Relocate resolveTrustProxy from main.ts (untestable — bootstraps on import) to integrations/environment/trust-proxy.util.ts and import it back. Unit-test every branch (empty/undefined -> safe loopback/private default; true/false; hop count; trim; CIDR/negative passthrough) so a regression can't silently re-open the XFF spoofing hole (#61). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
15 lines
630 B
TypeScript
15 lines
630 B
TypeScript
// Trust X-Forwarded-For ONLY from real proxies on private/loopback nets by
|
|
// default, so a public-IP client cannot spoof its IP via X-Forwarded-For.
|
|
// TRUST_PROXY env overrides: 'true'/'false', a hop count (integer), or a
|
|
// CIDR/IP list string passed through to Fastify/proxy-addr.
|
|
export function resolveTrustProxy(
|
|
rawInput?: string,
|
|
): boolean | number | string {
|
|
const raw = rawInput?.trim();
|
|
if (raw == null || raw === '') return 'loopback, linklocal, uniquelocal';
|
|
if (raw === 'true') return true;
|
|
if (raw === 'false') return false;
|
|
const n = Number(raw);
|
|
return Number.isInteger(n) && n >= 0 ? n : raw;
|
|
}
|