[Catalyst-commits] r6469 - in branches: . Catalyst-Runtime-proxystuff/lib Catalyst-Runtime-proxystuff/lib/Catalyst Catalyst-Runtime-proxystuff/lib/Catalyst/Engine Catalyst-Runtime-proxystuff/t

jrockway at dev.catalyst.perl.org jrockway at dev.catalyst.perl.org
Sun Jun 17 07:36:51 GMT 2007


Author: jrockway
Date: 2007-06-17 07:36:50 +0100 (Sun, 17 Jun 2007)
New Revision: 6469

Modified:
   branches/
   branches/Catalyst-Runtime-proxystuff/lib/Catalyst.pm
   branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine.pm
   branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine/CGI.pm
   branches/Catalyst-Runtime-proxystuff/t/live_engine_request_headers.t
Log:
 r26675 at foo:  jon | 2007-06-17 00:59:43 -0500
 committing Dave Rolsky's proxy improvements



Property changes on: branches
___________________________________________________________________
Name: svk:merge
   - d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst-branches:26674
   + d7608cd0-831c-0410-93c0-e5b306c3c028:/local/Catalyst-branches:26675

Modified: branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine/CGI.pm
===================================================================
--- branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine/CGI.pm	2007-06-17 06:36:40 UTC (rev 6468)
+++ branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine/CGI.pm	2007-06-17 06:36:50 UTC (rev 6469)
@@ -55,20 +55,6 @@
 
     $c->request->address( $ENV{REMOTE_ADDR} );
 
-  PROXY_CHECK:
-    {
-        unless ( $c->config->{using_frontend_proxy} ) {
-            last PROXY_CHECK if $ENV{REMOTE_ADDR} ne '127.0.0.1';
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
-        }
-        last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_FOR};
-
-        # If we are running as a backend server, the user will always appear
-        # as 127.0.0.1. Select the most recent upstream IP (last in the list)
-        my ($ip) = $ENV{HTTP_X_FORWARDED_FOR} =~ /([^,\s]+)$/;
-        $c->request->address($ip);
-    }
-
     $c->request->hostname( $ENV{REMOTE_HOST} );
     $c->request->protocol( $ENV{SERVER_PROTOCOL} );
     $c->request->user( $ENV{REMOTE_USER} );
@@ -119,22 +105,6 @@
         $base_path = $ENV{SCRIPT_NAME} || '/';
     }
 
-    # If we are running as a backend proxy, get the true hostname
-  PROXY_CHECK:
-    {
-        unless ( $c->config->{using_frontend_proxy} ) {
-            last PROXY_CHECK if $host !~ /localhost|127.0.0.1/;
-            last PROXY_CHECK if $c->config->{ignore_frontend_proxy};
-        }
-        last PROXY_CHECK unless $ENV{HTTP_X_FORWARDED_HOST};
-
-        $host = $ENV{HTTP_X_FORWARDED_HOST};
-
-        # backend could be on any port, so
-        # assume frontend is on the default port
-        $port = $c->request->secure ? 443 : 80;
-    }
-
     # set the request URI
     my $path = $base_path . ( $ENV{PATH_INFO} || '' );
     $path =~ s{^/+}{};

Modified: branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine.pm
===================================================================
--- branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine.pm	2007-06-17 06:36:40 UTC (rev 6468)
+++ branches/Catalyst-Runtime-proxystuff/lib/Catalyst/Engine.pm	2007-06-17 06:36:50 UTC (rev 6469)
@@ -397,6 +397,90 @@
 
