Address the other place where 'trust proxy' was being used, falling b…

…ack to the http config if it is available.
balderdashy · Dec 8, 2016 · b865f30 · b865f30
1 parent 552d4ae
commit b865f30
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/lib/hooks/request/index.js b/lib/hooks/request/index.js
@@ -86,7 +86,7 @@ module.exports = function(sails) {
           _mixinServerMetadata(req, res);
 
           // Add `req.validate()` method
-          // (Warning: this is changing in Sails v1.0!  See impl for more info.)
+          // (Warning: this is actually just an error as of Sails v1.0!  See impl for more info.)
           _mixinReqValidate(req, res);
 
           // Only apply HTTP-focused middleware if it makes sense

diff --git a/lib/hooks/request/metadata.js b/lib/hooks/request/metadata.js
@@ -1,33 +1,48 @@
 /**
- * Host, port, etc.
- * (fails silently if http or sockets is not enabled)
+ * _mixinServerMetadata()
+ *
+ * Set server metadata on the specified virtual `req`, mutating it in-place.
+ * (Host, port, etc.)
  *
  * @param {Request} req
- * @param {Response} res
+ *
  * @api private
  */
 
-module.exports = function _mixinServerMetadata(req, res) {
+module.exports = function _mixinServerMetadata(req) {
 
-  // TODO: try to use `sockets` if `http` is not available
+  // Get reference to `sails` (Sails app instance) for convenience.
+  var sails = req._sails;
+
+  // FUTURE: try to use `sockets` if `http` is not available
   // (currently, this function does not run for socket requests--
-  // these functions are added in the socket hook.  Eventually,
-  // it would be better if that logic was normalized here, makes
-  // us get all DRY or something.)
+  // only for virtual requests-- these functions are added in the
+  // socket hook.  Eventually, it would be better if as much of
+  // that logic as possible was normalized in one place here.)
 
   // Access to server port, if available
-  if (req._sails.hooks.http) {
-    var nodeHTTPServer = req._sails.hooks.http.server;
+  if (sails.hooks.http) {
+    var nodeHTTPServer = sails.hooks.http.server;
     var nodeHTTPServerAddress = (nodeHTTPServer && nodeHTTPServer.address && nodeHTTPServer.address()) || {};
     req.port = req.port || (nodeHTTPServerAddress && nodeHTTPServerAddress.port) || 80;
   }
 
   // Set req.port and req.baseUrl using the Host header and req.protocol
   //
-  // We trust req.protocol to be set by Express. But Express only delivers
-  // the host devoid of a port, so we have to delve into HTTP headers to pick
-  // out the host port ourselves.
-  var trustProxy = req.app && req.app.get('trust proxy') || false;
+  // We trust req.protocol to be set by Express when "trust proxy" is enabled.
+  // But Express only delivers the host devoid of a port, so we have to delve into
+  // HTTP headers to pick out the host port ourselves.
+  var trustProxy;
+  if (req.app && req.app.get('trust proxy')) {
+    trustProxy = req.app.get('trust proxy');
+  }
+  else if (sails.hooks.http && sails.config.http.trustProxy) {
+    trustProxy = sails.config.http.trustProxy;
+  }
+  else {
+    trustProxy = false;
+  }
+
   var host;
   if (trustProxy) {
     host = (req.header && req.header('X-Forwarded-Host') || '').split(/,\s*/)[0];
@@ -36,7 +51,7 @@ module.exports = function _mixinServerMetadata(req, res) {
 
   var protocol = req.protocol;
   var defaultPort;
-  if (protocol == 'https' || protocol == 'wss') {
+  if (protocol === 'https' || protocol === 'wss') {
     defaultPort = 443;
   } else {
     defaultPort = 80;
@@ -45,4 +60,5 @@ module.exports = function _mixinServerMetadata(req, res) {
 
   req.port = hostPort;
   req.baseUrl = req.protocol + '://' + host;
+
 };