Pass original request headers from workers to the main process. (#7797)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-07-09 07:34:46 -0400
committer: GitHub <noreply@github.com> 2020-07-09 07:34:46 -0400
commit: 8fa7fdd4cb6f74984c6f8e73501a134284753d72 (patch)
tree: 7e46f10906b96add9df75a8c9248191441ca40cc
parent: Generate real events when we reject invites (#7804) (diff)
download: synapse-8fa7fdd4cb6f74984c6f8e73501a134284753d72.tar.xz
2 files changed, 26 insertions, 5 deletions
diff --git a/changelog.d/7797.bugfix b/changelog.d/7797.bugfix
new file mode 100644
index 0000000000..c1259871da
--- /dev/null
+++ b/changelog.d/7797.bugfix
@@ -0,0 +1 @@
+Fixes a long standing bug in worker mode where worker information was saved in the devices table instead of the original IP address and user agent.
diff --git a/synapse/app/generic_worker.py b/synapse/app/generic_worker.py
index 27a3fc9ed6..f6792d9fc8 100644
--- a/synapse/app/generic_worker.py
+++ b/synapse/app/generic_worker.py
@@ -21,7 +21,7 @@ from typing import Dict, Iterable, Optional, Set
 
 from typing_extensions import ContextManager
 
-from twisted.internet import defer, reactor
+from twisted.internet import address, defer, reactor
 
 import synapse
 import synapse.events
@@ -206,10 +206,30 @@ class KeyUploadServlet(RestServlet):
 
         if body:
             # They're actually trying to upload something, proxy to main synapse.
-            # Pass through the auth headers, if any, in case the access token
-            # is there.
-            auth_headers = request.requestHeaders.getRawHeaders(b"Authorization", [])
-            headers = {"Authorization": auth_headers}
+
+            # Proxy headers from the original request, such as the auth headers
+            # (in case the access token is there) and the original IP /
+            # User-Agent of the request.
+            headers = {
+                header: request.requestHeaders.getRawHeaders(header, [])
+                for header in (b"Authorization", b"User-Agent")
+            }
+            # Add the previous hop the the X-Forwarded-For header.
+            x_forwarded_for = request.requestHeaders.getRawHeaders(
+                b"X-Forwarded-For", []
+            )
+            if isinstance(request.client, (address.IPv4Address, address.IPv6Address)):
+                previous_host = request.client.host.encode("ascii")
+                # If the header exists, add to the comma-separated list of the first
+                # instance of the header. Otherwise, generate a new header.
+                if x_forwarded_for:
+                    x_forwarded_for = [
+                        x_forwarded_for[0] + b", " + previous_host
+                    ] + x_forwarded_for[1:]
+                else:
+                    x_forwarded_for = [previous_host]
+            headers[b"X-Forwarded-For"] = x_forwarded_for
+
             try:
                 result = await self.http_client.post_json_get_json(
                     self.main_uri + request.uri.decode("ascii"), body, headers=headers
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-07-09 07:34:46 -0400
committer	GitHub <noreply@github.com>	2020-07-09 07:34:46 -0400
commit	8fa7fdd4cb6f74984c6f8e73501a134284753d72 (patch)
tree	7e46f10906b96add9df75a8c9248191441ca40cc
parent	Generate real events when we reject invites (#7804) (diff)
download	synapse-8fa7fdd4cb6f74984c6f8e73501a134284753d72.tar.xz