From d172de8eea8fe08c317b32f6d6c6dd5e747e8fd1 Mon Sep 17 00:00:00 2001
From: Russell Jenkins <veryrusty@gmail.com>
Date: Thu, 22 May 2014 22:13:37 +1000
Subject: [PATCH 1/5] Plack middleware for request header munging when behind a
 reverse proxy

Uses existing plack middlewares (ReverseProxy and ReverseProxyPath) to
handle all request header modification when operating behing a proxy. Allows
for variants (eg HTTP_X_FORWARDED_PROTOCOL) supported by Dancer(2) but not
from those existing ReverseProxy middleware.

Special cases REQUEST_BASE header to work with ReverseProxyPath so proxies
from/to non-root paths "just work"(tm). (Alternate to #571.)

As a middleware, devs get more flexability as to where to apply it; they can
use Plack::Builder to wrap this around their app as well as further path/header
altering middleware. This could be released as a seperate package; its not
Dancer2 specific.
---
 lib/Dancer2/Middleware/BehindProxy.pm | 58 +++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 lib/Dancer2/Middleware/BehindProxy.pm

diff --git a/lib/Dancer2/Middleware/BehindProxy.pm b/lib/Dancer2/Middleware/BehindProxy.pm
new file mode 100644
index 000000000..a4adf00ff
--- /dev/null
+++ b/lib/Dancer2/Middleware/BehindProxy.pm
@@ -0,0 +1,58 @@
+package Dancer2::Middleware::BehindProxy;
+# ABSTRACT: Support Dancer2 apps when operating behing a reverse proxy
+
+use warnings;
+use strict;
+
+use parent 'Plack::Middleware';
+use Plack::Middleware::ReverseProxy;
+use Plack::Middleware::ReverseProxyPath;
+
+sub call {
+    my($self, $env) = @_;
+
+    # Plack::Middleware::ReverseProxy only supports
+    # HTTP_X_FORWARDED_PROTO whereas Dancer2 also supports
+    # HTTP_X_FORWARDED_PROTOCOL and HTTP_FORWARDED_PROTO
+    for my $header (qw/HTTP_X_FORWARDED_PROTOCOL HTTP_FORWARDED_PROTO/) {
+        if ( ! $env->{HTTP_X_FORWARDED_PROTO}
+             && $env->{$header} )
+        {
+            $env->{HTTP_X_FORWARDED_PROTO} = $env->{$header};
+            last;
+        }
+    }
+
+    # Pr#503 added support for HTTP_X_FORWARDED_HOST containing multiple
+    # values. Plack::Middleware::ReverseProxy takes the last (most recent)
+    # whereas that #503 takes the first.
+    if ( $env->{HTTP_X_FORWARDED_HOST} ) {
+        my @hosts = split /\s*,\s*/, $env->{HTTP_X_FORWARDED_HOST}, 2;
+        $env->{HTTP_X_FORWARDED_HOST} = $hosts[0];
+    }
+
+    # Plack::Middleware::ReverseProxyPath uses X-Forwarded-Script-Name
+    # whereas Dancer previously supported HTTP_REQUEST_BASE
+    if ( ! $env->{HTTP_X_FORWARDED_SCRIPT_NAME}
+         && $env->{HTTP_REQUEST_BASE} )
+    {
+         $env->{HTTP_X_FORWARDED_SCRIPT_NAME} = $env->{HTTP_REQUEST_BASE};
+    }
+
+    # Wrap in reverse proxy middleware and call the wrapped app
+    my $app = Plack::Middleware::ReverseProxyPath->wrap($self->app);
+    $app = Plack::Middleware::ReverseProxy->wrap($app);
+    return $app->($env);
+}
+
+1;
+
+__END__
+
+=head1 DESCRIPTION
+
+Modifies request headers supported by L<Dancer2> altered by reverse proxies before
+wraping the request in the commonly used reverse proxy PSGI middlewares;
+L<Plack::Middleware::ReverseProxy> and L<Plack::Middleware::ReverseProxyPath>.
+
+=cut

From 5b495cd29751c17a75bfd81687dd75fc86043847 Mon Sep 17 00:00:00 2001
From: Russell Jenkins <veryrusty@gmail.com>
Date: Thu, 22 May 2014 22:34:42 +1000
Subject: [PATCH 2/5] Apply BehindProxy middleware when behind_proxy is set

  set behind_proxy => 1;

We now 'use' the middleware directly rather than letting Plack::Builder
load it for us. May allow earlier version of Plack to be used as a dependency.
---
 lib/Dancer2/Core/App.pm    | 10 ++++++++--
 lib/Dancer2/Core/Runner.pm |  1 -
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/Dancer2/Core/App.pm b/lib/Dancer2/Core/App.pm
index 6c9ea6737..d8453a847 100644
--- a/lib/Dancer2/Core/App.pm
+++ b/lib/Dancer2/Core/App.pm
@@ -17,6 +17,7 @@ use Plack::Middleware::FixMissingBodyInRedirect;
 use Plack::Middleware::Head;
 use Plack::Middleware::Conditional;
 use Plack::Middleware::ConditionalGET;
+use Dancer2::Middleware::BehindProxy;
 
 use Dancer2::FileUtils 'path';
 use Dancer2::Core;
@@ -1419,10 +1420,15 @@ sub to_app {
 
