -> ConnectionInfo {
|
|
let (host, scheme, peer_addr, realip_remote_addr) =
|
|
match req.peer_addr.map(|addr| addr.ip()) {
|
|
// since we don't have a peer address, we can't determine the real IP and we cannot trust any headers
|
|
// set the host and scheme to the server's configuration
|
|
None => (
|
|
default_host(req, cfg).to_string(),
|
|
default_scheme(req, cfg).to_string(),
|
|
None,
|
|
None,
|
|
),
|
|
Some(ip) => {
|
|
if !cfg.trusted_proxies().trust_ip(&ip) {
|
|
// if the peer address is not trusted, we can't trust the headers
|
|
// set the host and scheme to the server's configuration
|
|
(
|
|
default_host(req, cfg).to_string(),
|
|
default_scheme(req, cfg).to_string(),
|
|
Some(ip.to_string()),
|
|
None,
|
|
)
|
|
} else {
|
|
// if the peer address is trusted, we can start to check trusted header to get correct information
|
|
|
|
let mut host = None;
|
|
let mut scheme = None;
|
|
let mut realip_remote_addr = None;
|
|
|
|
// first check the forwarded header if it is trusted
|
|
if cfg.trusted_proxies().trust_header(&header::FORWARDED) {
|
|
// quote from RFC 7239:
|
|
// A proxy server that wants to add a new "Forwarded" header field value
|
|
// can either append it to the last existing "Forwarded" header field
|
|
// after a comma separator or add a new field at the end of the header
|
|
// block.
|
|
// --- https://datatracker.ietf.org/doc/html/rfc7239#section-4
|
|
// so we get the values in reverse order as we want to get the first untrusted value
|
|
let forwarded_list = req
|
|
.headers
|
|
.get_all(&header::FORWARDED)
|
|
.filter_map(|hdr| hdr.to_str().ok())
|
|
// "for=1.2.3.4, for=5.6.7.8; scheme=https"
|
|
.flat_map(|vals| vals.split(','))
|
|
// ["for=1.2.3.4", "for=5.6.7.8; scheme=https"]
|
|
.rev();
|
|
|
|
'forwaded: for forwarded in forwarded_list {
|
|
for (key, value) in forwarded.split(';').map(|item| {
|
|
let mut kv = item.splitn(2, '=');
|
|
|
|
(
|
|
kv.next().map(|s| s.trim()).unwrap_or_default(),
|
|
kv.next().map(|s| unquote(s.trim())).unwrap_or_default(),
|
|
)
|
|
}) {
|
|
match key.to_lowercase().as_str() {
|
|
"for" => {
|
|
if let Ok(ip) = bare_address(value).parse::<IpAddr>() {
|
|
if cfg.trusted_proxies().trust_ip(&ip) {
|
|
host = None;
|
|
scheme = None;
|
|
realip_remote_addr = None;
|
|
|
|
continue 'forwaded;
|
|
}
|
|
}
|
|
|
|
realip_remote_addr = Some(bare_address(value));
|
|
}
|
|
"proto" => {
|
|
scheme = Some(value);
|
|
}
|
|
"host" => {
|
|
host = Some(value);
|
|
}
|
|
"by" => {
|
|
// TODO: implement https://datatracker.ietf.org/doc/html/rfc7239#section-5.1
|
|
}
|
|
_ => {}
|
|
}
|
|
}
|
|
|
|
break 'forwaded;
|
|
}
|
|
}
|
|
|
|
if realip_remote_addr.is_none()
|
|
&& cfg.trusted_proxies().trust_header(&header::X_FORWARDED_FOR)
|
|
{
|
|
for value in req
|
|
.headers
|
|
.get_all(&header::X_FORWARDED_FOR)
|
|
.filter_map(|hdr| hdr.to_str().ok())
|
|
.flat_map(|vals| vals.split(','))
|
|
.rev()
|
|
{
|
|
if let Ok(ip) = bare_address(value).parse::<IpAddr>() {
|
|
if cfg.trusted_proxies().trust_ip(&ip) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
realip_remote_addr = Some(bare_address(value));
|
|
break;
|
|
}
|
|
}
|
|
|
|
if host.is_none()
|
|
&& cfg
|
|
.trusted_proxies()
|
|
.trust_header(&header::X_FORWARDED_HOST)
|
|
{
|
|
host = req
|
|
.headers
|
|
.get_all(&header::X_FORWARDED_HOST)
|
|
.filter_map(|hdr| hdr.to_str().ok())
|
|
.flat_map(|vals| vals.split(','))
|
|
.rev()
|
|
.next();
|
|
}
|
|
|
|
if scheme.is_none()
|
|
&& cfg
|
|
.trusted_proxies()
|
|
.trust_header(&header::X_FORWARDED_PROTO)
|
|
{
|
|
scheme = req
|
|
.headers
|
|
.get_all(&header::X_FORWARDED_PROTO)
|
|
.filter_map(|hdr| hdr.to_str().ok())
|
|
.flat_map(|vals| vals.split(','))
|
|
.rev()
|
|
.next();
|
|
}
|
|
|
|
(
|
|
host.unwrap_or_else(|| default_host(req, cfg)).to_string(),
|
|
scheme
|
|
.unwrap_or_else(|| default_scheme(req, cfg))
|
|
.to_string(),
|
|
Some(ip.to_string()),
|
|
realip_remote_addr.map(|s| s.to_string()),
|
|
)
|
|
}
|
|
}
|
|
};
|
|
|
|
ConnectionInfo {
|
|
host,
|
|
scheme,
|
|
peer_addr,
|
|
realip_remote_addr,
|
|
}
|
|
}
|
|
|
|
/// Real IP (remote address) of client that initiated request.
