Skip to content

Commit 9c7fbb1

Browse files
author
Inbal Tako
committed
Add proxy headers support
1 parent 7bf92ab commit 9c7fbb1

File tree

4 files changed

+56
-21
lines changed

4 files changed

+56
-21
lines changed

src/main/java/com/securenative/SecureNative.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,10 @@ public static SecureNativeContextBuilder contextBuilder() {
8888
return SecureNativeContextBuilder.defaultContextBuilder();
8989
}
9090

91+
public SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request) {
92+
return SecureNativeContextBuilder.fromHttpServletRequest(request, this.options);
93+
}
94+
9195
public boolean verifyRequestPayload(HttpServletRequest request) throws IOException {
9296
String requestSignature = request.getHeader(SIGNATURE_HEADER);
9397
String body = request.getReader().lines().collect(Collectors.joining());

src/main/java/com/securenative/context/SecureNativeContextBuilder.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package com.securenative.context;
22

3+
import com.securenative.config.SecureNativeOptions;
34
import com.securenative.utils.RequestUtils;
45
import com.securenative.utils.Utils;
56

@@ -52,7 +53,7 @@ public static SecureNativeContextBuilder defaultContextBuilder() {
5253
return new SecureNativeContextBuilder();
5354
}
5455

55-
public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request) {
56+
public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletRequest request, SecureNativeOptions options) {
5657
Map<String, String> headers = RequestUtils.getHeadersFromRequest(request);
5758

5859
String clientToken = RequestUtils.getCookieValueFromRequest(request, RequestUtils.SECURENATIVE_COOKIE);
@@ -65,7 +66,7 @@ public static SecureNativeContextBuilder fromHttpServletRequest(HttpServletReque
6566
.withMethod(request.getMethod())
6667
.withHeaders(headers)
6768
.withClientToken(clientToken)
68-
.withIp(RequestUtils.getClientIpFromRequest(request, headers))
69+
.withIp(RequestUtils.getClientIpFromRequest(request, headers, options))
6970
.withRemoteIp(RequestUtils.getRemoteIpFromRequest(request))
7071
.withBody(null);
7172
}

src/main/java/com/securenative/utils/RequestUtils.java

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
package com.securenative.utils;
22

3+
import com.securenative.config.SecureNativeOptions;
4+
35
import javax.servlet.http.Cookie;
46
import javax.servlet.http.HttpServletRequest;
57
import java.util.*;
@@ -35,7 +37,25 @@ public static String getCookieValueFromRequest(HttpServletRequest request, Strin
3537
return null;
3638
}
3739

38-
public static String getClientIpFromRequest(HttpServletRequest request, Map<String, String> headers) {
40+
public static String getClientIpFromRequest(HttpServletRequest request, Map<String, String> headers, SecureNativeOptions options) {
41+
if (options.getProxyHeaders().size() > 0) {
42+
for (String header : options.getProxyHeaders()) {
43+
if (headers.containsKey(header)) {
44+
String headerValue = headers.get(header);
45+
46+
Optional<String> ip = Arrays.stream(headerValue.split(","))
47+
.map(String::trim)
48+
.filter(IPUtils::isIpAddress)
49+
.filter(IPUtils::isValidPublicIp)
50+
.findFirst();
51+
52+
if (ip.isPresent()) {
53+
return ip.get();
54+
}
55+
}
56+
}
57+
}
58+
3959
Optional<String> bestCandidate = Optional.empty();
4060
for (String ipHeader : ipHeaders) {
4161
if (!headers.containsKey(ipHeader)) {

src/test/java/com/securenative/context/SecureNativeContextBuilderTest.java

Lines changed: 28 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
package com.securenative.context;
22

