feat: Hostnames

internals/config/structure/structure.go

@@ -18,6 +18,7 @@ type CONFIG struct {
 }
 
 type SERVICE struct {
+	HOSTNAMES			[]string					`koanf:"hostnames"       env>aliases:".hostnames"`
 	PORT				string						`koanf:"port"            env>aliases:".port"`
 	LOG_LEVEL			string						`koanf:"loglevel"        env>aliases:".loglevel"`
 }

internals/proxy/middlewares/hostname.go

@@ -0,0 +1,46 @@
+package middlewares
+
+import (
+	"net/http"
+	"net/url"
+	"slices"
+)
+
+var Hostname Middleware = Middleware{
+	Name: "Hostname",
+	Use: hostnameHandler,
+}
+
+func hostnameHandler(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		logger := getLogger(req)
+
+		conf := getConfigByReq(req)
+
+		hostnames := conf.SERVICE.HOSTNAMES
+
+		if hostnames == nil {
+			hostnames = getConfig("").SERVICE.HOSTNAMES
+		}
+
+		if len(hostnames) > 0 {
+			URL := getContext[*url.URL](req, originURLKey)
+
+			hostname := URL.Hostname()
+
+			if hostname == "" {
+				logger.Error("Encountered empty hostname")
+				http.Error(w, "Bad Request: invalid hostname", http.StatusBadRequest)
+				return
+			}
+
+			if !slices.Contains(hostnames, hostname) {
+				logger.Warn("Client tried using Token with wrong hostname")
+				onUnauthorized(w)
+				return
+			}
+		}
+
+		next.ServeHTTP(w, req)
+	})
+}

internals/proxy/middlewares/proxy.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"net"
 	"net/http"
+	"net/url"
 	"strings"
 )
 
@@ -14,6 +15,7 @@ var InternalProxy Middleware = Middleware{
 
 const trustedProxyKey contextKey = "isProxyTrusted"
 const clientIPKey contextKey = "clientIP"
+const originURLKey contextKey = "originURL"
 
 func proxyHandler(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
@@ -32,6 +34,8 @@ func proxyHandler(next http.Handler) http.Handler {
 
 		host, _, _ := net.SplitHostPort(req.RemoteAddr)
 
+		originUrl := req.Proto + "://" + req.URL.Host
+
 		ip = net.ParseIP(host)
 
 		if len(rawTrustedProxies) != 0 {
@@ -50,10 +54,30 @@ func proxyHandler(next http.Handler) http.Handler {
 			if realIP != nil {
 				ip = realIP
 			}
+
+			XFHost := req.Header.Get("X-Forwarded-Host")
+			XFProto := req.Header.Get("X-Forwarded-Proto")
+			XFPort := req.Header.Get("X-Forwarded-Port")
+
+			if XFHost == "" || XFProto == "" || XFPort == "" {
+				logger.Warn("Missing X-Forwarded-* headers")
+			}
+
+			originUrl = XFProto + "://" + XFHost + ":" + XFPort
+		}
+
+		originURL, err := url.Parse(originUrl)
+
+		if err != nil {
+			logger.Error("Could not parse Url: ", originUrl)
+			http.Error(w, "Bad Request: invalid Url", http.StatusBadRequest)
+			return
 		}
 
-		req = setContext(req, clientIPKey, ip)
 		req = setContext(req, trustedProxyKey, trusted)
+		req = setContext(req, originURLKey, originURL)
+
+		req = setContext(req, clientIPKey, ip)
 
 		next.ServeHTTP(w, req)
 	})
@@ -123,13 +147,13 @@ func getRealIP(req *http.Request) (net.IP, error) {
 		realIP := net.ParseIP(strings.TrimSpace(ips[0]))
 
 		if realIP == nil {
-			return nil, errors.New("malformed x-forwarded-for header")
+			return nil, errors.New("malformed X-Forwarded-For header")
 		}
 
 		return realIP, nil
 	}
 
-	return nil, errors.New("no x-forwarded-for header present")
+	return nil, errors.New("no X-Forwarded-For header present")
 }
 
 func isIPInList(ip net.IP, list []*net.IPNet) bool {

internals/proxy/proxy.go

@@ -38,8 +38,9 @@ func (proxy Proxy) Init() http.Handler {
 		Use(m.InternalClientIP).
 		Use(m.RequestLogger).
 		Use(m.InternalAuthRequirement).
-		Use(m.IPFilter).
 		Use(m.Port).
+		Use(m.Hostname).
+		Use(m.IPFilter).
 		Use(m.RateLimit).
 		Use(m.Template).
 		Use(m.Endpoints).