|
|
///
|
|
/// The address is resolved through the following, in order:
|
|
/// - `Forwarded` header
|
|
/// - `X-Forwarded-For` header
|
|
/// - peer address of opened socket (same as [`remote_addr`](Self::remote_addr))
|
|
///
|
|
/// # Security
|
|
/// Do not use this function for security purposes unless you can be sure that the `Forwarded`
|
|
/// and `X-Forwarded-For` headers cannot be spoofed by the client. If you are running without a
|
|
/// proxy then [obtaining the peer address](Self::peer_addr) would be more appropriate.
|
|
#[inline]
|
|
pub fn realip_remote_addr(&self) -> Option<&str> {
|
|
self.realip_remote_addr
|
|
.as_deref()
|
|
.or(self.peer_addr.as_deref())
|
|
}
|
|
|
|
/// Returns serialized IP address of the peer connection.
|
|
///
|
|
/// See [`HttpRequest::peer_addr`] for more details.
|
|
#[inline]
|
|
pub fn peer_addr(&self) -> Option<&str> {
|
|
self.peer_addr.as_deref()
|
|
}
|
|
|
|
/// Hostname of the request.
|
|
///
|
|
/// Hostname is resolved through the following, in order:
|
|
/// - `Forwarded` header
|
|
/// - `X-Forwarded-Host` header
|
|
/// - `Host` header
|
|
/// - request target / URI
|
|
/// - configured server hostname
|
|
#[inline]
|
|
pub fn host(&self) -> &str {
|
|
&self.host
|
|
}
|
|
|
|
/// Scheme of the request.
|
|
///
|
|
/// Scheme is resolved through the following, in order:
|
|
/// - `Forwarded` header
|
|
/// - `X-Forwarded-Proto` header
|
|
/// - request target / URI
|
|
#[inline]
|
|
pub fn scheme(&self) -> &str {
|
|
&self.scheme
|
|
}
|
|
|
|
#[doc(hidden)]
|
|
#[deprecated(since = "4.0.0", note = "Renamed to `peer_addr`.")]
|
|
pub fn remote_addr(&self) -> Option<&str> {
|
|
self.peer_addr()
|
|
}
|
|
}
|
|
|
|
impl FromRequest for ConnectionInfo {
|
|
type Error = Infallible;
|
|
type Future = Ready<Result<Self, Self::Error>>;
|
|
|
|
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
|
|
ok(req.connection_info().clone())
|
|
}
|
|
}
|
|
|
|
/// Extractor for peer's socket address.
|
|
///
|
|
/// Also see [`HttpRequest::peer_addr`] and [`ConnectionInfo::peer_addr`].
|
|
///
|
|
/// # Examples
|
|
/// ```
|
|
/// # use actix_web::Responder;
|
|
/// use actix_web::dev::PeerAddr;
|
|
///
|
|
/// async fn handler(peer_addr: PeerAddr) -> impl Responder {
|
|
/// let socket_addr = peer_addr.0;
|
|
/// socket_addr.to_string()
|
|
/// }
|
|
/// # let _svc = actix_web::web::to(handler);
|
|
/// ```
|
|
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, PartialOrd, Ord, Display)]
|
|
#[display("{}", _0)]
|
|
pub struct PeerAddr(pub SocketAddr);
|
|
|
|
impl PeerAddr {
|
|
/// Unwrap into inner `SocketAddr` value.