33
import com.securenative.Maps;
4+
import com.securenative.SecureNative;
5+
import com.securenative.config.SecureNativeConfigurationBuilder;
6+
import com.securenative.config.SecureNativeOptions;
7+
import com.securenative.exceptions.SecureNativeSDKException;
48
import org.junit.jupiter.api.DisplayName;
59
import org.junit.jupiter.api.Test;
610
import org.junit.jupiter.api.Timeout;
@@ -25,16 +29,19 @@ public void createContextFromHttpServletRequestTest() {
2529
request.setRemoteAddr("51.68.201.122");
2630
request.addHeader("x-securenative", "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a");
2731

28-
SecureNativeContext context = SecureNativeContextBuilder.fromHttpServletRequest(request)
29-
.build();
32+
SecureNativeOptions options = SecureNativeConfigurationBuilder.defaultConfigBuilder().build();
33+
try {
34+
SecureNative secureNative = SecureNative.init(options);
35+
SecureNativeContext context = secureNative.fromHttpServletRequest(request).build();
3036

31-
assertThat(context.getClientToken()).isEqualTo("71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a");
32-
assertThat(context.getIp()).isEqualTo("51.68.201.122");
33-
assertThat(context.getMethod()).isEqualTo("Post");
34-
assertThat(context.getUrl()).isEqualTo("/login");
35-
assertThat(context.getRemoteIp()).isEqualTo("51.68.201.122");
36-
assertThat(context.getHeaders()).isEqualTo(Maps.defaultBuilder().put("x-securenative", "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a").build());
37-
assertThat(context.getBody()).isNull();
37+
assertThat(context.getClientToken()).isEqualTo("71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a");
38+
assertThat(context.getIp()).isEqualTo("51.68.201.122");
39+
assertThat(context.getMethod()).isEqualTo("Post");
40+
assertThat(context.getUrl()).isEqualTo("/login");
41+
assertThat(context.getRemoteIp()).isEqualTo("51.68.201.122");
42+
assertThat(context.getHeaders()).isEqualTo(Maps.defaultBuilder().put("x-securenative", "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a").build());
43+
assertThat(context.getBody()).isNull();
44+
} catch (SecureNativeSDKException ignored) {}
3845
}
3946

4047
@Test
@@ -49,16 +56,19 @@ public void createContextFromHttpServletRequestWithCookieTest() {
4956
request.setRemoteAddr("51.68.201.122");
5057
request.setCookies(new Cookie("_sn", "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"));
5158

52-
SecureNativeContext context = SecureNativeContextBuilder.fromHttpServletRequest(request)
53-
.build();
59+
SecureNativeOptions options = SecureNativeConfigurationBuilder.defaultConfigBuilder().build();
60+
try {
61+
SecureNative secureNative = SecureNative.init(options);
62+
SecureNativeContext context = secureNative.fromHttpServletRequest(request).build();
5463

55-
assertThat(context.getClientToken()).isEqualTo("71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a");
56-
assertThat(context.getIp()).isEqualTo("51.68.201.122");
57-
assertThat(context.getMethod()).isEqualTo("Post");
58-
assertThat(context.getUrl()).isEqualTo("/login");
59-
assertThat(context.getRemoteIp()).isEqualTo("51.68.201.122");
60-
assertThat(context.getHeaders()).isEqualTo(Maps.defaultBuilder().put("Cookie", "_sn=71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a").build());
61-
assertThat(context.getBody()).isNull();
64+
assertThat(context.getClientToken()).isEqualTo("71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a");
65+
assertThat(context.getIp()).isEqualTo("51.68.201.122");
66+
assertThat(context.getMethod()).isEqualTo("Post");
67+
assertThat(context.getUrl()).isEqualTo("/login");
68+
assertThat(context.getRemoteIp()).isEqualTo("51.68.201.122");
69+
assertThat(context.getHeaders()).isEqualTo(Maps.defaultBuilder().put("Cookie", "_sn=71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a").build());
70+
assertThat(context.getBody()).isNull();
71+
} catch (SecureNativeSDKException ignored) {}
6272
}
6373

6474
@Test

0 commit comments

Comments
 (0)