     # Wrap with common middleware
     if ( ! $self->config->{'no_default_middleware'} ) {
+        # BehindProxy (this is not runtime configurable)
+        $self->config->{'behind_proxy'}
+            and $psgi = Dancer2::Middleware::BehindProxy->wrap($psgi);
+
         # FixMissingBodyInRedirect
-        $psgi = Plack::Middleware::FixMissingBodyInRedirect->wrap( $psgi );
+        $psgi = Plack::Middleware::FixMissingBodyInRedirect->wrap($psgi);
+
         # Apply Head. After static so a HEAD request on static content DWIM.
-        $psgi = Plack::Middleware::Head->wrap( $psgi );
+        $psgi = Plack::Middleware::Head->wrap($psgi);
     }
 
     return $psgi;
diff --git a/lib/Dancer2/Core/Runner.pm b/lib/Dancer2/Core/Runner.pm
index ceea52e02..b76f224ad 100644
--- a/lib/Dancer2/Core/Runner.pm
+++ b/lib/Dancer2/Core/Runner.pm
@@ -7,7 +7,6 @@ use Module::Runtime 'require_module';
 use Dancer2::Core::MIME;
 use Dancer2::Core::Types;
 use Dancer2::Core::Dispatcher;
-use Plack::Builder qw();
 use Ref::Util qw< is_ref is_regexpref >;
 
 # Hashref of configurable items for the runner.

From 047a1c8570d3d64d5a14d5363ac51bd09381b5ea Mon Sep 17 00:00:00 2001
From: Russell Jenkins <veryrusty@gmail.com>
Date: Thu, 22 May 2014 22:47:19 +1000
Subject: [PATCH 3/5] Remove behind_proxy handling from D2::Core::Request

---
 lib/Dancer2/Core/Request.pm | 29 +++--------------------------
 t/request.t                 | 25 -------------------------
 2 files changed, 3 insertions(+), 51 deletions(-)

diff --git a/lib/Dancer2/Core/Request.pm b/lib/Dancer2/Core/Request.pm
index b545437ab..e33fd4764 100644
--- a/lib/Dancer2/Core/Request.pm
+++ b/lib/Dancer2/Core/Request.pm
@@ -130,40 +130,17 @@ sub _set_route_params {
 # XXX: incompatible with Plack::Request
 sub uploads { $_[0]->{'uploads'} }
 
-sub is_behind_proxy { $_[0]->{'is_behind_proxy'} || 0 }
-
 sub host {
-    my ($self) = @_;
-
-    if ( $self->is_behind_proxy and exists $self->env->{'HTTP_X_FORWARDED_HOST'} ) {
-        my @hosts = split /\s*,\s*/, $self->env->{'HTTP_X_FORWARDED_HOST'}, 2;
-        return $hosts[0];
-    } else {
-        return $self->env->{'HTTP_HOST'};
-    }
+    return shift->env->{'HTTP_HOST'};
 }
 
 # aliases, kept for backward compat
 sub agent                 { shift->user_agent }
 sub remote_address        { shift->address }
+
 sub forwarded_for_address { shift->env->{'HTTP_X_FORWARDED_FOR'} }
 sub forwarded_host        { shift->env->{'HTTP_X_FORWARDED_HOST'} }
-
-# there are two options
-sub forwarded_protocol    {
-    $_[0]->env->{'HTTP_X_FORWARDED_PROTO'}    ||
-    $_[0]->env->{'HTTP_X_FORWARDED_PROTOCOL'} ||
-    $_[0]->env->{'HTTP_FORWARDED_PROTO'}
-}
-
-sub scheme {
-    my ($self) = @_;
-    my $scheme = $self->is_behind_proxy
-               ? $self->forwarded_protocol
-               : '';
-
-    return $scheme || $self->env->{'psgi.url_scheme'};
-}
+sub forwarded_protocol    { shift->env->{'HTTP_X_FORWARDED_PROTO'} }
 
 sub serializer { $_[0]->{'serializer'} }
 
diff --git a/t/request.t b/t/request.t
index 4e087f983..92e1573bb 100644
--- a/t/request.t
+++ b/t/request.t
@@ -97,31 +97,6 @@ sub run_test {
         is $req->base, 'http://oddhostname:5000/foo';
     }
 