|
|
pub fn into_inner(self) -> SocketAddr {
|
|
self.0
|
|
}
|
|
}
|
|
|
|
#[derive(Debug, Display, Error)]
|
|
#[non_exhaustive]
|
|
#[display("Missing peer address")]
|
|
pub struct MissingPeerAddr;
|
|
|
|
impl ResponseError for MissingPeerAddr {}
|
|
|
|
impl FromRequest for PeerAddr {
|
|
type Error = MissingPeerAddr;
|
|
type Future = Ready<Result<Self, Self::Error>>;
|
|
|
|
fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future {
|
|
match req.peer_addr() {
|
|
Some(addr) => ok(PeerAddr(addr)),
|
|
None => {
|
|
log::error!("Missing peer address.");
|
|
err(MissingPeerAddr)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
use crate::{test::TestRequest, trusted_proxies::TrustedProxies};
|
|
|
|
const X_FORWARDED_FOR: &str = "x-forwarded-for";
|
|
const X_FORWARDED_HOST: &str = "x-forwarded-host";
|
|
const X_FORWARDED_PROTO: &str = "x-forwarded-proto";
|
|
|
|
#[test]
|
|
fn info_default() {
|
|
let req = TestRequest::default().to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "http");
|
|
assert_eq!(info.host(), "localhost:8080");
|
|
}
|
|
|
|
#[test]
|
|
fn host_header() {
|
|
let req = TestRequest::default()
|
|
.insert_header((header::HOST, "rust-lang.org"))
|
|
.to_http_request();
|
|
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "http");
|
|
assert_eq!(info.host(), "rust-lang.org");
|
|
assert_eq!(info.realip_remote_addr(), None);
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_for_header_trusted() {
|
|
let mut trusted_proxies = TrustedProxies::new_local();
|
|
trusted_proxies.add_trusted_header(header::X_FORWARDED_FOR);
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.set_trusted_proxies(trusted_proxies)
|
|
.insert_header((X_FORWARDED_FOR, "192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_for_header_trusted_multiple() {
|
|
let mut trusted_proxies = TrustedProxies::new_local();
|
|
trusted_proxies
|
|
.add_trusted_proxy("192.0.2.60")
|
|
.expect("failed to add trusted proxy");
|
|
trusted_proxies.add_trusted_header(header::X_FORWARDED_FOR);
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.set_trusted_proxies(trusted_proxies)
|
|
.append_header((X_FORWARDED_FOR, "240.10.56.47"))
|
|
.append_header((X_FORWARDED_FOR, "192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("240.10.56.47"));
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_for_header_untrusted() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((X_FORWARDED_FOR, "192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("127.0.0.1"));
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_host_header_trusted() {
|
|
let mut trusted_proxies = TrustedProxies::new_local();
|
|
trusted_proxies.add_trusted_header(header::X_FORWARDED_HOST);
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.set_trusted_proxies(trusted_proxies)
|
|
.insert_header((X_FORWARDED_HOST, "192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.host(), "192.0.2.60");
|
|
assert_eq!(info.realip_remote_addr(), Some("127.0.0.1"));
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_host_header_untrusted() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((X_FORWARDED_HOST, "192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.host(), "localhost:8080");
|
|
assert_eq!(info.realip_remote_addr(), Some("127.0.0.1"));
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_proto_header_trusted() {
|
|
let mut trusted_proxies = TrustedProxies::new_local();
|
|
trusted_proxies.add_trusted_header(header::X_FORWARDED_PROTO);
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.set_trusted_proxies(trusted_proxies)
|
|
.insert_header((X_FORWARDED_PROTO, "https"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "https");
|
|
}
|
|
|
|
#[test]
|
|
fn x_forwarded_proto_header_untrusted() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((X_FORWARDED_PROTO, "https"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "http");
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_header() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((
|
|
header::FORWARDED,
|
|
"for=192.0.2.60; proto=https; by=203.0.113.43; host=rust-lang.org",
|
|
))
|
|
.to_http_request();
|
|
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "https");
|
|
assert_eq!(info.host(), "rust-lang.org");
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((
|
|
header::FORWARDED,
|
|
"for=192.0.2.60; proto=https; by=203.0.113.43; host=rust-lang.org",
|
|
))
|
|
.to_http_request();
|
|
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "https");
