From aacd50ff3020d6c216cd21000669af119d96e514 Mon Sep 17 00:00:00 2001 From: jasonleong Date: Mon, 25 Dec 2023 11:08:32 +0800 Subject: [PATCH 1/4] Update deno-deploy.ts add x-forwarded-for header --- src/runtime/entries/deno-deploy.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/runtime/entries/deno-deploy.ts b/src/runtime/entries/deno-deploy.ts index a31ed807c0..cb73053e9c 100644 --- a/src/runtime/entries/deno-deploy.ts +++ b/src/runtime/entries/deno-deploy.ts @@ -3,12 +3,14 @@ import "#internal/nitro/virtual/polyfill"; import { nitroApp } from "../app"; // @ts-expect-error unknown global Deno -Deno.serve((request: Request) => { - return handleRequest(request); +Deno.serve((request,info) => { + return handleRequest(request,info); }); -async function handleRequest(request: Request) { +async function handleRequest(request: Request,info) { const url = new URL(request.url); + const headers = new Headers(request.headers); + headers.set("x-forwarded-for", info.remoteAddr.hostname);//add x-forwarded-for header. // https://deno.land/api?s=Body let body; From 532ef9ec94f68a204213a478c35a184cf27ed447 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Date: Thu, 4 Jan 2024 20:05:22 +0100 Subject: [PATCH 2/4] update, fixes and x-forwarded-proto --- src/runtime/entries/deno-deploy.ts | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/runtime/entries/deno-deploy.ts b/src/runtime/entries/deno-deploy.ts index cb73053e9c..af250bb25f 100644 --- a/src/runtime/entries/deno-deploy.ts +++ b/src/runtime/entries/deno-deploy.ts @@ -2,15 +2,31 @@ import "#internal/nitro/virtual/polyfill"; // @ts-ignore import { nitroApp } from "../app"; +// https://deno.land/api?s=Deno.ServeHandlerInfo +type ServeHandlerInfo = { + remoteAddr: { + transport: "tcp" | "udp"; + hostname: string; + port: number; + }; +}; + // @ts-expect-error unknown global Deno -Deno.serve((request,info) => { - return handleRequest(request,info); +Deno.serve((request, info) => { + return handleRequest(request, info); }); -async function handleRequest(request: Request,info) { +async function handleRequest(request: Request, info: ServeHandlerInfo) { const url = new URL(request.url); + const headers = new Headers(request.headers); - headers.set("x-forwarded-for", info.remoteAddr.hostname);//add x-forwarded-for header. + if (!headers.has("x-forwarded-for") && info?.remoteAddr?.hostname) { + headers.set("x-forwarded-for", info.remoteAddr.hostname); + } + if (!headers.has("x-forwarded-proto")) { + // TODO: There is currently no way to know if the request was made over HTTP or HTTPS but deno deploy force redirects to HTTPS so we assume HTTPS by default. + headers.set("x-forwarded-proto", "https"); + } // https://deno.land/api?s=Body let body; @@ -21,7 +37,7 @@ async function handleRequest(request: Request,info) { return nitroApp.localFetch(url.pathname + url.search, { host: url.hostname, protocol: url.protocol, - headers: request.headers, + headers, method: request.method, redirect: request.redirect, body, From c02ad8d92cfe7ce787e5dccfd5ade4a24f2503e3 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Date: Thu, 4 Jan 2024 20:07:04 +0100 Subject: [PATCH 3/4] update comment --- src/runtime/entries/deno-deploy.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/runtime/entries/deno-deploy.ts b/src/runtime/entries/deno-deploy.ts index af250bb25f..91414f1e5c 100644 --- a/src/runtime/entries/deno-deploy.ts +++ b/src/runtime/entries/deno-deploy.ts @@ -24,7 +24,8 @@ async function handleRequest(request: Request, info: ServeHandlerInfo) { headers.set("x-forwarded-for", info.remoteAddr.hostname); } if (!headers.has("x-forwarded-proto")) { - // TODO: There is currently no way to know if the request was made over HTTP or HTTPS but deno deploy force redirects to HTTPS so we assume HTTPS by default. + // There is currently no way to know if the request was made over HTTP or HTTPS + // Deno deploy force redirects to HTTPS so we assume HTTPS by default headers.set("x-forwarded-proto", "https"); } From 7edfce0c35af6ed0c108c538f9e4f006aa2bfbb4 Mon Sep 17 00:00:00 2001 From: Pooya Parsa Date: Thu, 4 Jan 2024 20:15:22 +0100 Subject: [PATCH 4/4] use append --- src/runtime/entries/deno-deploy.ts | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/runtime/entries/deno-deploy.ts b/src/runtime/entries/deno-deploy.ts index 91414f1e5c..c23d34d390 100644 --- a/src/runtime/entries/deno-deploy.ts +++ b/src/runtime/entries/deno-deploy.ts @@ -20,12 +20,14 @@ async function handleRequest(request: Request, info: ServeHandlerInfo) { const url = new URL(request.url); const headers = new Headers(request.headers); - if (!headers.has("x-forwarded-for") && info?.remoteAddr?.hostname) { - headers.set("x-forwarded-for", info.remoteAddr.hostname); - } + + // Add client IP address to headers + // (rightmost is most trustable) + headers.append("x-forwarded-for", info.remoteAddr.hostname); + + // There is currently no way to know if the request was made over HTTP or HTTPS + // Deno deploy force redirects to HTTPS so we assume HTTPS by default if (!headers.has("x-forwarded-proto")) { - // There is currently no way to know if the request was made over HTTP or HTTPS - // Deno deploy force redirects to HTTPS so we assume HTTPS by default headers.set("x-forwarded-proto", "https"); }