Dynamic Configuration Refactoring

old/middlewares/forwardedheaders/forwarded_header.go

@@ -0,0 +1,52 @@
+package forwardedheaders
+
+import (
+	"net/http"
+
+	"github.com/containous/traefik/ip"
+	"github.com/vulcand/oxy/forward"
+	"github.com/vulcand/oxy/utils"
+)
+
+// XForwarded filter for XForwarded headers
+type XForwarded struct {
+	insecure   bool
+	trustedIps []string
+	ipChecker  *ip.Checker
+}
+
+// NewXforwarded creates a new XForwarded
+func NewXforwarded(insecure bool, trustedIps []string) (*XForwarded, error) {
+	var ipChecker *ip.Checker
+	if len(trustedIps) > 0 {
+		var err error
+		ipChecker, err = ip.NewChecker(trustedIps)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &XForwarded{
+		insecure:   insecure,
+		trustedIps: trustedIps,
+		ipChecker:  ipChecker,
+	}, nil
+}
+
+func (x *XForwarded) isTrustedIP(ip string) bool {
+	if x.ipChecker == nil {
+		return false
+	}
+	return x.ipChecker.IsAuthorized(ip) == nil
+}
+
+func (x *XForwarded) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+	if !x.insecure && !x.isTrustedIP(r.RemoteAddr) {
+		utils.RemoveHeaders(r.Header, forward.XHeaders...)
+	}
+
+	// If there is a next, call it.
+	if next != nil {
+		next(w, r)
+	}
+}