Context: clean up (useProxy) methods now we have setTrustProxy

Add router.domain operator now we have setTrustProxy fix #1292
fix #1644 fix #1645

Author: jknack

docs/asciidoc/handlers.adoc

@@ -10,8 +10,6 @@ include::handlers/csrf.adoc[]
 
 include::handlers/head.adoc[]
 
-include::handlers/proxy-peer-address.adoc[]
-
 include::handlers/rate-limit.adoc[]
 
 include::handlers/ssl.adoc[]

docs/asciidoc/handlers/access-log.adoc

@@ -57,5 +57,5 @@ Extra request or response headers can be appended at the end using the available
 [TIP]
 ====
 If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-please consider to add the <<handlers-proxypeeraddresshandler, ProxyPeerAddressHandler>> to your pipeline.
+please consider to use <<router-trust-proxy, trust proxy>> option.
 ====

docs/asciidoc/handlers/proxy-peer-address.adoc

@@ -42,8 +42,7 @@ import io.jooby.SSHandler
 <1> Install SSLHandler
 
 The SSL Handler recreates the HTTPs URL version using the `Host` header, if you are behind a proxy
-you will need to use the `X-Forwarded-Host` header. To do that install the 
-<<handlers-proxypeeraddresshandler, ProxyPeerAddressHandler>> into your pipeline.
+you will need to use the `X-Forwarded-Host` header. To do that set the <<router-trust-proxy, trust proxy>> option.
 
 Optionally, you can specify the host to use:
 

docs/asciidoc/handlers/ssl.adoc

@@ -1116,6 +1116,61 @@ one or more routes under a common path pattern.
 <3> `GET /api/user`
 <4> `POST /api/user`
 
+=== Trust Proxy
+
+The javadoc:Router[setTrustProxy, boolean] option enables parsing of `X-Forwarded-*` headers.
+
+.Usage
+[source, java, role = "primary"]
+----
+import io.jooby.Jooby;
+import io.jooby.ProxyPeerAddressHandler;
+...
+{
+  
+  setTrustProxy(true)                                 <1>
+
+  get("/", ctx -> {
+    String remoteAddress = ctx.getRemoteAddress();    <2>
+    String scheme = ctx.getScheme();                  <3>
+    String host = ctx.getHost();                      <4>
+    int port = ctx.getPort();                         <5>
+    ...
+  });
+}
+----
+
+.Kotlin
+[source, kotlin, role = "secondary"]
+----
+import io.jooby.Jooby
+import io.jooby.ProxyPeerAddressHandler
+...
+{
+  trustProxy = true                                   <1>
+  
+  get("/") {
+    val remoteAddress = ctx.remoteAddress             <2>
+    val scheme = ctx.scheme                           <3>
+    val host = ctx.host                               <4>
+    val port = ctx.port                               <5>
+    ...
+  }
+}
+----
+
+<1> Set trust proxy
+<2> Set `remote address` from `X-Forwarded-For`
+<3> Set `scheme` from `X-Forwarded-Proto`
+<4> Set `host` from `X-Forwarded-Host`
+<5> Set `port` from `X-Forwarded-Host` or `X-Forwarded-Port`
+
+[IMPORTANT]
+====
+This should only be installed behind a reverse proxy that has been configured to send the
+`X-Forwarded-*` header, otherwise a remote user can spoof their address by sending a header with
+bogus values.
+====
 
 === Composing routes
 

docs/asciidoc/routing.adoc

@@ -30,7 +30,7 @@
  * </p>
  *
  * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
- * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+ * please consider to set {@link Router#setTrustProxy(boolean)} option.
  *
  * <h2>usage</h2>
  *

jooby/src/main/java/io/jooby/AccessLogHandler.java

@@ -453,7 +453,7 @@ public interface Context extends Registry {
    * Recreates full/entire request url using the <code>Host</code> header.
    *
    * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-   * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+   * please consider to set {@link Router#setTrustProxy(boolean)} option.
    *
    * @return Full/entire request url using the <code>Host</code> header.
    */
@@ -463,43 +463,18 @@ public interface Context extends Registry {
    * Recreates full/entire request url using the <code>Host</code> header.
    *
    * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-   * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+   * please consider to set {@link Router#setTrustProxy(boolean)} option.
    *
    * @param path Path to use.
    * @return Full/entire request url using the <code>Host</code> header.
    */
   @Nonnull String getRequestURL(@Nonnull String path);
 
