From 23ca70ac546faf7f219c48e65ea196b124fd96dd Mon Sep 17 00:00:00 2001 From: callum5892 Date: Tue, 17 Mar 2026 02:46:39 +0000 Subject: [PATCH] fixed trust_proxy --- docker-compose.yml | 5 ++--- src/index.js | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index baa726a..b5a6a79 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,6 @@ services: app: - build: - context: . - dockerfile: Dockerfile + image: gitea.calnet.dev/callum/binit:latest container_name: binit-app env_file: - .env @@ -11,6 +9,7 @@ services: MINIO_PORT: ${MINIO_PORT:-9000} MINIO_USE_SSL: ${MINIO_USE_SSL:-false} PORT: ${PORT:-3000} + TRUST_PROXY: ${TRUST_PROXY:-1} ports: - "3000:3000" depends_on: diff --git a/src/index.js b/src/index.js index 6ea28ae..845b22a 100644 --- a/src/index.js +++ b/src/index.js @@ -10,6 +10,33 @@ const pastesRouter = require('./routes/pastes'); const app = express(); const PORT = process.env.PORT || 3000; +function parseTrustProxy(value) { + if (typeof value !== 'string') { + return false; + } + + const normalized = value.trim(); + if (!normalized) { + return false; + } + + const lower = normalized.toLowerCase(); + if (['false', 'off', 'no', '0'].includes(lower)) { + return false; + } + + if (['true', 'on', 'yes'].includes(lower)) { + return true; + } + + const count = Number.parseInt(normalized, 10); + if (String(count) === normalized && Number.isFinite(count) && count >= 0) { + return count; + } + + return normalized; +} + function envInt(name, fallback) { const raw = process.env[name]; if (!raw) { @@ -26,9 +53,9 @@ const CREATE_LIMIT_MAX = envInt('RATE_LIMIT_CREATE_MAX', 40); app.disable('x-powered-by'); -// If deployed behind a reverse proxy/load balancer, set TRUST_PROXY=true. -if (process.env.TRUST_PROXY === 'true') { - app.set('trust proxy', 1); +const trustProxy = parseTrustProxy(process.env.TRUST_PROXY); +if (trustProxy !== false) { + app.set('trust proxy', trustProxy); } app.use(helmet({