Merge pull request #1381 from ONLYOFFICE/bugfix/bug-62137
Bugfix/bug 62137
This commit is contained in:
commit
cc883524d6
@ -24,6 +24,10 @@
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using System.Linq;
|
||||
|
||||
using Microsoft.AspNetCore.Builder;
|
||||
|
||||
using JsonConverter = System.Text.Json.Serialization.JsonConverter;
|
||||
|
||||
namespace ASC.Api.Core;
|
||||
@ -64,11 +68,42 @@ public abstract class BaseStartup
|
||||
|
||||
public virtual void ConfigureServices(IServiceCollection services)
|
||||
{
|
||||
services.AddCustomHealthCheck(_configuration);
|
||||
services.AddCustomHealthCheck(_configuration);
|
||||
services.AddHttpContextAccessor();
|
||||
services.AddMemoryCache();
|
||||
services.AddHttpClient();
|
||||
|
||||
services.Configure<ForwardedHeadersOptions>(options =>
|
||||
{
|
||||
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
|
||||
options.ForwardLimit = null;
|
||||
options.KnownNetworks.Clear();
|
||||
options.KnownProxies.Clear();
|
||||
|
||||
var knownProxies = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownProxies").Get<List<String>>();
|
||||
var knownNetworks = _configuration.GetSection("core:hosting:forwardedHeadersOptions:knownNetworks").Get<List<String>>();
|
||||
|
||||
if (knownProxies != null && knownProxies.Count > 0)
|
||||
{
|
||||
foreach (var knownProxy in knownProxies)
|
||||
{
|
||||
options.KnownProxies.Add(IPAddress.Parse(knownProxy));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (knownNetworks != null && knownNetworks.Count > 0)
|
||||
{
|
||||
foreach (var knownNetwork in knownNetworks)
|
||||
{
|
||||
var prefix = IPAddress.Parse(knownNetwork.Split("/")[0]);
|
||||
var prefixLength = Convert.ToInt32(knownNetwork.Split("/")[1]);
|
||||
|
||||
options.KnownNetworks.Add(new IPNetwork(prefix, prefixLength));
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
services.AddScoped<EFLoggerFactory>();
|
||||
|
||||
services.AddBaseDbContextPool<AccountLinkContext>()
|
||||
@ -270,10 +305,7 @@ public abstract class BaseStartup
|
||||
|
||||
public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env)
|
||||
{
|
||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
});
|
||||
app.UseForwardedHeaders();
|
||||
|
||||
app.UseRouting();
|
||||
|
||||
|
@ -179,11 +179,6 @@ public static class HttpRequestExtensions
|
||||
return !string.IsNullOrEmpty(request.Headers[HeaderNames.UserAgent]) && (request.Headers[HeaderNames.UserAgent].Contains("iOS") || request.Headers[HeaderNames.UserAgent].Contains("Android"));
|
||||
}
|
||||
|
||||
public static string GetUserHostAddress(this HttpRequest request)
|
||||
{
|
||||
return request.HttpContext.Features.Get<IHttpConnectionFeature>()?.RemoteIpAddress?.ToString();
|
||||
}
|
||||
|
||||
private static Uri ParseRewriterUrl(string s)
|
||||
{
|
||||
if (string.IsNullOrEmpty(s))
|
||||
|
@ -111,7 +111,7 @@ public class SecurityContext
|
||||
|
||||
ArgumentNullException.ThrowIfNull(request);
|
||||
|
||||
ipFrom = "from " + (request.Headers["X-Forwarded-For"].ToString() ?? request.GetUserHostAddress());
|
||||
ipFrom = "from " + _httpContextAccessor?.HttpContext.Connection.RemoteIpAddress;
|
||||
address = "for " + request.GetUrlRewriter();
|
||||
}
|
||||
_logger.InformationEmptyBearer(ipFrom, address);
|
||||
@ -127,7 +127,7 @@ public class SecurityContext
|
||||
ArgumentNullException.ThrowIfNull(request);
|
||||
|
||||
