mirror of
https://github.com/wasp-lang/wasp.git
synced 2024-10-26 17:10:02 +03:00
cleaned up trust proxy stuff
This commit is contained in:
parent
65d2744b26
commit
1a32334d7a
@ -27,8 +27,9 @@ app.use(express.json())
|
||||
app.use(express.urlencoded({ extended: false }))
|
||||
app.use(cookieParser())
|
||||
|
||||
if (config.trustProxyCount > 0) {
|
||||
app.set('trust proxy', config.trustProxyCount)
|
||||
if (config.trustProxies) {
|
||||
app.enable('trust proxy')
|
||||
console.log("Trusting proxies")
|
||||
}
|
||||
|
||||
{=# isAuthEnabled =}
|
||||
|
@ -14,8 +14,10 @@ const config = {
|
||||
port: parseInt(process.env.PORT) || 3001,
|
||||
databaseUrl: process.env.DATABASE_URL,
|
||||
// This option is sometimes needed when running behind proxies/load balancers.
|
||||
// For example, this is required for secure cookies to work on Heroku.
|
||||
// Ref: https://expressjs.com/en/guide/behind-proxies.html
|
||||
trustProxyCount: undefined,
|
||||
// For now, we only handle the boolean case.
|
||||
trustProxies: undefined,
|
||||
{=# isAuthEnabled =}
|
||||
session: {
|
||||
cookie: {
|
||||
@ -33,7 +35,7 @@ const config = {
|
||||
frontendUrl: undefined,
|
||||
},
|
||||
development: {
|
||||
trustProxyCount: parseInt(process.env.TRUST_PROXY_COUNT) || 0,
|
||||
trustProxies: toBooleanOrDefault(process.env.TRUST_PROXIES, false),
|
||||
{=# isAuthEnabled =}
|
||||
session: {
|
||||
cookie: {
|
||||
@ -44,7 +46,7 @@ const config = {
|
||||
frontendUrl: process.env.REACT_APP_URL || 'http://localhost:3000',
|
||||
},
|
||||
production: {
|
||||
trustProxyCount: parseInt(process.env.TRUST_PROXY_COUNT) || 1,
|
||||
trustProxies: toBooleanOrDefault(process.env.TRUST_PROXIES, true),
|
||||
{=# isAuthEnabled =}
|
||||
session: {
|
||||
cookie: {
|
||||
@ -59,6 +61,23 @@ const config = {
|
||||
const resolvedConfig = _.merge(config.all, config[env])
|
||||
export default resolvedConfig
|
||||
|
||||
function toBooleanOrDefault(str, defaultValue) {
|
||||
if (!str) {
|
||||
return defaultValue
|
||||
}
|
||||
|
||||
switch(str.toLowerCase()) {
|
||||
case "t":
|
||||
case "true":
|
||||
return true
|
||||
case "f":
|
||||
case "false":
|
||||
return false
|
||||
default:
|
||||
return defaultValue
|
||||
}
|
||||
}
|
||||
|
||||
export function checkCookieSecretLength(secret) {
|
||||
if (!secret || secret.length < 32) {
|
||||
throw new Error("SESSION_COOKIE_SECRET must be at least 32 characters long in production")
|
||||
|
@ -41,7 +41,7 @@ Server uses following environment variables, so you need to ensure they are set
|
||||
- `SESSION_COOKIE_NAME: string` -> name of cookie used to store session data (defaults to `"wasp_session"`).
|
||||
- `SESSION_COOKIE_MAX_AGE: int` -> max age of session cookie in milliseconds (defaults to one week).
|
||||
- `CSRF_COOKIE_NAME: string` -> name of cookie used to store csrf double submit pattern secret (defaults to `"wasp_csrf"`).
|
||||
- `TRUST_PROXY_COUNT: int` -> number of proxies for Express app to trust (defaults to `0` for dev, and `1` for prod).
|
||||
- `TRUST_PROXIES: bool` -> if Express app should trust proxies (defaults to `false` in development, and `true` in production).
|
||||
|
||||
### Deploying to Heroku
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user