Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow x-forwarded-for header to support lists with spaces around the commas #8

Merged
merged 2 commits into from Mar 26, 2016
Merged

Allow x-forwarded-for header to support lists with spaces around the commas #8

merged 2 commits into from Mar 26, 2016

Conversation

mrlannigan
Copy link
Contributor

Our network structure that alters X-Forwarded-For:
External Interface/Firewall -> HAProxy -> Nginx/Node

HAProxy appends to the list of ips with a , (comma + space).

This PR will allow the spaces to be parsed out of the list before it's split.

https://tools.ietf.org/html/draft-ietf-appsawg-http-forwarded-10#section-7.1

@coveralls
Copy link

Coverage Status

Coverage increased (+0.4%) to 94.776% when pulling 632d5d6 on mrlannigan:master into 87fe0ba on primus:master.

@jcrugzz
Copy link

jcrugzz commented Mar 25, 2016

This LGTM 👍. Any perf considerations here with the regex? @lpinca @3rd-Eden if this is good with either of you i think we should merge

@coveralls
Copy link

Coverage Status

Coverage increased (+0.5%) to 94.815% when pulling 1345af8 on mrlannigan:master into 87fe0ba on primus:master.

lpinca
lpinca reviewed Mar 25, 2016
View reviewed changes
index.js
@@ -64,7 +71,7 @@ function forwarded(headers, whitelist) {
if (!(proxies[i].ip in headers)) continue;

ports = (headers[proxies[i].port] || '').split(',');
ips = (headers[proxies[i].ip] || '').split(',');
ips = (headers[proxies[i].ip] || '').replace(ipListSpaceFilter, ',').split(',');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it's better to use trim() here:

ips = (headers[proxies[i].ip] || '').split(',').map(function map(ip) {
  return ip.trim();
});

so we can also remove the trim() from the whitelist check below.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably the regex approach is slightly faster.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok this is indeed faster:

'use strict';

const Benchmark = require('benchmark');

const suite = new Benchmark.Suite;
const re = /\s*,\s*/g;
let list = [];
let i = 0;

for (; i < 1000; i++) list.push(i);
list = list.join(' , ');

suite.add('map', function () {
  list.split(',').map(function map(elem) {
    return elem.trim();
  });
});
suite.add('regex', function () {
  list.replace(re, ',').split(',');
});
suite.on('cycle', function (event) {
  console.log(event.target.toString());
});
suite.on('complete', function () {
  console.log('Fastest is '+ this.filter('fastest').map('name'));
});

suite.run();
map x 3,514 ops/sec ±1.11% (82 runs sampled)
regex x 6,736 ops/sec ±1.09% (85 runs sampled)
Fastest is regex

so ignore the above idea.

@lpinca
Copy link
Member

lpinca commented Mar 25, 2016

LGTM, thank you for the tests.

lpinca
lpinca reviewed Mar 25, 2016
View reviewed changes
index.js
*
* @type {RegExp}
*/
var ipListSpaceFilter = /\s*,\s*/;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we need the g flag here.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is still necessary if there is more than 1 correct? Does this case practically happen? cc @3rd-Eden

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jcrugzz correct. It should have been addressed here.

@lpinca
Copy link
Member

lpinca commented Mar 25, 2016

With this change this trim() is no longer required, so we can remove it.

@3rd-Eden
Copy link
Member

LGTM, going to merge this in. Thanks the PR and the accompanying tests.

On Mar 25, 2016, at 5:59 PM, Julian Lannigan notifications@github.com wrote:

Our network structure that alters X-Forwarded-For:
External Interface/Firewall -> HAProxy -> Nginx/Node

HAProxy appends to the list of ips with a , (comma + space).

This PR will allow the spaces to be parsed out of the list before it's split.

You can view, comment on, or merge this pull request online at:

#8

Commit Summary

Allow x-forwarded-for header to support lists with spaces around the
File Changes

M index.js (2)
M test.js (54)
Patch Links:

https://github.com/primus/forwarded-for/pull/8.patch
https://github.com/primus/forwarded-for/pull/8.diff

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub

@3rd-Eden 3rd-Eden merged commit d5f798d into primus:master Mar 26, 2016
@mrlannigan mrlannigan mentioned this pull request Mar 30, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mrlannigan @coveralls @jcrugzz @lpinca @3rd-Eden