-    note "testing behind proxy"; {
-        my $req = Dancer2::Core::Request->new(
-            env             => $env,
-            is_behind_proxy => 1
-        );
-        is $req->secure, 1;
-        is $req->host,   $env->{HTTP_X_FORWARDED_HOST};
-        is $req->scheme, 'https';
-    }
-
-    note "testing behind proxy when optional headers are not set"; {
-		# local modifications to env:
-        local $env->{HTTP_HOST} = 'oddhostname:5000';
-        delete local $env->{'HTTP_X_FORWARDED_FOR'};
-        delete local $env->{'HTTP_X_FORWARDED_HOST'};
-        delete local $env->{'HTTP_X_FORWARDED_PROTOCOL'};
-        my $req = Dancer2::Core::Request->new(
-            env             => $env,
-            is_behind_proxy => 1
-        );
-        is ! $req->secure, 1;
-        is $req->host,   'oddhostname:5000';
-        is $req->scheme, 'http';
-    }
-
     note "testing path and uri_base"; {
         # Base env used for path and uri_base tests
         my $base = {

From 2767a9c9ad4e027d41e705243600a753a012a49b Mon Sep 17 00:00:00 2001
From: Russell Jenkins <veryrusty@gmail.com>
Date: Thu, 22 May 2014 22:51:55 +1000
Subject: [PATCH 4/5] Add ReverseProxy and ReverseProxyPath middlewares as deps

---
 cpanfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cpanfile b/cpanfile
index 3933401cf..183d4fe3f 100644
--- a/cpanfile
+++ b/cpanfile
@@ -30,6 +30,8 @@ requires 'Path::Tiny';
 requires 'Plack', '1.0040';
 requires 'Plack::Middleware::FixMissingBodyInRedirect';
 requires 'Plack::Middleware::RemoveRedundantBody';
+requires 'Plack::Middleware::ReverseProxy';
+requires 'Plack::Middleware::ReverseProxyPath';
 requires 'POSIX';
 requires 'Ref::Util';
 requires 'Safe::Isa';

From 2faca00a9a6ac680267a176666d8d588a6026727 Mon Sep 17 00:00:00 2001
From: Sawyer X <xsawyerx@cpan.org>
Date: Thu, 31 Mar 2022 17:30:47 +0200
Subject: [PATCH 5/5] Update test and remove lingering keys in request

---
 lib/Dancer2/Core/App.pm     |  9 ++++-----
 lib/Dancer2/Core/Request.pm | 10 ++++------
 t/issues/gh-730.t           |  2 +-
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/lib/Dancer2/Core/App.pm b/lib/Dancer2/Core/App.pm
index d8453a847..98e418d18 100644
--- a/lib/Dancer2/Core/App.pm
+++ b/lib/Dancer2/Core/App.pm
@@ -1593,12 +1593,11 @@ sub build_request {
 
     # If we have an app, send the serialization engine
     my $request = Dancer2::Core::Request->new(
-          env             => $env,
-          is_behind_proxy => $self->settings->{'behind_proxy'} || 0,
+        env => $env,
 
-          $self->has_serializer_engine
-              ? ( serializer => $self->serializer_engine )
-              : (),
+        $self->has_serializer_engine
+        ? ( serializer => $self->serializer_engine )
+        : (),
     );
 
     return $request;
diff --git a/lib/Dancer2/Core/Request.pm b/lib/Dancer2/Core/Request.pm
index e33fd4764..c7b7879ad 100644
--- a/lib/Dancer2/Core/Request.pm
+++ b/lib/Dancer2/Core/Request.pm
@@ -44,7 +44,7 @@ our $XS_HTTP_COOKIES       = eval { require_module('HTTP::XSCookies'); 1; };
 
 our $_id = 0;
 
-# self->new( env => {}, serializer => $s, is_behind_proxy => 0|1 )
+# self->new( env => {}, serializer => $s  )
 sub new {
     my ( $class, @args ) = @_;
 
@@ -65,9 +65,8 @@ sub new {
     }
 
     # additionally supported attributes
-    $self->{'id'}              = ++$_id;
-    $self->{'vars'}            = {};
-    $self->{'is_behind_proxy'} = !!$opts{'is_behind_proxy'};
+    $self->{'id'}   = ++$_id;
+    $self->{'vars'} = {};
 
     $opts{'body_params'}
         and $self->{'_body_params'} = $opts{'body_params'};
@@ -566,8 +565,7 @@ sub _shallow_clone {
     $new_request->{headers}       = $self->headers;
 
     # Copy remaining settings
-    $new_request->{is_behind_proxy} = $self->{is_behind_proxy};
-    $new_request->{vars}            = $self->{vars};
+    $new_request->{vars}          = $self->{vars};
 
     # Clone any existing decoded & cached body params. (GH#1116 GH#1269)
     $new_request->{'body_parameters'} = $self->body_parameters->clone;
diff --git a/t/issues/gh-730.t b/t/issues/gh-730.t
index adc519cf1..7c74b11b7 100644
--- a/t/issues/gh-730.t
+++ b/t/issues/gh-730.t
@@ -8,7 +8,7 @@ use HTTP::Request::Common;
     package App;
     use Dancer2;
 
-    get '/' => sub { request->is_behind_proxy };
+    get '/' => sub { app->config->{'behind_proxy'} };
 }
 
 my $app = App->to_app;