Router: domain predicate + trustProxy option fix #1292

Author: jknack

jooby/src/main/java/io/jooby/Jooby.java

@@ -267,9 +267,32 @@ public Jooby use(@Nonnull Router router) {
     return router;
   }
 
+  @Override public boolean isTrustProxy() {
+    return router.isTrustProxy();
+  }
+
+  @Nonnull @Override public Jooby setTrustProxy(boolean trustProxy) {
+    this.router.setTrustProxy(trustProxy);
+    return this;
+  }
+
+  @Nonnull @Override public Router domain(@Nonnull String domain, @Nonnull Router subrouter) {
+    this.router.domain(domain, subrouter);
+    return this;
+  }
+
+  @Nonnull @Override public RouteSet domain(@Nonnull String domain, @Nonnull Runnable body) {
+    return router.domain(domain, body);
+  }
+
+  @Nonnull @Override
+  public RouteSet use(@Nonnull Predicate<Context> predicate, @Nonnull Runnable body) {
+    return router.use(predicate, body);
+  }
+
   @Nonnull @Override
-  public Jooby use(@Nonnull Predicate<Context> predicate, @Nonnull Router router) {
-    this.router.use(predicate, router);
+  public Jooby use(@Nonnull Predicate<Context> predicate, @Nonnull Router subrouter) {
+    this.router.use(predicate, subrouter);
     return this;
   }
 
@@ -452,7 +475,8 @@ public Jooby errorCode(@Nonnull Class<? extends Throwable> type,
 
   @Nonnull @Override public Path getTmpdir() {
     if (tmpdir == null) {
-      tmpdir = Paths.get(getEnvironment().getConfig().getString("application.tmpdir")).toAbsolutePath();
+      tmpdir = Paths.get(getEnvironment().getConfig().getString("application.tmpdir"))
+          .toAbsolutePath();
     }
     return tmpdir;
   }

jooby/src/main/java/io/jooby/ProxyPeerAddressHandler.java

@@ -1,3 +1,8 @@
+/**
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
 package io.jooby;
 
 import io.jooby.internal.ProxyPeerAddress;
@@ -26,11 +31,7 @@
 public class ProxyPeerAddressHandler implements Route.Decorator {
   @Nonnull @Override public Route.Handler apply(@Nonnull Route.Handler next) {
     return ctx -> {
-      ProxyPeerAddress result = ProxyPeerAddress.parse(ctx);
-      ctx.setRemoteAddress(result.getRemoteAddress());
-      ctx.setHost(result.getHost());
-      ctx.setScheme(result.getScheme());
-      ctx.setPort(result.getPort());
+      ProxyPeerAddress.parse(ctx).set(ctx);
       return next.apply(ctx);
     };
   }

jooby/src/main/java/io/jooby/Router.java

@@ -163,11 +163,92 @@ interface Match {
    */
   @Nonnull String getContextPath();
 
+  /**
+   * When true handles X-Forwarded-* headers by updating the values on the current context to
+   * match what was sent in the header(s).
+   *
+   * This should only be installed behind a reverse proxy that has been configured to send the
+   * <code>X-Forwarded-*</code> header, otherwise a remote user can spoof their address by
+   * sending a header with bogus values.
+   *
+   * The headers that are read/set are:
+   * <ul>
+   *  <li>X-Forwarded-For: Set/update the remote address {@link Context#setRemoteAddress(String)}.</li>
+   *  <li>X-Forwarded-Proto: Set/update request scheme {@link Context#setScheme(String)}.</li>
+   *  <li>X-Forwarded-Host: Set/update the request host {@link Context#setHost(String)}.</li>
+   *  <li>X-Forwarded-Port: Set/update the request port {@link Context#setPort(int)}.</li>
+   * </ul>
+   *
+   * @return True when enabled. Default is false.
+   */
+  boolean isTrustProxy();
+
+  /**
+   * When true handles X-Forwarded-* headers by updating the values on the current context to
+   * match what was sent in the header(s).
+   *
+   * This should only be installed behind a reverse proxy that has been configured to send the
+   * <code>X-Forwarded-*</code> header, otherwise a remote user can spoof their address by
+   * sending a header with bogus values.
+   *
+   * The headers that are read/set are:
+   * <ul>
+   *  <li>X-Forwarded-For: Set/update the remote address {@link Context#setRemoteAddress(String)}.</li>
+   *  <li>X-Forwarded-Proto: Set/update request scheme {@link Context#setScheme(String)}.</li>
+   *  <li>X-Forwarded-Host: Set/update the request host {@link Context#setHost(String)}.</li>
+   *  <li>X-Forwarded-Port: Set/update the request port {@link Context#setPort(int)}.</li>
+   * </ul>
+   *
+   * @param trustProxy True to enabled.
+   * @return This router.
+   */
+  @Nonnull Router setTrustProxy(boolean trustProxy);
+
   /* ***********************************************************************************************
    * use(Router)
    * ***********************************************************************************************
    */
 
