async def test_x_forwarded_strict_untrusted_ip(test_client): async def handler(request): return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['20.20.20.20']])) cl = await test_client(app) resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10'}) assert resp.status == 400
async def test_x_forwarded_strict_whitelist(test_client): async def handler(request): assert request.remote == '127.0.0.1' return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['20.20.20.20']], white_paths=['/'])) cl = await test_client(app) resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10'}) assert resp.status == 200
async def test_x_forwarded_strict_too_many_for(aiohttp_client): async def handler(request): return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['127.0.0.1']])) cl = await aiohttp_client(app) resp = await cl.get( '/', headers={'X-Forwarded-For': '10.10.10.10, 11.11.11.11'}) assert resp.status == 400
async def test_x_forwarded_strict_no_host(aiohttp_client): async def handler(request): assert request.host.startswith('127.0.0.1:') assert request.scheme == 'https' assert request.remote == '10.10.10.10' return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['127.0.0.1']])) cl = await aiohttp_client(app) resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10', 'X-Forwarded-Proto': 'https'}) assert resp.status == 200
async def test_x_forwarded_strict_no_proto(test_client): async def handler(request): assert request.host == 'example.com' assert request.scheme == 'http' assert request.remote == '10.10.10.10' return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['127.0.0.1']])) cl = await test_client(app) resp = await cl.get('/', headers={'X-Forwarded-For': '10.10.10.10', 'X-Forwarded-Host': 'example.com'}) assert resp.status == 200
async def test_x_forwarded_strict_too_many_headers(aiohttp_client): async def handler(request): assert request.host == 'example.com' assert request.scheme == 'https' assert request.secure assert request.remote == '10.10.10.10' return web.Response() app = web.Application() app.router.add_get('/', handler) await _setup(app, XForwardedStrict([['127.0.0.1']])) cl = await aiohttp_client(app) resp = await cl.get('/', headers=[('X-Forwarded-For', '10.10.10.10'), ('X-Forwarded-Proto', 'https'), ('X-Forwarded-Proto', 'http'), ('X-Forwarded-Host', 'example.com')]) assert resp.status == 400
def log(self, request, response, time): self.logger.info( f'[{datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")}] ' f'{request.remote} ' f'"{request.method} {request.rel_url}" ' f'done in {time}s: {response.status} ' f'- "{request.headers.get("User-Agent")}"') if __name__ == '__main__': app = web.Application() loop = asyncio.get_event_loop() if cfg.get('proxy', {}).get('enabled', False): loop.run_until_complete( remotes_setup( app, XForwardedStrict([cfg.get('proxy', {}).get('trusted')]))) # generate key secret_key = urlsafe_b64decode(Fernet.generate_key()) session_setup(app, EncryptedCookieStorage(secret_key)) aiohttp_jinja2.setup(app, loader=jinja2.FileSystemLoader( str( path.join(path.dirname(__file__), 'res/templates/')))) dc = cfg["discord"] auth_app = oauth2_app( client_id=dc['client_id'], client_secret=dc['client_secret'], authorize_url="https://discordapp.com/api/oauth2/authorize", token_url="https://discordapp.com/api/oauth2/token", scopes=["identify"],