From cb682ac5840dd6217dc1157fd31d4116fc81870b Mon Sep 17 00:00:00 2001 From: James Allen Date: Wed, 25 Jun 2014 10:34:23 +0100 Subject: [PATCH 1/3] Add in more robust support for being behind a proxy --- services/web/app/coffee/infrastructure/Server.coffee | 6 ++++-- services/web/app/coffee/router.coffee | 3 +++ services/web/config/settings.defaults.coffee | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/services/web/app/coffee/infrastructure/Server.coffee b/services/web/app/coffee/infrastructure/Server.coffee index 22600b4e39..5290a65233 100644 --- a/services/web/app/coffee/infrastructure/Server.coffee +++ b/services/web/app/coffee/infrastructure/Server.coffee @@ -37,14 +37,16 @@ ignoreCsrfRoutes = [] app.ignoreCsrf = (method, route) -> ignoreCsrfRoutes.push new express.Route(method, route) -app.configure ()-> +app.configure () -> + if Settings.behindProxy + app.enable('trust proxy') app.use express.static(__dirname + '/../../../public', {maxAge: staticCacheAge }) app.set 'views', __dirname + '/../../views' app.set 'view engine', 'jade' app.use express.bodyParser(uploadDir: Settings.path.uploadFolder) app.use cookieParser app.use express.session - proxy: true + proxy: Settings.behindProxy cookie: maxAge: cookieSessionLength secure: Settings.secureCookie diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index 2206e495e8..b019865bf7 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -198,6 +198,9 @@ module.exports = class Router userCanSeeDropbox: true languages: [] + app.get "/ip", (req, res, next) -> + res.send("ShareLaTeX sees your IP as: #{req.ip}") + app.get '/oops-express', (req, res, next) -> next(new Error("Test error")) app.get '/oops-internal', (req, res, next) -> throw new Error("Test error") app.get '/oops-mongo', (req, res, next) -> diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee index 276e513efd..098e54e9d2 100644 --- a/services/web/config/settings.defaults.coffee +++ b/services/web/config/settings.defaults.coffee @@ -191,6 +191,11 @@ module.exports = # cookie with a secure flag (recommended). secureCookie: false + # If you are running ShareLaTeX behind a proxy (like Apache, Nginx, etc) + # then set this to true to allow it to correctly detect the forwarded IP + # address and http/https protocol information. + behindProxy: false + # Internal configs # ---------------- path: From 5aa7daa951b87a6b66cda3dc96c680401c0b364b Mon Sep 17 00:00:00 2001 From: James Allen Date: Wed, 25 Jun 2014 10:46:58 +0100 Subject: [PATCH 2/3] Fix password reset rate limit to work on ip, not email which changes every request --- .../PasswordReset/PasswordResetController.coffee | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee index 6874cbe43d..c52aa9b454 100644 --- a/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee +++ b/services/web/app/coffee/Features/PasswordReset/PasswordResetController.coffee @@ -11,13 +11,13 @@ module.exports = requestReset: (req, res)-> email = req.body.email.trim().toLowerCase() opts = - endpointName:"auto_compile" - timeInterval:60 - subjectName:email - throttle: 3 + endpointName: "password_reset_rate_limit" + timeInterval: 60 + subjectName: req.ip + throttle: 6 RateLimiter.addCount opts, (err, canCompile)-> if !canCompile - return res.send 500 + return res.send 500, { message: "Rate limit hit. Please wait a while before retrying" } PasswordResetHandler.generateAndEmailResetToken email, (err)-> if err? res.send 500, {message:err?.message} From 341570d85d5b5e30563373ac98a0f931db6d1721 Mon Sep 17 00:00:00 2001 From: James Allen Date: Wed, 25 Jun 2014 11:06:04 +0100 Subject: [PATCH 3/3] Be more verbose with ip debug output --- services/web/app/coffee/router.coffee | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index b019865bf7..cdbe2ae389 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -199,7 +199,11 @@ module.exports = class Router languages: [] app.get "/ip", (req, res, next) -> - res.send("ShareLaTeX sees your IP as: #{req.ip}") + res.send({ + ip: req.ip + ips: req.ips + headers: req.headers + }) app.get '/oops-express', (req, res, next) -> next(new Error("Test error")) app.get '/oops-internal', (req, res, next) -> throw new Error("Test error")