From 3d09dbb8bd8a6e436b9984930a1805fbb4725460 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Jan 20 2016 08:28:45 +0000 Subject: Add the Proxy flask extension --- diff --git a/pagure/proxy.py b/pagure/proxy.py new file mode 100644 index 0000000..d9e0fe2 --- /dev/null +++ b/pagure/proxy.py @@ -0,0 +1,71 @@ +# -*- coding: utf-8 -*- +# +# Copyright © 2014 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions +# of the GNU General Public License v.2, or (at your option) any later +# version. This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY expressed or implied, including the +# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. You +# should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# Any Red Hat trademarks that are incorporated in the source +# code or documentation are not subject to the GNU General Public +# License and may only be used or replicated with the express permission +# of Red Hat, Inc. +# + +''' +Makes pagure an application behind a reverse proxy and thus ensure the +redirects are using ``https``. + +Source: http://flask.pocoo.org/snippets/35/ by Peter Hansen +''' + + +class ReverseProxied(object): # pragma: no cover + '''Wrap the application in this middleware and configure the + front-end server to add these headers, to let you quietly bind + this to a URL other than / and to an HTTP scheme that is + different than what is used locally. + + In nginx: + location /myprefix { + proxy_pass http://192.168.0.1:5001; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /myprefix; + } + In apache: + RequestHeader set X-Forwarded-Scheme https early + RequestHeader set X-Scheme https early + RequestHeader add X-Script-Name /myprefix early + RequestHeader set X-Forwarded-Proto https early + + :param app: the WSGI application + ''' + def __init__(self, app): + self.app = app + + def __call__(self, environ, start_response): + script_name = environ.get('HTTP_X_SCRIPT_NAME', '') + if script_name: + environ['SCRIPT_NAME'] = script_name + path_info = environ['PATH_INFO'] + if path_info.startswith(script_name): + environ['PATH_INFO'] = path_info[len(script_name):] + + server = environ.get('HTTP_X_FORWARDED_HOST', '') + if server: + environ['HTTP_HOST'] = server + + scheme = environ.get('HTTP_X_SCHEME', '') + if scheme: + environ['wsgi.url_scheme'] = scheme + + return self.app(environ, start_response)