 sub prepare_headers { }
 
+=head2 $self->adjust_request_for_proxy($c)
+
+Checks for the presence of various headers from a frontend proxy, and
+adjusts various aspects of the request if necessary.
+
+Specifically, this method does the following:
+
+=over 4
+
+=item
+
+If the config key "ignore_frontend_proxy" is true, no adjustments are
+made.
+
+=item
+
+If the config key "using_frontend_proxy" is I<not> true, then we do
+not make adjustments nuless the client's IP address is 127.0.0.1
+(localhost).
+
+=item
+
+We check for a number of headers, all starting with
+"X-Forwarded-". See L<Catalyst/"PROXY SUPPORT"> for details on how
+these headers are used.
+
+=cut
+
+sub adjust_request_for_proxy {
+    my ( $self, $c ) = @_;
+
+    return unless $self->_check_for_proxy($c);
+
+    # If we are running as a backend server, the user will always appear
+    # as 127.0.0.1. Select the most recent upstream IP (last in the list)
+    my ($ip) = $c->request->header('X-Forwarded-For') =~ /([^,\s]+)$/;
+    $c->request->address($ip);
+
+    my %uri;
+    $uri{host}   = $c->request->header('X-Forwarded-Host');
+    $uri{port}   = $c->request->header('X-Forwarded-Port');
+    $uri{path}   = $c->request->header('X-Forwarded-Path');
+    $uri{scheme} = 'https'
+      if $c->request->header('X-Forwarded-Is-SSL');
+
+    for my $k ( keys %uri ) {
+        delete $uri{$k} unless defined $uri{$k};
+    }
+
+    return unless keys %uri;
+
+    $c->request->hostname( $uri{host} )
+      if exists $uri{host};
+    $c->request->protocol( $uri{scheme} )
+      if exists $uri{scheme};
+    $c->request->secure(1)
+      if $uri{scheme} && $uri{scheme} eq 'https';
+
+    for my $meth ( qw( uri base ) ) {
+        my $uri = $c->request->$meth();
+
+        $uri->$_( $uri{$_} ) for qw( host port scheme );
+
+        if ( exists $uri{path} ) {
+            $uri{path} =~ s{/$}{};
+            my $path = $uri{path} . $uri->path();
+            $uri->path($path);
+        }
+
+        $c->request->$meth($uri);
+    }
+}
+
+sub _check_for_proxy {
+    my ( $self, $c ) = @_;
+
+    return 0 if $c->config->{ignore_frontend_proxy};
+
+    return 0 unless $c->config->{using_frontend_proxy}
+        || $c->request->address eq '127.0.0.1';
+
+    return 1;
+}
+
 =head2 $self->prepare_parameters($c)
 
 sets up parameters from query and post parameters.

Modified: branches/Catalyst-Runtime-proxystuff/lib/Catalyst.pm
===================================================================
--- branches/Catalyst-Runtime-proxystuff/lib/Catalyst.pm	2007-06-17 06:36:40 UTC (rev 6468)
+++ branches/Catalyst-Runtime-proxystuff/lib/Catalyst.pm	2007-06-17 06:36:50 UTC (rev 6469)
@@ -1588,6 +1588,7 @@
         $c->prepare_headers;
         $c->prepare_cookies;
         $c->prepare_path;
+        $c->adjust_request_for_proxy;
 
         # On-demand parsing
         $c->prepare_body unless $c->config->{parse_on_demand};
@@ -1713,6 +1714,14 @@
 
 sub prepare_path { my $c = shift; $c->engine->prepare_path( $c, @_ ) }
 
+=head2 $c->adjust_request_for_proxy
+
+Adjusts the request to account for a frontend proxy.
+
+=cut
+
+sub adjust_request_for_proxy { my $c = shift; $c->engine->adjust_request_for_proxy( $c, @_ ) }
+
 =head2 $c->prepare_query_parameters
 
 Prepares query parameters.
@@ -2256,12 +2265,39 @@
 the frontend and backend servers on the same machine. The following
 changes are made to the request.
 
-    $c->req->address is set to the user's real IP address, as read from 
-    the HTTP X-Forwarded-For header.
-    
-    The host value for $c->req->base and $c->req->uri is set to the real
-    host, as read from the HTTP X-Forwarded-Host header.
+=over 4
 
+=item * X-Forwarded-For
+
+The IP address in C<< $c->req->address >> is set to the user's real IP
+address, as read from the X-Forwarded-For header.
+
+=item * X-Forwarded-Host
+
+The host value for C<< $c->req->base >> and C<< $c->req->uri >> is set
+to the real host, as read from the X-Forwarded-Host header. The value
+of C<< $c->req->hostname >> is also adjusted accordingly.
+
+=item * X-Forwarded-Port
+
+The port value for C<< $c->req->base >> and C<< $c->req->uri >> is set
+to the real port, as read from the X-Forwarded-Port header.
+
+=item * X-Forwarded-Path
+
+If this is set, the value of the X-Forwarded-Path header is
+I<prepended> to the path value of C<< $c->req->base >> and C<<
+$c->req->uri >>.
+
+=item * X-Forwarded-Is-SSL
+
+If this is set, the scheme value of C<< $c->req->base >> and C<<
+$c->req->uri >> is set to "https". Additional, C<< $c->req->protocol
+>> is also set to "https", and C<< $c->req->secure >> is set to a true
+value.
+
+=back
+
 Obviously, your web server must support these headers for this to work.
 
