diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2020-07-09 07:34:46 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-09 07:34:46 -0400 |
| commit | 8fa7fdd4cb6f74984c6f8e73501a134284753d72 (patch) | |
| tree | 7e46f10906b96add9df75a8c9248191441ca40cc | |
| parent | Generate real events when we reject invites (#7804) (diff) | |
| download | synapse-8fa7fdd4cb6f74984c6f8e73501a134284753d72.tar.xz | |
Pass original request headers from workers to the main process. (#7797)
| -rw-r--r-- | changelog.d/7797.bugfix | 1 | ||||
| -rw-r--r-- | synapse/app/generic_worker.py | 30 |
2 files changed, 26 insertions, 5 deletions
diff --git a/changelog.d/7797.bugfix b/changelog.d/7797.bugfix new file mode 100644 index 0000000000..c1259871da --- /dev/null +++ b/changelog.d/7797.bugfix @@ -0,0 +1 @@ +Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent. diff --git a/synapse/app/generic_worker.py b/synapse/app/generic_worker.py index 27a3fc9ed6..f6792d9fc8 100644 --- a/synapse/app/generic_worker.py +++ b/synapse/app/generic_worker.py @@ -21,7 +21,7 @@ from typing import Dict, Iterable, Optional, Set from typing_extensions import ContextManager -from twisted.internet import defer, reactor +from twisted.internet import address, defer, reactor import synapse import synapse.events @@ -206,10 +206,30 @@ class KeyUploadServlet(RestServlet): if body: # They're actually trying to upload something, proxy to main synapse. - # Pass through the auth headers, if any, in case the access token - # is there. - auth_headers = request.requestHeaders.getRawHeaders(b"Authorization", []) - headers = {"Authorization": auth_headers} + + # Proxy headers from the original request, such as the auth headers + # (in case the access token is there) and the original IP / + # User-Agent of the request. + headers = { + header: request.requestHeaders.getRawHeaders(header, []) + for header in (b"Authorization", b"User-Agent") + } + # Add the previous hop the the X-Forwarded-For header. + x_forwarded_for = request.requestHeaders.getRawHeaders( + b"X-Forwarded-For", [] + ) + if isinstance(request.client, (address.IPv4Address, address.IPv6Address)): + previous_host = request.client.host.encode("ascii") + # If the header exists, add to the comma-separated list of the first + # instance of the header. Otherwise, generate a new header. + if x_forwarded_for: + x_forwarded_for = [ + x_forwarded_for[0] + b", " + previous_host + ] + x_forwarded_for[1:] + else: + x_forwarded_for = [previous_host] + headers[b"X-Forwarded-For"] = x_forwarded_for + try: result = await self.http_client.post_json_get_json( self.main_uri + request.uri.decode("ascii"), body, headers=headers |