Support reverse proxy's real IP header
This commit is contained in:
@@ -16,7 +16,10 @@ skin_root_url = http://localhost:8080
|
|||||||
|
|
||||||
[server]
|
[server]
|
||||||
;服务监听地址
|
;服务监听地址
|
||||||
server_address = :8080
|
server_address = :8080
|
||||||
|
|
||||||
|
;反向代理信任地址
|
||||||
|
trusted_proxies = 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
; Database driver type, mysql or sqlite
|
; Database driver type, mysql or sqlite
|
||||||
|
|||||||
29
main.go
29
main.go
@@ -29,7 +29,6 @@ import (
|
|||||||
"gopkg.in/ini.v1"
|
"gopkg.in/ini.v1"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
@@ -52,6 +51,11 @@ type MetaCfg struct {
|
|||||||
SkinRootUrl string `ini:"skin_root_url"`
|
SkinRootUrl string `ini:"skin_root_url"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type ServerCfg struct {
|
||||||
|
ServerAddress string `ini:"server_address"`
|
||||||
|
TrustedProxies []string `ini:"trusted_proxies"`
|
||||||
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
configFilePath := "config.ini"
|
configFilePath := "config.ini"
|
||||||
cfg, err := ini.LooseLoad(configFilePath)
|
cfg, err := ini.LooseLoad(configFilePath)
|
||||||
@@ -80,19 +84,32 @@ func main() {
|
|||||||
pathSection := cfg.Section("paths")
|
pathSection := cfg.Section("paths")
|
||||||
privateKeyPath := pathSection.Key("private_key_file").MustString("private.pem")
|
privateKeyPath := pathSection.Key("private_key_file").MustString("private.pem")
|
||||||
publicKeyPath := pathSection.Key("public_key_file").MustString("public.pem")
|
publicKeyPath := pathSection.Key("public_key_file").MustString("public.pem")
|
||||||
address := cfg.Section("server").Key("server_address").MustString(":8080")
|
serverCfg := ServerCfg{
|
||||||
|
ServerAddress: ":8080",
|
||||||
|
TrustedProxies: []string{
|
||||||
|
"127.0.0.0/8",
|
||||||
|
"10.0.0.0/8",
|
||||||
|
"192.168.0.0/16",
|
||||||
|
"172.16.0.0/12",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
err = cfg.Section("server").MapTo(&serverCfg)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("无法读取配置文件", err)
|
||||||
|
}
|
||||||
_, err = os.Stat(configFilePath)
|
_, err = os.Stat(configFilePath)
|
||||||
if err != nil && os.IsNotExist(err) {
|
if err != nil && os.IsNotExist(err) {
|
||||||
log.Println("配置文件不存在,已使用默认配置")
|
log.Println("配置文件不存在,已使用默认配置")
|
||||||
_ = cfg.Section("meta").ReflectFrom(&meta)
|
_ = cfg.Section("meta").ReflectFrom(&meta)
|
||||||
_ = cfg.Section("database").ReflectFrom(&dbCfg)
|
_ = cfg.Section("database").ReflectFrom(&dbCfg)
|
||||||
|
_ = cfg.Section("server").ReflectFrom(&serverCfg)
|
||||||
err = cfg.SaveToIndent(configFilePath, " ")
|
err = cfg.SaveToIndent(configFilePath, " ")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("警告: 无法保存配置文件", err)
|
log.Println("警告: 无法保存配置文件", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
checkRsaKeyFile(privateKeyPath, publicKeyPath)
|
checkRsaKeyFile(privateKeyPath, publicKeyPath)
|
||||||
publicKeyContent, err := ioutil.ReadFile(publicKeyPath)
|
publicKeyContent, err := os.ReadFile(publicKeyPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("无法读取公钥内容", err)
|
log.Fatal("无法读取公钥内容", err)
|
||||||
}
|
}
|
||||||
@@ -117,6 +134,10 @@ func main() {
|
|||||||
serverMeta.SkinDomains = meta.SkinDomains
|
serverMeta.SkinDomains = meta.SkinDomains
|
||||||
serverMeta.SignaturePublickey = string(publicKeyContent)
|
serverMeta.SignaturePublickey = string(publicKeyContent)
|
||||||
r := gin.Default()
|
r := gin.Default()
|
||||||
|
err = r.SetTrustedProxies(serverCfg.TrustedProxies)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
router.InitRouters(r, db, &serverMeta, meta.SkinRootUrl)
|
router.InitRouters(r, db, &serverMeta, meta.SkinRootUrl)
|
||||||
assetsFs, err := fs.Sub(f, "assets")
|
assetsFs, err := fs.Sub(f, "assets")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -124,7 +145,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
r.StaticFS("/profile", http.FS(assetsFs))
|
r.StaticFS("/profile", http.FS(assetsFs))
|
||||||
srv := &http.Server{
|
srv := &http.Server{
|
||||||
Addr: address,
|
Addr: serverCfg.ServerAddress,
|
||||||
Handler: r,
|
Handler: r,
|
||||||
}
|
}
|
||||||
go func() {
|
go func() {
|
||||||
|
|||||||
@@ -26,10 +26,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl string) {
|
func InitRouters(router *gin.Engine, db *gorm.DB, meta *ServerMeta, skinRootUrl string) {
|
||||||
err := router.SetTrustedProxies([]string{"127.0.0.1"})
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
router.Use(cors.New(cors.Config{
|
router.Use(cors.New(cors.Config{
|
||||||
AllowAllOrigins: true,
|
AllowAllOrigins: true,
|
||||||
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "HEAD"},
|
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "HEAD"},
|
||||||
|
|||||||
Reference in New Issue
Block a user