address = "for " + request.GetUrlRewriter();
|
||||
ipFrom = "from " + (request.Headers["X-Forwarded-For"].ToString() ?? request.GetUserHostAddress());
|
||||
ipFrom = "from " + _httpContextAccessor?.HttpContext.Connection.RemoteIpAddress;
|
||||
}
|
||||
|
||||
_logger.WarningCanNotDecrypt(cookie, ipFrom, address);
|
||||
|
@ -78,10 +78,13 @@ public class GeolocationHelper
|
||||
{
|
||||
if (_httpContextAccessor.HttpContext?.Request != null)
|
||||
{
|
||||
var ip = (string)(_httpContextAccessor.HttpContext.Items["X-Forwarded-For"] ?? _httpContextAccessor.HttpContext.Items["REMOTE_ADDR"]);
|
||||
if (!string.IsNullOrWhiteSpace(ip))
|
||||
var ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress;
|
||||
|
||||
if (ip != IPAddress.Loopback)
|
||||
{
|
||||
return GetIPGeolocation(ip);
|
||||
_logger.DebugRemoteIpAddress(ip.ToString());
|
||||
|
||||
return GetIPGeolocation(ip.ToString());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -27,6 +27,9 @@
|
||||
namespace ASC.Core.Common.Log;
|
||||
internal static partial class GeolocationHelperLogger
|
||||
{
|
||||
[LoggerMessage(Level = LogLevel.Error, Message = "This is remote ip address {remoteIp}")]
|
||||
public static partial void DebugRemoteIpAddress(this ILogger<GeolocationHelper> logger, string remoteIp);
|
||||
|
||||
[LoggerMessage(Level = LogLevel.Error, Message = "GetIPGeolocation")]
|
||||
public static partial void ErrorGetIPGeolocation(this ILogger<GeolocationHelper> logger, Exception exception);
|
||||
|
||||
|
@ -166,8 +166,7 @@ public class CookieStorage
|
||||
{
|
||||
if (_httpContext?.Request != null)
|
||||
{
|
||||
var forwarded = _httpContext.Request.Headers["X-Forwarded-For"].ToString();
|
||||
data = string.IsNullOrEmpty(forwarded) ? _httpContext.Request.GetUserHostAddress() : forwarded.Split(':')[0];
|
||||
data = _httpContext.Connection.RemoteIpAddress.ToString();
|
||||
}
|
||||
}
|
||||
catch { }
|
||||
|
@ -98,7 +98,7 @@ public class IPSecurity
|
||||
if (string.IsNullOrWhiteSpace(requestIps))
|
||||
{
|
||||
var request = _httpContextAccessor.HttpContext.Request;
|
||||
requestIps = request.Headers["X-Forwarded-For"].FirstOrDefault() ?? request.GetUserHostAddress();
|
||||
requestIps = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString();
|
||||
}
|
||||
|
||||
var ips = string.IsNullOrWhiteSpace(requestIps)
|
||||
|
@ -32,12 +32,17 @@ public class MessageFactory
|
||||
private readonly ILogger<MessageFactory> _logger;
|
||||
private readonly AuthContext _authContext;
|
||||
private readonly TenantManager _tenantManager;
|
||||
private readonly IHttpContextAccessor _httpContextAccessor;
|
||||
|
||||
public MessageFactory(AuthContext authContext, TenantManager tenantManager, ILogger<MessageFactory> logger)
|
||||
public MessageFactory(AuthContext authContext,
|
||||
TenantManager tenantManager,
|
||||
ILogger<MessageFactory> logger,
|
||||
IHttpContextAccessor httpContextAccessor)
|
||||
{
|
||||
_authContext = authContext;
|
||||
_tenantManager = tenantManager;
|
||||
_logger = logger;
|
||||
_logger = logger;
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
}
|
||||
|
||||
public EventMessage Create(HttpRequest request, string initiator, DateTime? dateTime, MessageAction action, MessageTarget target, params string[] description)
|
||||
@ -82,11 +87,14 @@ public class MessageFactory
|
||||
|
||||
if (headers != null)
|
||||
{
|
||||
var ip = MessageSettings.GetIP(headers);
