[chore] Add ipv6 localhost to trusted proxies by default (#868)

* add ipv6 localhost to trusted proxies by default * test different trusted proxies
superseriousbusiness · Sep 29, 2022 · f0bf69d · f0bf69d
1 parent ff16864
commit f0bf69d
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 11 deletions.
diff --git a/docs/configuration/general.md b/docs/configuration/general.md
@@ -77,7 +77,8 @@ port: 8080
 # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
 # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
 # Example: ["127.0.0.1/32", "172.20.0.1"]
-# Default: ["127.0.0.1/32"] (localhost)
+# Default: ["127.0.0.1/32", "::1"] (localhost ipv4 + ipv6)
 trusted-proxies:
   - "127.0.0.1/32"
+  - "::1"
 ```
diff --git a/example/config.yaml b/example/config.yaml
@@ -84,9 +84,10 @@ port: 8080
 # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network,
 # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network).
 # Example: ["127.0.0.1/32", "172.20.0.1"]
-# Default: ["127.0.0.1/32"] (localhost)
+# Default: ["127.0.0.1/32", "::1"] (localhost ipv4 + ipv6)
 trusted-proxies:
   - "127.0.0.1/32"
+  - "::1"
 
 ############################
 ##### DATABASE CONFIG ######

diff --git a/internal/config/defaults.go b/internal/config/defaults.go
@@ -32,7 +32,7 @@ var Defaults = Configuration{
 	Protocol:        "https",
 	BindAddress:     "0.0.0.0",
 	Port:            8080,
-	TrustedProxies:  []string{"127.0.0.1/32"}, // localhost
+	TrustedProxies:  []string{"127.0.0.1/32", "::1"}, // localhost
 
 	DbType:      "postgres",
 	DbAddress:   "",

diff --git a/test/cliparsing.sh b/test/cliparsing.sh
diff --git a/test/envparsing.sh b/test/envparsing.sh
@@ -2,7 +2,7 @@
 
 set -eu
 
-EXPECTED='{"account-domain":"peepee","accounts-allow-custom-css":true,"accounts-approval-required":false,"accounts-reason-required":false,"accounts-registration-open":true,"advanced-cookies-samesite":"strict","application-name":"gts","bind-address":"127.0.0.1","config-path":"./test/test.yaml","db-address":":memory:","db-database":"gotosocial_prod","db-password":"hunter2","db-port":6969,"db-tls-ca-cert":"","db-tls-mode":"disable","db-type":"sqlite","db-user":"sex-haver","email":"","host":"example.com","instance-deliver-to-shared-inboxes":false,"instance-expose-peers":true,"instance-expose-suspended":true,"letsencrypt-cert-dir":"/gotosocial/storage/certs","letsencrypt-email-address":"","letsencrypt-enabled":true,"letsencrypt-port":80,"log-db-queries":true,"log-level":"info","media-description-max-chars":5000,"media-description-min-chars":69,"media-emoji-local-max-size":420,"media-emoji-remote-max-size":420,"media-image-max-size":420,"media-remote-cache-days":30,"media-video-max-size":420,"oidc-client-id":"1234","oidc-client-secret":"shhhh its a secret","oidc-enabled":true,"oidc-idp-name":"sex-haver","oidc-issuer":"whoknows","oidc-scopes":["read","write"],"oidc-skip-verification":true,"password":"","path":"","port":6969,"protocol":"http","smtp-from":"queen@terfisland.org","smtp-host":"example.com","smtp-password":"hunter2","smtp-port":4269,"smtp-username":"sex-haver","software-version":"","statuses-cw-max-chars":420,"statuses-max-chars":69,"statuses-media-max-files":1,"statuses-poll-max-options":1,"statuses-poll-option-max-chars":50,"storage-backend":"local","storage-local-base-path":"/root/store","storage-s3-access-key":"minio","storage-s3-bucket":"gts","storage-s3-endpoint":"localhost:9000","storage-s3-secret-key":"miniostorage","storage-s3-use-ssl":false,"syslog-address":"127.0.0.1:6969","syslog-enabled":true,"syslog-protocol":"udp","trusted-proxies":["127.0.0.1/32","0.0.0.0/0"],"username":"","web-asset-base-dir":"/root","web-template-base-dir":"/root"}'
+EXPECTED='{"account-domain":"peepee","accounts-allow-custom-css":true,"accounts-approval-required":false,"accounts-reason-required":false,"accounts-registration-open":true,"advanced-cookies-samesite":"strict","application-name":"gts","bind-address":"127.0.0.1","config-path":"./test/test.yaml","db-address":":memory:","db-database":"gotosocial_prod","db-password":"hunter2","db-port":6969,"db-tls-ca-cert":"","db-tls-mode":"disable","db-type":"sqlite","db-user":"sex-haver","email":"","host":"example.com","instance-deliver-to-shared-inboxes":false,"instance-expose-peers":true,"instance-expose-suspended":true,"letsencrypt-cert-dir":"/gotosocial/storage/certs","letsencrypt-email-address":"","letsencrypt-enabled":true,"letsencrypt-port":80,"log-db-queries":true,"log-level":"info","media-description-max-chars":5000,"media-description-min-chars":69,"media-emoji-local-max-size":420,"media-emoji-remote-max-size":420,"media-image-max-size":420,"media-remote-cache-days":30,"media-video-max-size":420,"oidc-client-id":"1234","oidc-client-secret":"shhhh its a secret","oidc-enabled":true,"oidc-idp-name":"sex-haver","oidc-issuer":"whoknows","oidc-scopes":["read","write"],"oidc-skip-verification":true,"password":"","path":"","port":6969,"protocol":"http","smtp-from":"queen@terfisland.org","smtp-host":"example.com","smtp-password":"hunter2","smtp-port":4269,"smtp-username":"sex-haver","software-version":"","statuses-cw-max-chars":420,"statuses-max-chars":69,"statuses-media-max-files":1,"statuses-poll-max-options":1,"statuses-poll-option-max-chars":50,"storage-backend":"local","storage-local-base-path":"/root/store","storage-s3-access-key":"minio","storage-s3-bucket":"gts","storage-s3-endpoint":"localhost:9000","storage-s3-secret-key":"miniostorage","storage-s3-use-ssl":false,"syslog-address":"127.0.0.1:6969","syslog-enabled":true,"syslog-protocol":"udp","trusted-proxies":["127.0.0.1/32","docker.host.local"],"username":"","web-asset-base-dir":"/root","web-template-base-dir":"/root"}'
 
 # Set all the environment variables to 
 # ensure that these are parsed without panic
@@ -14,7 +14,7 @@ GTS_ACCOUNT_DOMAIN='peepee' \
 GTS_PROTOCOL=http \
 GTS_BIND_ADDRESS='127.0.0.1' \
 GTS_PORT=6969 \
-GTS_TRUSTED_PROXIES='' \
+GTS_TRUSTED_PROXIES='127.0.0.1/32,docker.host.local' \
 GTS_DB_TYPE='sqlite' \
 GTS_DB_ADDRESS=':memory:' \
 GTS_DB_PORT=6969 \

diff --git a/testrig/config.go b/testrig/config.go
@@ -40,7 +40,7 @@ var testDefaults = config.Configuration{
 	Protocol:        "http",
 	BindAddress:     "127.0.0.1",
 	Port:            8080,
-	TrustedProxies:  []string{"127.0.0.1/32"},
+	TrustedProxies:  []string{"127.0.0.1/32", "::1"},
 
 	DbType:     "sqlite",
 	DbAddress:  ":memory:",