# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1614458276 -3600
# Node ID 2ea70d2914293aa4b84a92fe37ad1860b038cf70
# Parent  d30c44a829c1161897a2116bd38c80f4d530aa81
mod_http: Consolidate handling of proxied connection details

Trying to move everything relating to proxies and X-Forwarded-Foo into a
single place.

diff -r d30c44a829c1 -r 2ea70d291429 plugins/mod_http.lua
--- a/plugins/mod_http.lua	Sat Feb 27 21:37:16 2021 +0100
+++ b/plugins/mod_http.lua	Sat Feb 27 21:37:56 2021 +0100
@@ -259,10 +259,11 @@
 	return false
 end
 
-local function get_ip_from_request(request)
+local function get_forwarded_connection_info(request) --> ip:string, secure:boolean
 	local ip = request.ip;
+	local secure = request.secure; -- set by net.http.server
 	local forwarded_for = request.headers.x_forwarded_for;
-	if forwarded_for and is_trusted_proxy(ip) then
+	if forwarded_for then
 		-- luacheck: ignore 631
 		-- This logic looks weird at first, but it makes sense.
 		-- The for loop will take the last non-trusted-proxy IP from `forwarded_for`.
@@ -278,18 +279,17 @@
 			end
 		end
 	end
-	return ip;
+
+	secure = secure or request.headers.x_forwarded_proto == "https";
+
+	return ip, secure;
 end
 
 module:wrap_object_event(server._events, false, function (handlers, event_name, event_data)
 	local request = event_data.request;
-	if request then
+	if request and is_trusted_proxy(request.ip) then
 		-- Not included in eg http-error events
-		request.ip = get_ip_from_request(request);
-
-		if not request.secure and request.headers.x_forwarded_proto == "https" and is_trusted_proxy(request.conn:ip()) then
-			request.secure = true;
-		end
+		request.ip, request.secure = get_forwarded_connection_info(request);
 	end
 	return handlers(event_name, event_data);
 end);