|
||||
var userAgent = MessageSettings.GetUAHeader(headers);
|
||||
var referer = MessageSettings.GetReferer(headers);
|
||||
|
||||
message.Ip = ip;
|
||||
if (_httpContextAccessor.HttpContext != null)
|
||||
{
|
||||
message.Ip = MessageSettings.GetIP(_httpContextAccessor.HttpContext.Request);
|
||||
}
|
||||
|
||||
message.UAHeader = userAgent;
|
||||
message.Page = referer;
|
||||
}
|
||||
|
@ -30,8 +30,6 @@ namespace ASC.MessagingSystem;
|
||||
public class MessageSettings
|
||||
{
|
||||
private const string UserAgentHeader = "User-Agent";
|
||||
private const string ForwardedHeader = "X-Forwarded-For";
|
||||
private const string HostHeader = "Host";
|
||||
private const string RefererHeader = "Referer";
|
||||
|
||||
static MessageSettings()
|
||||
@ -66,22 +64,11 @@ public class MessageSettings
|
||||
return headers.ContainsKey(RefererHeader) ? headers[RefererHeader].FirstOrDefault() : null;
|
||||
}
|
||||
|
||||
public static string GetIP(IDictionary<string, StringValues> headers)
|
||||
{
|
||||
var forwarded = headers.ContainsKey(ForwardedHeader) ? headers[ForwardedHeader].FirstOrDefault() : null;
|
||||
var host = headers.ContainsKey(HostHeader) ? headers[HostHeader].FirstOrDefault() : null;
|
||||
return forwarded ?? host;
|
||||
}
|
||||
|
||||
public static string GetIP(HttpRequest request)
|
||||
{
|
||||
if (request != null)
|
||||
{
|
||||
var str = request.Headers[ForwardedHeader].FirstOrDefault() ?? request.GetUserHostAddress();
|
||||
if (str != null)
|
||||
{
|
||||
return str.Substring(0, str.IndexOf(':') != -1 ? str.IndexOf(':') : str.Length);
|
||||
}
|
||||
return request.HttpContext.Connection.RemoteIpAddress.ToString();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
@ -37,7 +37,11 @@
|
||||
"hosting": {
|
||||
"intervalCheckRegisterInstanceInSeconds": "1",
|
||||
"timeUntilUnregisterInSeconds": "15",
|
||||
"singletonMode": true
|
||||
"singletonMode": true,
|
||||
"forwardedHeadersOptions": {
|
||||
"knownNetworks": [],
|
||||
"knownProxies": [ "127.0.0.1" ]
|
||||
}
|
||||
},
|
||||
"themelimit": "9",
|
||||
"oidc": {
|
||||
|
@ -3,16 +3,26 @@ map $http_host $this_host {
|
||||
default $http_host;
|
||||
}
|
||||
|
||||
map $http_x_forwarded_proto $the_scheme {
|
||||
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
||||
default $http_x_forwarded_proto;
|
||||
"" $scheme;
|
||||
}
|
||||
|
||||
map $http_x_forwarded_host $the_host {
|
||||
map $http_x_forwarded_port $proxy_x_forwarded_port {
|
||||
default $http_x_forwarded_port;
|
||||
'' $server_port;
|
||||
}
|
||||
|
||||
map $http_x_forwarded_host $proxy_x_forwarded_host {
|
||||
default $http_x_forwarded_host;
|
||||
"" $this_host;
|
||||
}
|
||||
|
||||
map $http_upgrade $proxy_connection {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
map $uri $basename {
|
||||
~/(?<captured_basename>[^/]*)$ $captured_basename;
|
||||
}
|
||||
@ -42,7 +52,7 @@ server {
|
||||
|
||||
large_client_header_buffers 4 16k;
|
||||
client_max_body_size 4G;
|
||||
set $X_REWRITER_URL $the_scheme://$the_host;
|
||||
set $X_REWRITER_URL $proxy_x_forwarded_proto://$proxy_x_forwarded_host;
|
||||
|
||||
if ($http_x_rewriter_url != '') {
|
||||
set $X_REWRITER_URL $http_x_rewriter_url ;
|
||||
@ -72,14 +82,14 @@ server {
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
|
||||
proxy_set_header X-Forwarded-Proto $the_scheme;
|
||||
