Merge 43e2d1d073 into 79d28f03d0

Merge pull request #4346 from Sander0542/feature/security-schemes-component
API Schema Improvements
2025-10-04 11:50:09 +00:00 · 2025-02-08 23:59:34 +08:00 · 2025-02-07 12:39:49 +10:00 · 2025-02-05 22:20:21 +01:00 · 2025-02-05 22:15:12 +01:00 · 2025-02-05 18:18:50 +01:00
6 changed files with 26 additions and 5 deletions
--- a/backend/models/dead_host.js
+++ b/backend/models/dead_host.js
@@ -12,7 +12,11 @@ Model.knex(db);

 const boolFields = [
 	'is_deleted',
+	'ssl_forced',
+	'http2_support',
 	'enabled',
+	'hsts_enabled',
+	'hsts_subdomains',
 ];

 class DeadHost extends Model {
--- a/backend/models/stream.js
+++ b/backend/models/stream.js
@@ -8,8 +8,8 @@ const now         = require('./now_helper');
 Model.knex(db);

 const boolFields = [
-	'enabled',
 	'is_deleted',
+	'enabled',
 	'tcp_forwarding',
 	'udp_forwarding',
 ];
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@@ -22,8 +22,7 @@
 		"enabled",
 		"locations",
 		"hsts_enabled",
-		"hsts_subdomains",
-		"certificate"
+		"hsts_subdomains"
 	],
 	"additionalProperties": false,
 	"properties": {
--- a/backend/schema/swagger.json
+++ b/backend/schema/swagger.json
@@ -9,6 +9,15 @@
 			"url": "http://127.0.0.1:81/api"
 		}
 	],
+	"components": {
+		"securitySchemes": {
+			"bearerAuth": {
+				"type": "http",
+				"scheme": "bearer",
+				"bearerFormat": "JWT"
+			}
+		}
+	},
 	"paths": {
 		"/": {
 			"get": {
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -2,6 +2,9 @@ set $test "";
 if ($scheme = "http") {
 	set $test "H";
 }
+if ($http_x_forwarded_proto = "https") {
+	set $test "";
+}
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -1,7 +1,13 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
-proxy_set_header X-Forwarded-Proto  $scheme;
+
+set $origin_scheme $scheme;
+if ($http_x_forwarded_proto != "") {
+	set $origin_scheme $http_x_forwarded_proto;
+}
+proxy_set_header X-Forwarded-Scheme $origin_scheme;
+proxy_set_header X-Forwarded-Proto  $origin_scheme;
+
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_pass       $forward_scheme://$server:$port$request_uri;
Author	SHA1	Message	Date
Pau Capó	dcda3bf3a8	Merge `43e2d1d073` into `79d28f03d0`	2025-02-08 23:59:34 +08:00
jc21	79d28f03d0	Merge pull request #4346 from Sander0542/feature/security-schemes-component All checks were successful Close stale issues and PRs / stale (push) Successful in 4s Details API Schema Improvements	2025-02-07 12:39:49 +10:00
Sander Jochems	df48b835c4	Update order to match others	2025-02-05 22:20:21 +01:00
Sander Jochems	8a1557154a	Add certificate fields to boolFields	2025-02-05 22:15:12 +01:00
Sander Jochems	a6af5ec2c7	Remove certificate as required from proxy host	2025-02-05 18:18:50 +01:00
Sander Jochems	14d7c35fd7	Fix whitespaces	2025-02-05 17:31:09 +01:00
Sander Jochems	cfcf78aaee	Set bearer auth security component	2025-02-05 17:29:40 +01:00
Pau Capó	43e2d1d073	propagate X-Forwarded-Proto header	2024-06-22 19:15:43 +02:00
Pau Capó	81b7661849	fix logic	2024-06-22 18:08:58 +02:00
Pau Capó	54d6196d36	use tabs instead of spaces	2024-06-22 15:01:39 +02:00
Pau Capó	1a12f7f3a8	force-ssl behind another proxy using http_x_forwarded_proto	2024-06-22 14:56:52 +02:00