UNPKG

fh-dev-proxy

Version:

Enables local development requests to be proxied through the FeedHenry cloud for access to secure backend systems.

github.com/feedhenry-staff/fh-dev-proxy

feedhenry-staff/fh-dev-proxy

104 lines (88 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
'use strict'; var format = require('util').format , async = require('async') , log = require('fhlog').get('Middleware'); var requiredHeaders = [ 'x-fh-proxy-api-key', 'x-fh-proxy-instance', 'x-fh-proxy-target', 'x-fh-proxy-protocol' ]; /** * Verifies that the header security requirements have been met by the proxy. * @param {Object} req * @param {Object} res * @param {Function} next */ function verifyHeaders (req, res, next) { function onHeaderCheckComplete(err) { if (err) { log.w( 'Request from %s failed header verification.', req.headers['x-forwarded-for'] ); res.status(400).end(err); } else { verifyAuth(); } } function headerExists (header, cb) { if (req.headers[header] && typeof req.headers[header] === 'string') { cb(null, null); } else { cb(format('Header "%s" was missing from your request', header), null); } } function verifyAuth () { if (req.headers['x-fh-proxy-api-key'] === process.env['FH_APP_API_KEY'] && req.headers['x-fh-proxy-instance'] === process.env['FH_INSTANCE']) { next(); } else { res.status(401).end('API Key and/or GUID supplied was invalid.'); } } async.eachSeries(requiredHeaders, headerExists, onHeaderCheckComplete); } /** * Validates that the provided host in the request can be proxied. * * This is important as it stops abuse of the proxy to access live hosts etc. * * @param {Object} req * @param {Object} res * @param {Function} next */ function validateHost (req, res, next) { var hosts = process.env['PROXY_VALID_HOSTS'] , target = req.headers['x-fh-proxy-target']; if (!hosts || hosts === '') { log.w('Received request to proxy, but not hosts have been configured. ' + 'Please add some hosts to the PROXY_VALID_HOSTS environment variable ' + 'and redeploy your code.'); // No hosts configured, return a useful message stating this res.status(500).end('No hosts have been configured. Please update' + ' PROXY_VALID_HOSTS and add any hosts you wish to proxy'); } else { // Get hosts as an array hosts = hosts.split(',').map(function (h) { return h.trim(); }); if (hosts.indexOf(target) !== -1) { next(); } else { var msg = format('Cannot proxy request to "%s". Host not whitelisted ' + 'for proxy usage in PROXY_VALID_HOSTS', target); log.w( 'Request from %s attempted to send request to %s, but ' + 'was blocked due to it not being present in PROXY_VALID_HOSTS', req.headers['x-forwarded-for'], target ); res.status(403).end(msg); } } } module.exports = { verifyHeaders: verifyHeaders, validateHost: validateHost };