-  /**
-   * Recreates full/entire request url using the <code>X-Forwarded-Host</code> when present
-   * or fallback to <code>Host</code> header when missing.
-   *
-   * @param useProxy True to trust/use the <code>X-Forwarded-Host</code>.
-   * @return Full/entire request url using the <code>X-Forwarded-Host</code> when present
-   *     or fallback to <code>Host</code> header when missing.
-   * @deprecated Use {@link ProxyPeerAddressHandler}.
-   */
-  @Deprecated
-  @Nonnull String getRequestURL(boolean useProxy);
-
-  /**
-   * Recreates full/entire request url using the <code>X-Forwarded-Host</code> when present
-   * or fallback to <code>Host</code> header when missing.
-   *
-   * @param path Path to use.
-   * @param useProxy True to trust/use the <code>X-Forwarded-Host</code>.
-   * @return Full/entire request url using the <code>X-Forwarded-Host</code> when present
-   *     or fallback to <code>Host</code> header when missing.
-   * @deprecated Use {@link ProxyPeerAddressHandler}.
-   */
-  @Deprecated
-  @Nonnull String getRequestURL(@Nonnull String path, boolean useProxy);
-
   /**
    * The IP address of the client or last proxy that sent the request.
    *
    * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-   * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+   * please consider to set {@link Router#setTrustProxy(boolean)} option.
    *
    * @return The IP address of the client or last proxy that sent the request.
    */
@@ -519,7 +494,7 @@ public interface Context extends Registry {
    * {@link #setHost(String)} method.
    *
    * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-   * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+   * please consider to set {@link Router#setTrustProxy(boolean)} option.
    *
    * @return Return the host that this request was sent to, in general this will be the
    *     value of the Host header, minus the port specifier.
@@ -541,25 +516,13 @@ public interface Context extends Registry {
    * value of the Host.
    *
    * If you run behind a reverse proxy that has been configured to send the X-Forwarded-* header,
-   * please consider to add {@link ProxyPeerAddressHandler} to your pipeline.
+   * please consider to set {@link Router#setTrustProxy(boolean)} option.
    *
    * @return Return the host that this request was sent to, in general this will be the
    *     value of the Host header.
    */
   @Nonnull String getHostAndPort();
 
-  /**
-   * Return the host and port that this request was sent to, in general this will be the
-   * value of the Host or X-Forwarded-Host header.
-   *
-   * @param useProxy When true this method looks for host data in the X-Forwarded-Host header.
-   * @return Return the host that this request was sent to, in general this will be the
-   *     value of the Host header.
-   * @deprecated Use {@link ProxyPeerAddressHandler}.
-   */
-  @Deprecated
-  @Nonnull String getHostAndPort(boolean useProxy);
-
   /**
    * Return the port that this request was sent to. In general this will be the value of the Host
    * header, minus the host name.

jooby/src/main/java/io/jooby/Context.java

@@ -31,6 +31,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 /***
  * Like {@link Context} but with couple of default methods.
@@ -220,18 +221,10 @@ public interface DefaultContext extends Context {
   }
 
   @Override default @Nonnull String getRequestURL() {
-    return getRequestURL(false);
+    return getRequestURL("");
   }
 
   @Override default @Nonnull String getRequestURL(@Nonnull String path) {
-    return getRequestURL(path, false);
-  }
-
-  @Override default @Nonnull String getRequestURL(boolean useProxy) {
-    return getRequestURL("", useProxy);
-  }
-
-  @Override default @Nonnull String getRequestURL(@Nonnull String path, boolean useProxy) {
     String scheme = getScheme();
     String host = getHost();
     int port = getPort();
@@ -274,20 +267,17 @@ public interface DefaultContext extends Context {
   }
 
   @Override default @Nullable String getHostAndPort() {
-    return getHostAndPort(false);
-  }
-
-  @Override default @Nullable String getHostAndPort(boolean useProxy) {
-    return header(useProxy ? "X-Forwarded-Host" : "Host").toOptional()
-        .map(value -> {
-          int i = value.indexOf(',');
-          String host = i > 0 ? value.substring(0, i).trim() : value;
-          if (host.startsWith("[") && host.endsWith("]")) {
-            return host.substring(1, host.length() - 1).trim();
-          }
-          return host;
-        })
-        .orElseGet(() -> getServerHost() + ":" + getServerPort());
+    Optional<String> header = getRouter().isTrustProxy()
+        ? header("X-Forwarded-Host").toOptional()
+        : Optional.empty();
+    String value = header
+        .orElseGet(() -> header("Host").value(getServerHost() + ":" + getServerPort()));
+    int i = value.indexOf(',');
+    String host = i > 0 ? value.substring(0, i).trim() : value;
+    if (host.startsWith("[") && host.endsWith("]")) {
+      return host.substring(1, host.length() - 1).trim();
+    }
+    return host;
   }
 
   @Override default @Nonnull String getServerHost() {

jooby/src/main/java/io/jooby/DefaultContext.java

@@ -254,26 +254,14 @@ public ForwardingContext(@Nonnull Context context) {
     return ctx.getHostAndPort();
   }
 
-  @Nullable @Override public String getHostAndPort(boolean useProxy) {
-    return ctx.getHostAndPort(useProxy);
-  }
-
   @Nonnull @Override public String getRequestURL() {
     return ctx.getRequestURL();
   }
 
-  @Nonnull @Override public String getRequestURL(boolean useProxy) {
-    return ctx.getRequestURL(useProxy);
-  }
-
   @Nonnull @Override public String getRequestURL(@Nonnull String path) {
     return ctx.getRequestURL(path);
   }
 
-  @Nonnull @Override public String getRequestURL(@Nonnull String path, boolean useProxy) {
-    return ctx.getRequestURL(path, useProxy);
-  }
-
   @Override @Nonnull public String getProtocol() {
     return ctx.getProtocol();
   }