 In a more complex server farm environment where you may have your

Modified: branches/Catalyst-Runtime-proxystuff/t/live_engine_request_headers.t
===================================================================
--- branches/Catalyst-Runtime-proxystuff/t/live_engine_request_headers.t	2007-06-17 06:36:40 UTC (rev 6468)
+++ branches/Catalyst-Runtime-proxystuff/t/live_engine_request_headers.t	2007-06-17 06:36:50 UTC (rev 6469)
@@ -6,7 +6,7 @@
 use FindBin;
 use lib "$FindBin::Bin/lib";
 
-use Test::More tests => 17;
+use Test::More tests => 27;
 use Catalyst::Test 'TestApp';
 
 use Catalyst::Request;
@@ -17,12 +17,18 @@
 {
     my $creq;
 
-    my $request = GET( 'http://localhost/dump/request', 
-        'User-Agent'       => 'MyAgen/1.0',
-        'X-Whats-Cool'     => 'Catalyst',
-        'X-Multiple'       => [ 1 .. 5 ],
-        'X-Forwarded-Host' => 'frontend.server.com',
-        'X-Forwarded-For'  => '192.168.1.1, 1.2.3.4',
+    my $request = GET(
+        'http://localhost/dump/request',
+        'User-Agent'         => 'MyAgen/1.0',
+        'X-Whats-Cool'       => 'Catalyst',
+        'X-Multiple'         => [ 1 .. 5 ],
+        'X-Forwarded-Host'   => 'frontend.server.com',
+        'X-Forwarded-For'    => '192.168.1.1, 1.2.3.4',
+        # Trailing slash is intentional - tests that we don't generate
+        # paths with doubled slashes
+        'X-Forwarded-Path'   => '/prefix/',
+        'X-Forwarded-Port'   => '12345',
+        'X-Forwarded-Is-SSL' => 1,
     );
  
     ok( my $response = request($request), 'Request' );
@@ -50,11 +56,21 @@
     SKIP:
     {
         if ( $ENV{CATALYST_SERVER} && $ENV{CATALYST_SERVER} !~ /127.0.0.1|localhost/ ) {
-            skip "Using remote server", 2;
+            skip "Using remote server", 12;
         }
     
-        is( $creq->base->host, 'frontend.server.com', 'Catalyst::Request proxied base' );
-        is( $creq->address, '1.2.3.4', 'Catalyst::Request proxied address' );
+        is( $creq->address, '1.2.3.4', 'X-Forwarded-For header => address()' );
+        is( $creq->hostname, 'frontend.server.com', 'X-Forwarded-Host header => hostname()' );
+        is( $creq->base->host, 'frontend.server.com', 'X-Forwarded-Host => base()->host()' );
+        is( $creq->uri->host, 'frontend.server.com', 'X-Forwarded-Host => uri()->host()' );
+        is( $creq->base->path, '/prefix/', 'X-Forwarded-Path => base()->path()' );
+        is( $creq->uri->path, '/prefix/dump/request', 'X-Forwarded-Path => uri()->path()' );
+        is( $creq->base->port, 12345, 'X-Forwarded-Port => base()->port()' );
+        is( $creq->uri->port, 12345, 'X-Forwarded-Port => uri()->port()' );
+        is( $creq->protocol, 'https', 'X-Forwarded-Is-Secure => protocol()' );
+        ok( $creq->secure, 'X-Forwarded-Is-Secure => secure()' );
+        is( $creq->base->scheme, 'https', 'X-Forwarded-Is-Secure => base()->scheme()' );
+        is( $creq->uri->scheme, 'https', 'X-Forwarded-Is-Secure => uri()->scheme()' );
     }
 
     SKIP:




More information about the Catalyst-commits mailing list