IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1381 from ONLYOFFICE/bugfix/bug-62137

Browse Source 
Bugfix/bug 62137
This commit is contained in:
Alexey Bannov 2023-04-24 12:59:47 +03:00 committed by GitHub
commit cc883524d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 111 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
common/ASC.Api.Core/Core/BaseStartup.cs
View File

@ -24,6 +24,10 @@
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
using System.Linq;
using Microsoft.AspNetCore.Builder;
using JsonConverter = System.Text.Json.Serialization.JsonConverter;
namespace ASC.Api.Core;
@ -64,11 +68,42 @@ public abstract class BaseStartup
public virtual void ConfigureServices(IServiceCollection services)
{
services.AddCustomHealthCheck(_configuration);
services.AddCustomHealthCheck(_configuration);
services.AddHttpContextAccessor();
services.AddMemoryCache();
services.AddHttpClient();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.ForwardLimit = null;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
var knownProxies = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownProxies").Get<List<String>>();
var knownNetworks = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownNetworks").Get<List<String>>();
if (knownProxies != null && knownProxies.Count > 0)
{
foreach (var knownProxy in knownProxies)
{
options.KnownProxies.Add(IPAddress.Parse(knownProxy));
}
}
if (knownNetworks != null && knownNetworks.Count > 0)
{
foreach (var knownNetwork in knownNetworks)
{
var prefix = IPAddress.Parse(knownNetwork.Split("/")[0]);
var prefixLength = Convert.ToInt32(knownNetwork.Split("/")[1]);
options.KnownNetworks.Add(new IPNetwork(prefix, prefixLength));
}
}
});
services.AddScoped<EFLoggerFactory>();
services.AddBaseDbContextPool<AccountLinkContext>()
@ -270,10 +305,7 @@ public abstract class BaseStartup
public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseForwardedHeaders();
app.UseRouting();

5
common/ASC.Common/Utils/HttpRequestExtensions.cs
View File

@ -179,11 +179,6 @@ public static class HttpRequestExtensions
return !string.IsNullOrEmpty(request.Headers[HeaderNames.UserAgent]) && (request.Headers[HeaderNames.UserAgent].Contains("iOS") || request.Headers[HeaderNames.UserAgent].Contains("Android"));
}
public static string GetUserHostAddress(this HttpRequest request)
{
return request.HttpContext.Features.Get<IHttpConnectionFeature>()?.RemoteIpAddress?.ToString();
}
private static Uri ParseRewriterUrl(string s)
{
if (string.IsNullOrEmpty(s))

4
common/ASC.Core.Common/Context/SecurityContext.cs
View File

@ -111,7 +111,7 @@ public class SecurityContext
ArgumentNullException.ThrowIfNull(request);
ipFrom = "from " + (request.Headers["X-Forwarded-For"].ToString() ?? request.GetUserHostAddress());
ipFrom = "from " + _httpContextAccessor?.HttpContext.Connection.RemoteIpAddress;
address = "for " + request.GetUrlRewriter();
}
_logger.InformationEmptyBearer(ipFrom, address);
@ -127,7 +127,7 @@ public class SecurityContext
ArgumentNullException.ThrowIfNull(request);
address = "for " + request.GetUrlRewriter();
ipFrom = "from " + (request.Headers["X-Forwarded-For"].ToString() ?? request.GetUserHostAddress());
ipFrom = "from " + _httpContextAccessor?.HttpContext.Connection.RemoteIpAddress;
}
_logger.WarningCanNotDecrypt(cookie, ipFrom, address);

9
common/ASC.Core.Common/GeolocationHelper.cs
View File

@ -78,10 +78,13 @@ public class GeolocationHelper
{
if (_httpContextAccessor.HttpContext?.Request != null)
{
var ip = (string)(_httpContextAccessor.HttpContext.Items["X-Forwarded-For"] ?? _httpContextAccessor.HttpContext.Items["REMOTE_ADDR"]);
if (!string.IsNullOrWhiteSpace(ip))
var ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress;
if (ip != IPAddress.Loopback)
{
return GetIPGeolocation(ip);
_logger.DebugRemoteIpAddress(ip.ToString());
return GetIPGeolocation(ip.ToString());
}
}

