Commit 6a93db943a189f0927c3964bd8d7efbdac25e2d9 - klaus

Add ProxyFix, deprecate SubUri (incorrect behavior) Jonas Haag 9 years ago

2 changed file(s) with 50 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all

-2

klaus/__init__.py less more

119	119	use_smarthttp,
120	120	ctags_policy,
121	121	)
122		app.wsgi_app = utils.SubUri(app.wsgi_app)
	122	app.wsgi_app = utils.ProxyFix(app.wsgi_app)
123	123
124	124	if use_smarthttp:
125	125	# `path -> Repo` mapping for Dulwich's web support

132	132	backend=dulwich_backend,
133	133	fallback_app=app.wsgi_app,
134	134	)
135		dulwich_wrapped_app = utils.SubUri(dulwich_wrapped_app)
	135	dulwich_wrapped_app = utils.ProxyFix(dulwich_wrapped_app)
136	136
137	137	# `receive-pack` is requested by the "client" on a push
138	138	# (the "server" is asked to receive packs), i.e. we need to secure

+48

-0

klaus/utils.py less more

4	4	import datetime
5	5	import mimetypes
6	6	import locale
	7	import warnings
7	8	import six
8	9	try:
9	10	import chardet
10	11	except ImportError:
11	12	chardet = None
12	13
	14	from werkzeug.contrib.fixers import ProxyFix as WerkzeugProxyFix
13	15	from humanize import naturaltime
	16
	17
	18	class ProxyFix(WerkzeugProxyFix):
	19	"""This middleware can be applied to add HTTP (reverse) proxy support to a
	20	WSGI application (klaus), making it possible to:
	21
	22	* Mount it under a sub-URL (http://example.com/git/...)
	23	* Use a different HTTP scheme (HTTP vs. HTTPS)
	24	* Make it appear under a different domain altogether
	25
	26	It sets `REMOTE_ADDR`, `HTTP_HOST` and `wsgi.url_scheme` from `X-Forwarded-*`
	27	headers. It also sets `SCRIPT_NAME` from the `X-Script-Name` header.
	28
	29	For instance if you have klaus mounted under /git/ and your site uses SSL
	30	(but your proxy doesn't), make the proxy pass ::
	31
	32	X-Script-Name = '/git'
	33	X-Forwarded-Proto = 'https'
	34	...
	35
	36	If you have more than one proxy server in front of your app, set
	37	`num_proxies` accordingly.
	38
	39	Do not use this middleware in non-proxy setups for security reasons.
	40
	41	The original values of `REMOTE_ADDR` and `HTTP_HOST` are stored in
	42	the WSGI environment as `werkzeug.proxy_fix.orig_remote_addr` and
	43	`werkzeug.proxy_fix.orig_http_host`.
	44
	45	:param app: the WSGI application
	46	:param num_proxies: the number of proxy servers in front of the app.
	47	"""
	48	def __call__(self, environ, start_response):
	49	script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
	50	if script_name.endswith('/'):
	51	warnings.warn(
	52	"'X-Script-Name' header should not end in '/' (found: %r). "
	53	"Please fix your proxy's configuration." % script_name)
	54	script_name = script_name.rstrip('/')
	55	environ['SCRIPT_NAME'] = script_name
	56	return super(ProxyFix, self).__call__(environ, start_response)
14	57
15	58
16	59	class SubUri(object):

30	73	Snippet stolen from http://flask.pocoo.org/snippets/35/
31	74	"""
32	75	def __init__(self, app):
	76	warnings.warn(
	77	"'klaus.utils.SubUri' is deprecated and will be removed. "
	78	"Please upgrade your code to use 'klaus.utils.ProxyFix' instead.",
	79	DeprecationWarning
	80	)
33	81	self.app = app
34	82
35	83	def __call__(self, environ, start_response):