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host/ds-vpath;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
|
||||
}
|
||||
|
||||
location / {
|
||||
@ -120,17 +130,18 @@ server {
|
||||
}
|
||||
|
||||
location /doceditor {
|
||||
|
||||
proxy_pass http://127.0.0.1:5013;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $this_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
|
||||
location ~* /static/images/(.*)$ {
|
||||
try_files /images/$1 /index.html =404;
|
||||
@ -147,12 +158,14 @@ server {
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $this_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
|
||||
location ~* /static/images/(.*)$ {
|
||||
try_files /images/$1 /index.html =404;
|
||||
@ -165,8 +178,10 @@ server {
|
||||
|
||||
location /sockjs-node {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $this_host;
|
||||
|
||||
proxy_pass http://127.0.0.1:5001;
|
||||
|
||||
@ -174,7 +189,7 @@ server {
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
}
|
||||
|
||||
location /api/2.0 {
|
||||
@ -192,7 +207,9 @@ server {
|
||||
proxy_pass http://127.0.0.1:5000;
|
||||
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location ~* portal/(.*)(backup|restore)(.*) {
|
||||
rewrite (.*)/portal/(.*) $1/backup/$2 break;
|
||||
@ -242,11 +259,13 @@ server {
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Connection $proxy_connection;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Host $this_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /backupFileUpload.ashx {
|
||||
@ -298,6 +317,5 @@ server {
|
||||
rewrite /healthchecks/(.*)$ /$1 break;
|
||||
proxy_pass http://127.0.0.1:5033;
|
||||
proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -1250,7 +1250,7 @@ public class UserController : PeopleControllerBase
|
||||
if (!SetupInfo.IsSecretEmail(inDto.Email)
|
||||
&& !string.IsNullOrEmpty(_setupInfo.RecaptchaPublicKey) && !string.IsNullOrEmpty(_setupInfo.RecaptchaPrivateKey))
|
||||
{
|
||||
var ip = Request.Headers["X-Forwarded-For"].ToString() ?? Request.GetUserHostAddress();
|
||||
var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress.ToString();
|
||||
|
||||
if (string.IsNullOrEmpty(inDto.RecaptchaResponse)
|
||||
|| !await _recaptcha.ValidateRecaptchaAsync(inDto.RecaptchaResponse, ip))
|
||||
|
@ -179,7 +179,8 @@ public class PaymentController : ControllerBase
|
||||
|
||||
internal void CheckCache(string basekey)
|
||||
{
|
||||
var key = _httpContextAccessor.HttpContext.Request.GetUserHostAddress() + basekey;
|
||||
var key = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString() + basekey;
|
||||
|
||||
if (_memoryCache.TryGetValue<int>(key, out var count))
|
||||
{
|
||||
if (count > _maxCount)
|
||||
|
@ -55,7 +55,7 @@ public partial class BaseSettingsController : ControllerBase
|
||||
|
||||
internal void CheckCache(string basekey)
|
||||
{
|
||||
var key = _httpContextAccessor.HttpContext.Request.GetUserHostAddress() + basekey;
|
||||
var key = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString() + basekey;
|
||||
if (MemoryCache.TryGetValue<int>(key, out var count))
|
||||
{
|
||||
if (count > _maxCount)
|
||||
|
@ -35,11 +35,6 @@ public class Startup : BaseStartup
|
||||
{
|
||||
base.Configure(app, env);
|
||||
|
||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
});
|
||||
|
||||
app.UseRouting();
|
||||
|
||||
app.UseAuthentication();
|
||||
|
Loading…
Reference in New Issue
Block a user