|
|
assert_eq!(info.host(), "rust-lang.org");
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_case_sensitivity() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, "For=192.0.2.60"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_weird_whitespace() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, "for= 1.2.3.4; proto= https"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("1.2.3.4"));
|
|
assert_eq!(info.scheme(), "https");
|
|
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, " for = 1.2.3.4 "))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("1.2.3.4"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_for_quoted() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, r#"for="192.0.2.60:8080""#))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_for_ipv6() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, r#"for="[2001:db8:cafe::17]""#))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("2001:db8:cafe::17"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_for_ipv6_with_port() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, r#"for="[2001:db8:cafe::17]:4711""#))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.realip_remote_addr(), Some("2001:db8:cafe::17"));
|
|
}
|
|
|
|
#[test]
|
|
fn forwarded_for_multiple() {
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default()
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, "for=192.0.2.60, for=198.51.100.17"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
|
|
// takes the last untrusted value
|
|
assert_eq!(info.realip_remote_addr(), Some("198.51.100.17"));
|
|
|
|
let mut trusted_proxies = TrustedProxies::new_local();
|
|
trusted_proxies
|
|
.add_trusted_proxy("198.51.100.17")
|
|
.expect("Failed to add trusted proxy");
|
|
|
|
let req = TestRequest::default()
|
|
.set_trusted_proxies(trusted_proxies)
|
|
.peer_addr(addr)
|
|
.insert_header((header::FORWARDED, "for=192.0.2.60, for=198.51.100.17"))
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
|
|
// takes the last untrusted value
|
|
assert_eq!(info.realip_remote_addr(), Some("192.0.2.60"));
|
|
}
|
|
|
|
#[test]
|
|
fn scheme_from_uri() {
|
|
let req = TestRequest::get()
|
|
.uri("https://actix.rs/test")
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.scheme(), "https");
|
|
}
|
|
|
|
#[test]
|
|
fn host_from_uri() {
|
|
let req = TestRequest::get()
|
|
.uri("https://actix.rs/test")
|
|
.to_http_request();
|
|
let info = req.connection_info();
|
|
assert_eq!(info.host(), "actix.rs");
|
|
}
|
|
|
|
#[test]
|
|
fn host_from_server_hostname() {
|
|
let mut req = TestRequest::get();
|
|
req.set_server_hostname("actix.rs");
|
|
let req = req.to_http_request();
|
|
|
|
let info = req.connection_info();
|
|
assert_eq!(info.host(), "actix.rs");
|
|
}
|
|
|
|
#[actix_rt::test]
|
|
async fn conn_info_extract() {
|
|
let req = TestRequest::default()
|
|
.uri("https://actix.rs/test")
|
|
.to_http_request();
|
|
let conn_info = ConnectionInfo::extract(&req).await.unwrap();
|
|
assert_eq!(conn_info.scheme(), "https");
|
|
assert_eq!(conn_info.host(), "actix.rs");
|
|
}
|
|
|
|
#[actix_rt::test]
|
|
async fn peer_addr_extract() {
|
|
let req = TestRequest::default().to_http_request();
|
|
let res = PeerAddr::extract(&req).await;
|
|
assert!(res.is_err());
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default().peer_addr(addr).to_http_request();
|
|
let peer_addr = PeerAddr::extract(&req).await.unwrap();
|
|
assert_eq!(peer_addr, PeerAddr(addr));
|
|
}
|
|
|
|
#[actix_rt::test]
|
|
async fn remote_address() {
|
|
let req = TestRequest::default().to_http_request();
|
|
let res = ConnectionInfo::extract(&req).await.unwrap();
|
|
assert!(res.peer_addr().is_none());
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default().peer_addr(addr).to_http_request();
|
|
let conn_info = ConnectionInfo::extract(&req).await.unwrap();
|
|
assert_eq!(conn_info.peer_addr().unwrap(), "127.0.0.1");
|
|
}
|
|
|
|
#[actix_rt::test]
|
|
async fn real_ip_from_socket_addr() {
|
|
let req = TestRequest::default().to_http_request();
|
|
let res = ConnectionInfo::extract(&req).await.unwrap();
|
|
assert!(res.realip_remote_addr().is_none());
|
|
|
|
let addr = "127.0.0.1:8080".parse().unwrap();
|
|
let req = TestRequest::default().peer_addr(addr).to_http_request();
|
|
let conn_info = ConnectionInfo::extract(&req).await.unwrap();
|
|
assert_eq!(conn_info.realip_remote_addr().unwrap(), "127.0.0.1");
|
|
}
|
|
}
|