Set forwarded headers from trusted proxies only

2026-04-19 00:36:38 +00:00 · 2026-02-08 17:31:10 +08:00
parent 5190923c70
commit ed58659a01
12 changed files with 608 additions and 57 deletions
--- a/proxy/cmd/proxy/cmd/root.go
+++ b/proxy/cmd/proxy/cmd/root.go
@@ -44,6 +44,7 @@ var (
 	oidcEndpoint      string
 	oidcScopes        string
 	forwardedProto    string
+	trustedProxies    string
 )

 var rootCmd = &cobra.Command{
@@ -72,6 +73,7 @@ func init() {
 	rootCmd.Flags().StringVar(&oidcEndpoint, "oidc-endpoint", envStringOrDefault("NB_PROXY_OIDC_ENDPOINT", ""), "The OIDC Endpoint for OIDC User Authentication")
 	rootCmd.Flags().StringVar(&oidcScopes, "oidc-scopes", envStringOrDefault("NB_PROXY_OIDC_SCOPES", "openid,profile,email"), "The OAuth2 scopes for OIDC User Authentication, comma separated")
 	rootCmd.Flags().StringVar(&forwardedProto, "forwarded-proto", envStringOrDefault("NB_PROXY_FORWARDED_PROTO", "auto"), "X-Forwarded-Proto value for backends: auto, http, or https")
+	rootCmd.Flags().StringVar(&trustedProxies, "trusted-proxies", envStringOrDefault("NB_PROXY_TRUSTED_PROXIES", ""), "Comma-separated list of trusted upstream proxy CIDR ranges (e.g. '10.0.0.0/8,192.168.1.1')")
 }

 // Execute runs the root command.
@@ -113,6 +115,11 @@ func runServer(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("invalid --forwarded-proto value %q: must be auto, http, or https", forwardedProto)
 	}

+	parsedTrustedProxies, err := proxy.ParseTrustedProxies(trustedProxies)
+	if err != nil {
+		return fmt.Errorf("invalid --trusted-proxies: %w", err)
+	}
+
 	srv := proxy.Server{
 		Logger:                   logger,
 		Version:                  Version,
@@ -131,6 +138,7 @@ func runServer(cmd *cobra.Command, args []string) error {
 		OIDCEndpoint:             oidcEndpoint,
 		OIDCScopes:               strings.Split(oidcScopes, ","),
 		ForwardedProto:           forwardedProto,
+		TrustedProxies:           parsedTrustedProxies,
 	}

 	if err := srv.ListenAndServe(context.TODO(), addr); err != nil {