async def test_x_forwarded_strict_untrusted_ip(test_client):
async def handler(request):
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['20.20.20.20']]))
cl = await test_client(app)
resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10'})
assert resp.status == 400
async def test_x_forwarded_strict_whitelist(test_client):
async def handler(request):
assert request.remote == '127.0.0.1'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['20.20.20.20']], white_paths=['/']))
cl = await test_client(app)
resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10'})
assert resp.status == 200
async def test_x_forwarded_strict_too_many_for(aiohttp_client):
async def handler(request):
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['127.0.0.1']]))
cl = await aiohttp_client(app)
resp = await cl.get(
'/', headers={'X-Forwarded-For': '10.10.10.10, 11.11.11.11'})
assert resp.status == 400
async def test_x_forwarded_strict_no_host(aiohttp_client):
async def handler(request):
assert request.host.startswith('127.0.0.1:')
assert request.scheme == 'https'
assert request.remote == '10.10.10.10'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['127.0.0.1']]))
cl = await aiohttp_client(app)
resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10',
'X-Forwarded-Proto': 'https'})
assert resp.status == 200
async def test_x_forwarded_strict_no_proto(test_client):
async def handler(request):
assert request.host == 'example.com'
assert request.scheme == 'http'
assert request.remote == '10.10.10.10'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['127.0.0.1']]))
cl = await test_client(app)
resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10',
'X-Forwarded-Host': 'example.com'})
assert resp.status == 200
async def test_x_forwarded_strict_too_many_headers(aiohttp_client):
async def handler(request):
assert request.host == 'example.com'
assert request.scheme == 'https'
assert request.secure
assert request.remote == '10.10.10.10'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, XForwardedStrict([['127.0.0.1']]))
cl = await aiohttp_client(app)
resp = await cl.get('/', headers=[('X-Forwarded-For', '10.10.10.10'),
('X-Forwarded-Proto', 'https'),
('X-Forwarded-Proto', 'http'),
('X-Forwarded-Host', 'example.com')])
assert resp.status == 400
def log(self, request, response, time):
self.logger.info(
f'[{datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")}] '
f'{request.remote} '
f'"{request.method} {request.rel_url}" '
f'done in {time}s: {response.status} '
f'- "{request.headers.get("User-Agent")}"')
if __name__ == '__main__':
app = web.Application()
loop = asyncio.get_event_loop()
if cfg.get('proxy', {}).get('enabled', False):
loop.run_until_complete(
remotes_setup(
app, XForwardedStrict([cfg.get('proxy', {}).get('trusted')])))
# generate key
secret_key = urlsafe_b64decode(Fernet.generate_key())
session_setup(app, EncryptedCookieStorage(secret_key))
aiohttp_jinja2.setup(app,
loader=jinja2.FileSystemLoader(
str(
path.join(path.dirname(__file__),
'res/templates/'))))
dc = cfg["discord"]
auth_app = oauth2_app(
client_id=dc['client_id'],
client_secret=dc['client_secret'],
authorize_url="https://discordapp.com/api/oauth2/authorize",
token_url="https://discordapp.com/api/oauth2/token",
scopes=["identify"],