From c6e3ed448dbdf7f1e6bc7810c27ea5086df74b7e Mon Sep 17 00:00:00 2001
From: Darren <darren@darrenwhitlen.com>
Date: Fri, 26 Oct 2012 22:47:48 +0100
Subject: [PATCH] Reverse HTTP proxies enabled on sicket.io connections

---
 server/config.js      |  3 +++
 server/weblistener.js | 30 ++++++++++++++++++++++++------
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/server/config.js b/server/config.js
index a04d18b..f4b07bf 100644
--- a/server/config.js
+++ b/server/config.js
@@ -61,6 +61,9 @@ conf.ip_as_username = [
 
 
 
+// Whitelisted HTTP proxies
+conf.http_proxies = ["127.0.0.1"];
+
 // Enabled transports for the client to use
 conf.transports = [
     "websocket",
diff --git a/server/weblistener.js b/server/weblistener.js
index b024542..33e93ba 100644
--- a/server/weblistener.js
+++ b/server/weblistener.js
@@ -70,9 +70,11 @@ var WebListener = function (web_config, transports) {
     this.ws.set('transports', transports);
     this.ws.set('resource', (config.get().http_base_path || '') + '/transport');
 
-    this.ws.of('/kiwi').authorization(authoriseConnection).on('connection', function () {
-        newConnection.apply(that, arguments);
-    });
+    this.ws.of('/kiwi').authorization(authoriseConnection)
+        .on('connection', function () {
+            newConnection.apply(that, arguments);
+        }
+    );
     this.ws.of('/kiwi').on('error', console.log);
 };
 util.inherits(WebListener, events.EventEmitter);
@@ -94,13 +96,29 @@ function handleHttpRequest(request, response) {
  * Used later on for webirc, etc functionality
  */
 function authoriseConnection(handshakeData, callback) {
-    dns.reverse(handshakeData.address.address, function (err, domains) {
+    var address = handshakeData.address.address;
+
+    // If a forwarded-for header is found, switch the source address
+    if (handshakeData.headers['x-forwarded-for']) {
+        // Check we're connecting from a whitelisted proxy
+        if (!config.get().http_proxies || config.get().http_proxies.indexOf(address) < 0) {
+            console.log('Unlisted proxy:', address);
+            callback(null, false);
+            return;
+        }
+
+        // We're sent from a whitelisted proxy, replace the hosts
+        address = handshakeData.headers['x-forwarded-for'];
+    }
+
+    dns.reverse(address, function (err, domains) {
         if (err || domains.length === 0) {
-            handshakeData.revdns = handshakeData.address.address;
+            handshakeData.revdns = address;
         } else {
-            handshakeData.revdns = _.first(domains);
+            handshakeData.revdns = _.first(domains) || address;
         }
         
+        // All is well, authorise the connection
         callback(null, true);
     });
 }
-- 
2.25.1