ProxyFix changes (#960)

* Fixes insufficiently documented changes in ProxyFix * https://github.com/pallets/werkzeug/issues/1484 * Pin `Werkzeug==0.15.2` in requirements.txt * Allow exports test to parallelize
2019-04-19 02:11:09 -04:00 · 2019-04-19 02:11:09 -04:00 · 95e4060f15
parent 0fa480bc14
commit 95e4060f15
5 changed files with 66 additions and 7 deletions
--- a/CTFd/init.py
+++ b/CTFd/init.py
@ -5,7 +5,7 @@ from distutils.version import StrictVersion
 from flask import Flask, Request
 from flask_migrate import upgrade, stamp
 from werkzeug.utils import cached_property
-from werkzeug.contrib.fixers import ProxyFix
+from werkzeug.middleware.proxy_fix import ProxyFix
 from jinja2 import FileSystemLoader
 from jinja2.sandbox import SandboxedEnvironment
 from six.moves import input
@ -153,8 +153,25 @@ def create_app(config='CTFd.config.Config'):
        cache.init_app(app)
        app.cache = cache

-        if app.config.get('REVERSE_PROXY'):
-            app.wsgi_app = ProxyFix(app.wsgi_app)
+        reverse_proxy = app.config.get('REVERSE_PROXY')
+        if reverse_proxy:
+            if ',' in reverse_proxy:
+                proxyfix_args = [int(i) for i in reverse_proxy.split(',')]
+                app.wsgi_app = ProxyFix(
+                    app.wsgi_app,
+                    None,
+                    *proxyfix_args
+                )
+            else:
+                app.wsgi_app = ProxyFix(
+                    app.wsgi_app,
+                    num_proxies=None,
+                    x_for=1,
+                    x_proto=1,
+                    x_host=1,
+                    x_port=1,
+                    x_prefix=1
+                )

        version = utils.get_config('ctf_version')

--- a/CTFd/config.py
+++ b/CTFd/config.py
@ -194,6 +194,12 @@ class Config(object):

    REVERSE_PROXY:
        Specifies whether CTFd is behind a reverse proxy or not. Set to True if using a reverse proxy like nginx.
+        You can also specify a comma seperated set of numbers specifying the reverse proxy configuration settings.
+
+        See https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/#werkzeug.middleware.proxy_fix.ProxyFix.
+        For example to configure `x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1` specify `1,1,1,1,1`.
+
+        Alternatively if you specify `true` CTFd will default to the above behavior with all proxy settings set to 1.

    TEMPLATES_AUTO_RELOAD:
        Specifies whether Flask should check for modifications to templates and reload them automatically.
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,5 @@
 Flask==1.0.2
+Werkzeug==0.15.2
 Flask-SQLAlchemy==2.3.2
 Flask-Session==0.3.1
 Flask-Caching==1.4.0
--- a/tests/test_config.py
+++ b/tests/test_config.py
@ -0,0 +1,35 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from tests.helpers import (
+    create_ctfd,
+    destroy_ctfd,
+)
+from CTFd.config import TestingConfig
+
+
+def test_reverse_proxy_config():
+    """Test that REVERSE_PROXY configuration behaviors properly"""
+    class ReverseProxyConfig(TestingConfig):
+        REVERSE_PROXY = '1,2,3,4'
+
+    app = create_ctfd(config=ReverseProxyConfig)
+    with app.app_context():
+        assert app.wsgi_app.x_for == 1
+        assert app.wsgi_app.x_proto == 2
+        assert app.wsgi_app.x_host == 3
+        assert app.wsgi_app.x_port == 4
+        assert app.wsgi_app.x_prefix == 0
+    destroy_ctfd(app)
+
+    class ReverseProxyConfig(TestingConfig):
+        REVERSE_PROXY = 'true'
+
+    app = create_ctfd(config=ReverseProxyConfig)
+    with app.app_context():
+        assert app.wsgi_app.x_for == 1
+        assert app.wsgi_app.x_proto == 1
+        assert app.wsgi_app.x_host == 1
+        assert app.wsgi_app.x_port == 1
+        assert app.wsgi_app.x_prefix == 1
+    destroy_ctfd(app)
--- a/tests/utils/test_exports.py
+++ b/tests/utils/test_exports.py
@ -36,9 +36,9 @@ def test_export_ctf():
            app.db.session.commit()
            backup = export_ctf()

-            with open('export.zip', 'wb') as f:
+            with open('export.test_export_ctf.zip', 'wb') as f:
                f.write(backup.read())
-            os.remove('export.zip')
+            os.remove('export.test_export_ctf.zip')
    destroy_ctfd(app)


@ -61,7 +61,7 @@ def test_import_ctf():

            backup = export_ctf()

-            with open('export.zip', 'wb') as f:
+            with open('export.test_import_ctf.zip', 'wb') as f:
                f.write(backup.read())
    destroy_ctfd(app)

@ -69,7 +69,7 @@ def test_import_ctf():
    # TODO: These databases should work but they don't...
    if not app.config.get('SQLALCHEMY_DATABASE_URI').startswith('sqlite'):
        with app.app_context():
-            import_ctf('export.zip')
+            import_ctf('export.test_import_ctf.zip')

            if not app.config.get('SQLALCHEMY_DATABASE_URI').startswith('postgres'):
                # TODO: Dig deeper into why Postgres fails here