Fix custom trusted proxies configuration (#104)

alexander-schranz · web-flow · commit fc328b4186fd · 2021-11-30T07:47:10.000+01:00
diff --git a/src/LaravelHttpHandler.php b/src/LaravelHttpHandler.php
@@ -21,6 +21,8 @@ class LaravelHttpHandler extends HttpHandler
     public function __construct(Kernel $kernel)
     {
         $this->kernel = $kernel;
+
+        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
     }
 
     public function handleRequest(HttpRequestEvent $event, Context $context): HttpResponse
diff --git a/src/SymfonyHttpHandler.php b/src/SymfonyHttpHandler.php
@@ -6,6 +6,7 @@
 use Bref\Event\Http\HttpHandler;
 use Bref\Event\Http\HttpRequestEvent;
 use Bref\Event\Http\HttpResponse;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\HttpKernel\TerminableInterface;
 
@@ -21,6 +22,8 @@ class SymfonyHttpHandler extends HttpHandler
     public function __construct(HttpKernelInterface $kernel)
     {
         $this->kernel = $kernel;
+
+        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
     }
 
     public function handleRequest(HttpRequestEvent $event, Context $context): HttpResponse
diff --git a/src/SymfonyRequestBridge.php b/src/SymfonyRequestBridge.php
@@ -22,8 +22,6 @@ class SymfonyRequestBridge
 {
     public static function convertRequest(HttpRequestEvent $event, Context $context): Request
     {
-        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
-
         // CGI Version 1.1 - Section 4.1
         $server = array_filter([
             'AUTH_TYPE' => $event->getHeaders()['auth-type'] ?? null, // 4.1.1
diff --git a/tests/SymfonyRequestBridgeTest.php b/tests/SymfonyRequestBridgeTest.php
@@ -7,6 +7,7 @@
 use PHPUnit\Framework\TestCase;
 use Runtime\Bref\SymfonyRequestBridge;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
+use Symfony\Component\HttpFoundation\Request;
 
 class SymfonyRequestBridgeTest extends TestCase
 {
@@ -150,6 +151,9 @@ public function testLambdaContext()
 
     private function getContext()
     {
+        // this is set in LaravelHttpHandler and SymfonyHttpHandler to allow overwrite of this value
+        Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
+
         return new Context('id', 1000, 'function', 'trace');
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ class LaravelHttpHandler extends HttpHandler`
`21`	`21`	`public function __construct(Kernel $kernel)`
`22`	`22`	`{`
`23`	`23`	`$this->kernel = $kernel;`
	`24`	`+`
	`25`	`+ Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR \| Request::HEADER_X_FORWARDED_HOST \| Request::HEADER_X_FORWARDED_PORT \| Request::HEADER_X_FORWARDED_PROTO);`
`24`	`26`	`}`
`25`	`27`
`26`	`28`	`public function handleRequest(HttpRequestEvent $event, Context $context): HttpResponse`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`use Bref\Event\Http\HttpHandler;`
`7`	`7`	`use Bref\Event\Http\HttpRequestEvent;`
`8`	`8`	`use Bref\Event\Http\HttpResponse;`
	`9`	`+use Symfony\Component\HttpFoundation\Request;`
`9`	`10`	`use Symfony\Component\HttpKernel\HttpKernelInterface;`
`10`	`11`	`use Symfony\Component\HttpKernel\TerminableInterface;`
`11`	`12`
`@@ -21,6 +22,8 @@ class SymfonyHttpHandler extends HttpHandler`
`21`	`22`	`public function __construct(HttpKernelInterface $kernel)`
`22`	`23`	`{`
`23`	`24`	`$this->kernel = $kernel;`
	`25`	`+`
	`26`	`+ Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR \| Request::HEADER_X_FORWARDED_HOST \| Request::HEADER_X_FORWARDED_PORT \| Request::HEADER_X_FORWARDED_PROTO);`
`24`	`27`	`}`
`25`	`28`
`26`	`29`	`public function handleRequest(HttpRequestEvent $event, Context $context): HttpResponse`
Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,6 @@ class SymfonyRequestBridge`
`22`	`22`	`{`
`23`	`23`	`public static function convertRequest(HttpRequestEvent $event, Context $context): Request`
`24`	`24`	`{`
`25`		`- Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR \| Request::HEADER_X_FORWARDED_HOST \| Request::HEADER_X_FORWARDED_PORT \| Request::HEADER_X_FORWARDED_PROTO);`
`26`		`-`
`27`	`25`	`// CGI Version 1.1 - Section 4.1`
`28`	`26`	`$server = array_filter([`
`29`	`27`	`'AUTH_TYPE' => $event->getHeaders()['auth-type'] ?? null, // 4.1.1`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`use PHPUnit\Framework\TestCase;`
`8`	`8`	`use Runtime\Bref\SymfonyRequestBridge;`
`9`	`9`	`use Symfony\Component\HttpFoundation\File\UploadedFile;`
	`10`	`+use Symfony\Component\HttpFoundation\Request;`
`10`	`11`
`11`	`12`	`class SymfonyRequestBridgeTest extends TestCase`
`12`	`13`	`{`
`@@ -150,6 +151,9 @@ public function testLambdaContext()`
`150`	`151`
`151`	`152`	`private function getContext()`
`152`	`153`	`{`
	`154`	`+ // this is set in LaravelHttpHandler and SymfonyHttpHandler to allow overwrite of this value`
	`155`	`+ Request::setTrustedProxies(['127.0.0.1'], Request::HEADER_X_FORWARDED_FOR \| Request::HEADER_X_FORWARDED_HOST \| Request::HEADER_X_FORWARDED_PORT \| Request::HEADER_X_FORWARDED_PROTO);`
	`156`	`+`
`153`	`157`	`return new Context('id', 1000, 'function', 'trace');`
`154`	`158`	`}`
`155`	`159`	`}`