change: trust proxy option
This commit is contained in:
parent
1006a2b1c1
commit
80b083f1aa
5 changed files with 54 additions and 6 deletions
|
|
@ -1,5 +1,6 @@
|
|||
import "dotenv/config";
|
||||
import ms from "ms";
|
||||
import ip from "ip";
|
||||
|
||||
export const DB_TYPE = process.env.DB_TYPE ?? "mysql";
|
||||
export const DB_HOST = process.env.DB_HOST ?? "";
|
||||
|
|
@ -35,6 +36,24 @@ export const USE_SECURITY_LIMIT = process.env.USE_SECURITY_LIMIT ?? "true";
|
|||
export const SECURITY_LIMIT_WINDOW = process.env.SECURITY_LIMIT_WINDOW ?? "1m";
|
||||
export const SECURITY_LIMIT_REQUEST_COUNT = Number(process.env.SECURITY_LIMIT_REQUEST_COUNT ?? "500");
|
||||
|
||||
export const TRUST_PROXY = ((): Array<string> | string | boolean | number | null => {
|
||||
const proxyVal = process.env.TRUST_PROXY;
|
||||
if (!proxyVal) return null;
|
||||
if (proxyVal == "true" || proxyVal == "false") {
|
||||
return proxyVal == "true";
|
||||
}
|
||||
if (!isNaN(Number(proxyVal))) {
|
||||
return Number(proxyVal);
|
||||
}
|
||||
if (proxyVal.includes(",") && proxyVal.split(",").every((pv) => ip.isV4Format(pv) || ip.isV6Format(pv))) {
|
||||
return proxyVal.split(",");
|
||||
}
|
||||
if (ip.isV4Format(proxyVal) || ip.isV6Format(proxyVal)) {
|
||||
return proxyVal;
|
||||
}
|
||||
return null;
|
||||
})();
|
||||
|
||||
export function configCheck() {
|
||||
if (DB_TYPE != "mysql" && DB_TYPE != "sqlite" && DB_TYPE != "postgres")
|
||||
throw new Error("set valid value to DB_TYPE (mysql|sqlite|postgres)");
|
||||
|
|
@ -46,7 +65,7 @@ export function configCheck() {
|
|||
if ((DB_PASSWORD == "" || typeof DB_PASSWORD != "string") && DB_TYPE != "sqlite")
|
||||
throw new Error("set valid value to DB_PASSWORD");
|
||||
|
||||
if (typeof SERVER_PORT != "number") throw new Error("set valid numeric value to SERVER_PORT");
|
||||
if (isNaN(SERVER_PORT)) throw new Error("set valid numeric value to SERVER_PORT");
|
||||
|
||||
if (JWT_SECRET == "" || typeof JWT_SECRET != "string") throw new Error("set valid value to JWT_SECRET");
|
||||
checkMS(JWT_EXPIRATION, "JWT_EXPIRATION");
|
||||
|
|
@ -56,7 +75,7 @@ export function configCheck() {
|
|||
if (MAIL_USERNAME == "" || typeof MAIL_USERNAME != "string") throw new Error("set valid value to MAIL_USERNAME");
|
||||
if (MAIL_PASSWORD == "" || typeof MAIL_PASSWORD != "string") throw new Error("set valid value to MAIL_PASSWORD");
|
||||
if (MAIL_HOST == "" || typeof MAIL_HOST != "string") throw new Error("set valid value to MAIL_HOST");
|
||||
if (typeof MAIL_PORT != "number") throw new Error("set valid numeric value to MAIL_PORT");
|
||||
if (isNaN(MAIL_PORT)) throw new Error("set valid numeric value to MAIL_PORT");
|
||||
if (MAIL_SECURE != "true" && MAIL_SECURE != "false") throw new Error("set 'true' or 'false' to MAIL_SECURE");
|
||||
|
||||
if (
|
||||
|
|
@ -73,13 +92,16 @@ export function configCheck() {
|
|||
if (USE_SECURITY_STRICT_LIMIT != "true" && USE_SECURITY_STRICT_LIMIT != "false")
|
||||
throw new Error("set 'true' or 'false' to USE_SECURITY_STRICT_LIMIT");
|
||||
checkMS(SECURITY_STRICT_LIMIT_WINDOW, "SECURITY_STRICT_LIMIT_WINDOW");
|
||||
if (typeof SECURITY_STRICT_LIMIT_REQUEST_COUNT != "number")
|
||||
if (isNaN(SECURITY_STRICT_LIMIT_REQUEST_COUNT))
|
||||
throw new Error("set valid numeric value to SECURITY_STRICT_LIMIT_REQUEST_COUNT");
|
||||
if (USE_SECURITY_LIMIT != "true" && USE_SECURITY_LIMIT != "false")
|
||||
throw new Error("set 'true' or 'false' to USE_SECURITY_LIMIT");
|
||||
checkMS(SECURITY_LIMIT_WINDOW, "SECURITY_LIMIT_WINDOW");
|
||||
if (typeof SECURITY_LIMIT_REQUEST_COUNT != "number")
|
||||
throw new Error("set valid numeric value to SECURITY_LIMIT_REQUEST_COUNT");
|
||||
if (isNaN(SECURITY_LIMIT_REQUEST_COUNT)) throw new Error("set valid numeric value to SECURITY_LIMIT_REQUEST_COUNT");
|
||||
|
||||
if (!TRUST_PROXY && process.env.TRUST_PROXY) {
|
||||
throw new Error("set valid boolean, number, ip or ips value to TRUST_PROXY");
|
||||
}
|
||||
}
|
||||
|
||||
function checkMS(input: string, origin: string) {
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import {
|
|||
SECURITY_LIMIT_WINDOW,
|
||||
SECURITY_STRICT_LIMIT_REQUEST_COUNT,
|
||||
SECURITY_STRICT_LIMIT_WINDOW,
|
||||
TRUST_PROXY,
|
||||
USE_SECURITY_LIMIT,
|
||||
USE_SECURITY_STRICT_LIMIT,
|
||||
} from "../env.defaults";
|
||||
|
|
@ -62,6 +63,9 @@ function excludePaths(middleware: RequestHandler, excludedPaths: Array<string>)
|
|||
}
|
||||
|
||||
export default (app: Express) => {
|
||||
if (TRUST_PROXY) {
|
||||
app.set("trust proxy", TRUST_PROXY);
|
||||
}
|
||||
app.set("query parser", "extended");
|
||||
app.use(cors());
|
||||
app.options("*", cors());
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue