From b0307e5cafa71724503684575bcece762b203723 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Tue, 31 Mar 2020 21:31:20 -0700 Subject: Finally fixed the guardIP thing Turns out the ultimate reason was that I wasn't actually returning out of the handler, I was just setting the HTTP status. Now I'm sure that it works correctly. --- Run/Que/Server.hs | 22 ++++++++++------------ Run/Que/service.nix | 3 ++- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/Run/Que/Server.hs b/Run/Que/Server.hs index e0327a5..218c821 100644 --- a/Run/Que/Server.hs +++ b/Run/Que/Server.hs @@ -29,7 +29,6 @@ import Data.Text.Lazy ( Text , fromStrict ) import qualified Network.HTTP.Types.Status as Http -import qualified Network.Socket as Socket import qualified Network.Wai as Wai import qualified Network.Wai.Handler.Warp as Warp import Network.Wai.Middleware.RequestLogger @@ -67,14 +66,6 @@ data Error = ErrorParsingOptions instance Exception.Exception Error --- | Only allow my IP or local to access some route. -guardIP :: Wai.Request -> Scotty.ActionT Text App () -guardIP r = case Wai.remoteHost r of - Socket.SockAddrInet _ ip | ip `elem` allowed -> Scotty.status Http.ok200 - _ -> Scotty.status Http.methodNotAllowed405 - where - allowed = Socket.tupleToHostAddress Scotty.status Http.ok200 + (_, Just "73.222.221.62", _) -> Scotty.status Http.ok200 + (Just "::1", Just "::1", Just "localhost") -> Scotty.status Http.ok200 + _ -> Scotty.status Http.methodNotAllowed405 + >> Scotty.text "error 405 not allowed: _ is a reserved namespace" app . modify <| upsertNamespace ns q <- app <| que ns qp qdata <- Scotty.body diff --git a/Run/Que/service.nix b/Run/Que/service.nix index 1d82bd6..aa68657 100644 --- a/Run/Que/service.nix +++ b/Run/Que/service.nix @@ -61,7 +61,8 @@ in locations."/" = { proxyPass = "http://localhost:${toString cfg.port}"; extraConfig = '' - # forward the headers so the `guardIP` function works properly + proxy_set_header X-Real-IP $realip_remote_addr; + proxy_set_header X-Forwarded-Host $remote_addr; proxy_pass_request_headers on; ''; }; -- cgit v1.2.3