Add trusted proxies as an env var

2022-04-14 11:34:40 +02:00 · 2022-04-14 11:34:40 +02:00 · bf495f9019
parent 0b0cf5603f
commit bf495f9019
5 changed files with 25 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -146,6 +146,12 @@ WEBAUTHN_ICON=

 WEBAUTHN_USER_VERIFICATION=

+# Use this setting to declare trusted proxied.
+# Supported:
+#   '*': to trust any proxy
+#   A comma separated IP list: The list of proxies IP to trust
+
+TRUSTED_PROXIES=

 # Leave the following configuration vars as is.
 # Unless you like to tinker and know what you're doing.
--- a/5
+++ b/5
@ -191,6 +191,11 @@ ENV \
    #   'preferred' (default) : Will ask for user verification IF POSSIBLE
    #   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
    WEBAUTHN_USER_VERIFICATION= \
+    # Use this setting to declare trusted proxied.
+    # Supported:
+    #   '*': to trust any proxy
+    #   A comma separated IP list: The list of proxies IP to trust
+    TRUSTED_PROXIES= \
    # Leave the following configuration vars as is.
    # Unless you like to tinker and know what you're doing.
    BROADCAST_DRIVER=log \
--- a/app/Http/Middleware/TrustProxies.php
+++ b/app/Http/Middleware/TrustProxies.php
@ -25,4 +25,12 @@ class TrustProxies extends Middleware
        Request::HEADER_X_FORWARDED_PORT |
        Request::HEADER_X_FORWARDED_PROTO |
        Request::HEADER_X_FORWARDED_AWS_ELB;
+
+    /**
+     * TrustProxies constructor.
+     */
+    public function __construct()
+    {
+        $this->proxies = (string) config('2fauth.config.trustedProxies');
+    }
 }
--- a/config/2fauth.php
+++ b/config/2fauth.php
@ -20,6 +20,7 @@ return [

    'config' => [
        'isDemoApp' => env('IS_DEMO_APP', false),
+        'trustedProxies' => env('TRUSTED_PROXIES', null),
    ],

    /*
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -91,6 +91,11 @@ services:
      #   'preferred' (default) : Will ask for user verification IF POSSIBLE
      #   'discouraged' : Will NOT ask for user verification (for example, to minimize disruption to the user interaction flow)
      - WEBAUTHN_USER_VERIFICATION=
+      # Use this setting to declare trusted proxied.
+      # Supported:
+      #   '*': to trust any proxy
+      #   A comma separated IP list: The list of proxies IP to trust
+      - TRUSTED_PROXIES=
      # Leave the following configuration vars as is.
      # Unless you like to tinker and know what you're doing.
      - BROADCAST_DRIVER=log