Merge 6c5dbf54e7 into 79d28f03d0

Merge pull request #4346 from Sander0542/feature/security-schemes-component
API Schema Improvements
2025-10-04 03:40:10 +00:00 · 2025-02-08 23:59:14 +08:00 · 2025-02-07 12:39:49 +10:00 · 2025-02-05 22:20:21 +01:00 · 2025-02-05 22:15:12 +01:00 · 2025-02-05 18:18:50 +01:00
8 changed files with 28 additions and 8 deletions
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@@ -12,7 +12,11 @@ Model.knex(db);
 const boolFields = [
 	'is_deleted',
 	'ssl_forced',
 	'http2_support',
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
 ];
 class DeadHost extends Model {
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@@ -8,8 +8,8 @@ const now         = require('./now_helper');
 Model.knex(db);
 const boolFields = [
 	'enabled',
 	'is_deleted',
 	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -22,8 +22,7 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains",
+		"hsts_subdomains"
 		"certificate"
 	],
 	"additionalProperties": false,
 	"properties": {
--- a/backend/schema/swagger.json
+++ b/backend/schema/swagger.json
@@ -9,6 +9,15 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
 	"components": {
 		"securitySchemes": {
 			"bearerAuth": {
 				"type": "http",
 				"scheme": "bearer",
 				"bearerFormat": "JWT"
 			}
 		}
 	},
 	"paths": {
 		"/": {
 			"get": {
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@@ -2,8 +2,8 @@
    {{ advanced_config }}
    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Scheme $scheme;
+    proxy_set_header X-Forwarded-Scheme $resolved_proto;
-    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-Proto  $resolved_proto;
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -4,6 +4,8 @@
 {% include "_hsts_map.conf" %}
 include conf.d/include/resolved_proto_map.conf;
 server {
  set $forward_scheme {{ forward_scheme }};
  set $server         "{{ forward_host }}";
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -1,8 +1,7 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
+proxy_set_header X-Forwarded-Scheme $resolved_proto;
-proxy_set_header X-Forwarded-Proto  $scheme;
+proxy_set_header X-Forwarded-Proto  $resolved_proto;
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_pass       $forward_scheme://$server:$port$request_uri;
--- a/docker/rootfs/etc/nginx/conf.d/include/resolved_proto_map.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/resolved_proto_map.conf
@@ -0,0 +1,7 @@
 # Resolve the effective protocol: use X-Forwarded-Proto if set
 # (e.g., from proxies like Cloudflare or AWS)
 # otherwise fall back to the current scheme.
 map $http_x_forwarded_proto $resolved_proto {
    default $scheme;
    ~.+ $http_x_forwarded_proto;
 }
Author	SHA1	Message	Date
Seyed Mansour Mirbehbahani	860c589863	Merge `6c5dbf54e7` into `79d28f03d0`	2025-02-08 23:59:14 +08:00
jc21	79d28f03d0	Merge pull request #4346 from Sander0542/feature/security-schemes-component All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details API Schema Improvements	2025-02-07 12:39:49 +10:00
Sander Jochems	df48b835c4	Update order to match others	2025-02-05 22:20:21 +01:00
Sander Jochems	8a1557154a	Add certificate fields to boolFields	2025-02-05 22:15:12 +01:00
Sander Jochems	a6af5ec2c7	Remove certificate as required from proxy host	2025-02-05 18:18:50 +01:00
Sander Jochems	14d7c35fd7	Fix whitespaces	2025-02-05 17:31:09 +01:00
Sander Jochems	cfcf78aaee	Set bearer auth security component	2025-02-05 17:29:40 +01:00
Seyed Mansour Mirbehbahani	6c5dbf54e7	🔼 Since `resolved_progo_map.conf` doesn't change content per host, we should put it in `/docker/rootfs/etc/nginx/conf.d/include/resolved_proto_map.conf` instead.	2024-12-29 14:49:31 +03:30
Seyed Mansour Mirbehbahani	993ce372b2	🔼 added $resolved_proto map to ensure that the X-Forwarded-Proto and X-Forwarded-Scheme headers reflect the most accurate protocol. The resolved_proto variable prioritizes the X-Forwarded-Proto header (set by sources like Cloudflare or AWS) and falls back to $scheme when unavailable, then this value is used to set Scheme and Proto instead of $scheme	2024-12-29 09:41:42 +03:30