3
common/ASC.Core.Common/Log/GeolocationHelperLogger.cs
View File

@ -27,6 +27,9 @@
namespace ASC.Core.Common.Log;
internal static partial class GeolocationHelperLogger
{
[LoggerMessage(Level = LogLevel.Error, Message = "This is remote ip address {remoteIp}")]
public static partial void DebugRemoteIpAddress(this ILogger<GeolocationHelper> logger, string remoteIp);
[LoggerMessage(Level = LogLevel.Error, Message = "GetIPGeolocation")]
public static partial void ErrorGetIPGeolocation(this ILogger<GeolocationHelper> logger, Exception exception);

3
common/ASC.Core.Common/Security/Authentication/CookieStorage.cs
View File

@ -166,8 +166,7 @@ public class CookieStorage
{
if (_httpContext?.Request != null)
{
var forwarded = _httpContext.Request.Headers["X-Forwarded-For"].ToString();
data = string.IsNullOrEmpty(forwarded) ? _httpContext.Request.GetUserHostAddress() : forwarded.Split(':')[0];
data = _httpContext.Connection.RemoteIpAddress.ToString();
}
}
catch { }

2
common/ASC.IPSecurity/Utils/IPSecurity.cs
View File

@ -98,7 +98,7 @@ public class IPSecurity
if (string.IsNullOrWhiteSpace(requestIps))
{
var request = _httpContextAccessor.HttpContext.Request;
requestIps = request.Headers["X-Forwarded-For"].FirstOrDefault() ?? request.GetUserHostAddress();
requestIps = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString();
}
var ips = string.IsNullOrWhiteSpace(requestIps)

16
common/ASC.MessagingSystem/Core/MessageFactory.cs
View File

@ -32,12 +32,17 @@ public class MessageFactory
private readonly ILogger<MessageFactory> _logger;
private readonly AuthContext _authContext;
private readonly TenantManager _tenantManager;
private readonly IHttpContextAccessor _httpContextAccessor;
public MessageFactory(AuthContext authContext, TenantManager tenantManager, ILogger<MessageFactory> logger)
public MessageFactory(AuthContext authContext,
TenantManager tenantManager,
ILogger<MessageFactory> logger,
IHttpContextAccessor httpContextAccessor)
{
_authContext = authContext;
_tenantManager = tenantManager;
_logger = logger;
_logger = logger;
_httpContextAccessor = httpContextAccessor;
}
public EventMessage Create(HttpRequest request, string initiator, DateTime? dateTime, MessageAction action, MessageTarget target, params string[] description)
@ -82,11 +87,14 @@ public class MessageFactory
if (headers != null)
{
var ip = MessageSettings.GetIP(headers);
var userAgent = MessageSettings.GetUAHeader(headers);
var referer = MessageSettings.GetReferer(headers);
message.Ip = ip;
if (_httpContextAccessor.HttpContext != null)
{
message.Ip = MessageSettings.GetIP(_httpContextAccessor.HttpContext.Request);
}
message.UAHeader = userAgent;
message.Page = referer;
}

15
common/ASC.MessagingSystem/Core/MessageSettings.cs
View File

@ -30,8 +30,6 @@ namespace ASC.MessagingSystem;
public class MessageSettings
{
private const string UserAgentHeader = "User-Agent";
private const string ForwardedHeader = "X-Forwarded-For";
private const string HostHeader = "Host";
private const string RefererHeader = "Referer";
static MessageSettings()
@ -66,22 +64,11 @@ public class MessageSettings
return headers.ContainsKey(RefererHeader) ? headers[RefererHeader].FirstOrDefault() : null;
}
public static string GetIP(IDictionary<string, StringValues> headers)
{
var forwarded = headers.ContainsKey(ForwardedHeader) ? headers[ForwardedHeader].FirstOrDefault() : null;
var host = headers.ContainsKey(HostHeader) ? headers[HostHeader].FirstOrDefault() : null;
return forwarded ?? host;
}
public static string GetIP(HttpRequest request)
{
if (request != null)
{
var str = request.Headers[ForwardedHeader].FirstOrDefault() ?? request.GetUserHostAddress();
if (str != null)
{
return str.Substring(0, str.IndexOf(':') != -1 ? str.IndexOf(':') : str.Length);
}
return request.HttpContext.Connection.RemoteIpAddress.ToString();
}
return null;
}

