Add Proxy IP check for header security

This commit is contained in:
Todd E Johnson 2023-11-24 00:11:04 -06:00
parent 756d640d06
commit 821ed3433b
1 changed files with 5 additions and 1 deletions

View File

@ -2,8 +2,12 @@ module.exports = (config, req) => {
try {
if ( config.appConfig.auth.enableHeaderAuth ) {
const userHeader = config.appConfig.auth.headerAuth.userHeader;
return { "success": true, "user": req.headers[userHeader.toLowerCase()] };
const proxyWhitelist = config.appConfig.auth.headerAuth.proxyWhitelist;
if ( proxyWhitelist.includes(req.socket.remoteAddress) ) {
return { "success": true, "user": req.headers[userHeader.toLowerCase()] };
}
}
return {};
} catch (e) {
console.warn("Error get-user: ", e);
return { 'success': false };