+  /**
+   * Enabled routes for specific domain. Domain matching is done using the <code>host</code> header.
+   *
+   * <pre>{@code
+   * {
+   *   domain("foo.com", new FooApp());
+   *   domain("bar.com", new BarApp());
+   * }
+   * }</pre>
+   *
+   * NOTE: if you run behind a reverse proxy you might to enabled {@link #setTrustProxy(boolean)}.
+   *
+   * @param domain Predicate
+   * @param subrouter Subrouter.
+   * @return This router.
+   */
+  @Nonnull Router domain(@Nonnull String domain, @Nonnull Router subrouter);
+
+  /**
+   * Enabled routes for specific domain. Domain matching is done using the <code>host</code> header.
+   *
+   * <pre>{@code
+   * {
+   *   domain("foo.com", () -> {
+   *     get("/", ctx -> "foo");
+   *   });
+   *   domain("bar.com", () -> {
+   *     get("/", ctx -> "bar");
+   *   });
+   * }
+   * }</pre>
+   *
+   * NOTE: if you run behind a reverse proxy you might to enabled {@link #setTrustProxy(boolean)}.
+   *
+   * @param domain Predicate
+   * @param body Route action.
+   * @return This router.
+   */
+  @Nonnull RouteSet domain(@Nonnull String domain, @Nonnull Runnable body);
+
   /**
    * Import routes from given router. Predicate works like a filter and only when predicate pass
    * the routes match against the current request.
@@ -176,19 +257,45 @@ interface Match {
    *
    * <pre>{@code
    * {
-   *
    *   use(ctx -> ctx.getHost().equals("foo.com"), new FooApp());
    *   use(ctx -> ctx.getHost().equals("bar.com"), new BarApp());
    * }
    * }</pre>
    *
    * Imported routes are matched only when predicate pass.
    *
+   * NOTE: if you run behind a reverse proxy you might to enabled {@link #setTrustProxy(boolean)}.
+   *
    * @param predicate Context predicate.
-   * @param router Router to import.
+   * @param subrouter Router to import.
+   * @return This router.
+   */
+  @Nonnull Router use(@Nonnull Predicate<Context> predicate, @Nonnull Router subrouter);
+
+  /**
+   * Import routes from given action. Predicate works like a filter and only when predicate pass
+   * the routes match against the current request.
+   *
+   * Example of domain predicate filter:
+   *
+   * <pre>{@code
+   * {
+   *   use(ctx -> ctx.getHost().equals("foo.com"), () -> {
+   *     get("/", ctx -> "foo");
+   *   });
+   *   use(ctx -> ctx.getHost().equals("bar.com"), () -> {
+   *     get("/", ctx -> "bar");
+   *   });
+   * }
+   * }</pre>
+   *
+   * NOTE: if you run behind a reverse proxy you might to enabled {@link #setTrustProxy(boolean)}.
+   *
+   * @param predicate Context predicate.
+   * @param body Route action.
    * @return This router.
    */
-  @Nonnull Router use(@Nonnull Predicate<Context> predicate, @Nonnull Router router);
+  @Nonnull RouteSet use(@Nonnull Predicate<Context> predicate, @Nonnull Runnable body);
 
   /**
    * Import all routes from the given router and prefix them with the given path.

jooby/src/main/java/io/jooby/internal/ContextInitializer.java

@@ -0,0 +1,18 @@
+/**
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package io.jooby.internal;
+
+import io.jooby.Context;
+
+public interface ContextInitializer {
+  ContextInitializer PROXY_PEER_ADDRESS = ctx -> ProxyPeerAddress.parse(ctx).set(ctx);
+
+  void apply(Context ctx);
+
+  default ContextInitializer add(ContextInitializer initializer) {
+    return initializer;
+  }
+}

jooby/src/main/java/io/jooby/internal/ContextInitializerList.java

@@ -0,0 +1,36 @@
+/**
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
+package io.jooby.internal;
+
+import io.jooby.Context;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class ContextInitializerList implements ContextInitializer {
+  private List<ContextInitializer> initializers = new ArrayList<>(5);
+
+  public ContextInitializerList(ContextInitializer initializer) {
+    add(initializer);
+  }
+
+  @Override public ContextInitializer add(ContextInitializer initializer) {
+    if (!initializers.contains(initializer)) {
+      initializers.add(initializer);
+    }
+    return this;
+  }
+
+  @Override public void apply(Context ctx) {
+    for (ContextInitializer initializer : initializers) {
+      initializer.apply(ctx);
+    }
+  }
+
+  public void remove(ContextInitializer initializer) {
+    initializers.remove(initializer);
+  }
+}

jooby/src/main/java/io/jooby/internal/ProxyPeerAddress.java

@@ -1,3 +1,8 @@
+/**
+ * Jooby https://jooby.io
+ * Apache License Version 2.0 https://jooby.io/LICENSE.txt
+ * Copyright 2014 Edgar Espina
+ */
 package io.jooby.internal;
 
 import io.jooby.Context;
@@ -65,6 +70,13 @@ public int getPort() {
     return port;
   }
 
+  public void set(Context ctx) {
+    ctx.setRemoteAddress(getRemoteAddress());
+    ctx.setHost(getHost());
+    ctx.setScheme(getScheme());
+    ctx.setPort(getPort());
+  }
+
   public static ProxyPeerAddress parse(Context ctx) {
     ProxyPeerAddress result = new ProxyPeerAddress();