6
config/appsettings.json
View File

@ -37,7 +37,11 @@
"hosting": {
"intervalCheckRegisterInstanceInSeconds": "1",
"timeUntilUnregisterInSeconds": "15",
"singletonMode": true
"singletonMode": true,
"forwardedHeadersOptions": {
"knownNetworks": [],
"knownProxies": [ "127.0.0.1" ]
}
},
"themelimit": "9",
"oidc": {

60
config/nginx/onlyoffice.conf
View File

@ -3,16 +3,26 @@ map $http_host $this_host {
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $http_x_forwarded_host $proxy_x_forwarded_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
map $uri $basename {
~/(?<captured_basename>[^/]*)$ $captured_basename;
}
@ -42,7 +52,7 @@ server {
large_client_header_buffers 4 16k;
client_max_body_size 4G;
set $X_REWRITER_URL $the_scheme://$the_host;
set $X_REWRITER_URL $proxy_x_forwarded_proto://$proxy_x_forwarded_host;
if ($http_x_rewriter_url != '') {
set $X_REWRITER_URL $http_x_rewriter_url ;
@ -72,14 +82,14 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection $proxy_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
}
location / {
@ -120,17 +130,18 @@ server {
}
location /doceditor {
proxy_pass http://127.0.0.1:5013;
proxy_redirect off;
proxy_set_header Host $this_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection $proxy_connection;
location ~* /static/images/(.*)$ {
try_files /images/$1 /index.html =404;
@ -147,12 +158,14 @@ server {
proxy_redirect off;
proxy_set_header Host $this_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection $proxy_connection;
location ~* /static/images/(.*)$ {
try_files /images/$1 /index.html =404;
@ -165,8 +178,10 @@ server {
location /sockjs-node {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $this_host;
proxy_pass http://127.0.0.1:5001;
@ -174,7 +189,7 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection $proxy_connection;
}
location /api/2.0 {
@ -192,7 +207,9 @@ server {
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~* portal/(.*)(backup|restore)(.*) {
rewrite (.*)/portal/(.*) $1/backup/$2 break;
@ -242,11 +259,13 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection $proxy_connection;
proxy_set_header Host $host;
proxy_set_header Host $this_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /backupFileUpload.ashx {
@ -298,6 +317,5 @@ server {
rewrite /healthchecks/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:5033;
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
}
}
}

2
products/ASC.People/Server/Api/UserController.cs
View File

@ -1250,7 +1250,7 @@ public class UserController : PeopleControllerBase
if (!SetupInfo.IsSecretEmail(inDto.Email)
&& !string.IsNullOrEmpty(_setupInfo.RecaptchaPublicKey) && !string.IsNullOrEmpty(_setupInfo.RecaptchaPrivateKey))
{
var ip = Request.Headers["X-Forwarded-For"].ToString() ?? Request.GetUserHostAddress();
var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress.ToString();
if (string.IsNullOrEmpty(inDto.RecaptchaResponse)
|| !await _recaptcha.ValidateRecaptchaAsync(inDto.RecaptchaResponse, ip))

3
web/ASC.Web.Api/Api/PaymentsController.cs
View File

@ -179,7 +179,8 @@ public class PaymentController : ControllerBase
internal void CheckCache(string basekey)
{
var key = _httpContextAccessor.HttpContext.Request.GetUserHostAddress() + basekey;
var key = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString() + basekey;
if (_memoryCache.TryGetValue<int>(key, out var count))
{
if (count > _maxCount)

2
web/ASC.Web.Api/Api/Settings/BaseSettingsController.cs
View File

@ -55,7 +55,7 @@ public partial class BaseSettingsController : ControllerBase
internal void CheckCache(string basekey)
{
var key = _httpContextAccessor.HttpContext.Request.GetUserHostAddress() + basekey;
var key = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString() + basekey;
if (MemoryCache.TryGetValue<int>(key, out var count))
{
if (count > _maxCount)

5
web/ASC.Web.Studio/Startup.cs
View File

@ -35,11 +35,6 @@ public class Startup : BaseStartup
{
base.Configure(app, env);
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseRouting();
app.UseAuthentication();