From e76fddd13cc4e117e29ccbbaa0e2ea97521e8ab7 Mon Sep 17 00:00:00 2001
From: Wyatt Johnson <wyattjoh@gmail.com>
Date: Tue, 13 Aug 2019 19:41:50 +0000
Subject: [PATCH] [next] Added trust proxy configuration (#2471)

* feat: added trust proxy configuration

* chore: version bump
---
 README.md                    | 1 +
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 src/core/server/app/index.ts | 9 ++++++---
 src/core/server/config.ts    | 8 ++++++++
 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 07ff7f05d..94ccaa2b6 100644
--- a/README.md
+++ b/README.md
@@ -388,6 +388,7 @@ the variables in a `.env` file in the root of the project in a simple
 - `WEBSOCKET_KEEP_ALIVE_TIMEOUT` - A duration in a parsable format (e.g. `30 seconds`
   , `1 minute`) that should be used to send keep alive messages through the
   websocket to keep the socket alive (Default `30 seconds`)
+- `TRUST_PROXY` - When provided, it configures the "trust proxy" settings for Express (See https://expressjs.com/en/guide/behind-proxies.html)
 
 ## License
 
diff --git a/package-lock.json b/package-lock.json
index 01e43e99e..cb158a810 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "@coralproject/talk",
-  "version": "5.0.0-beta.5",
+  "version": "5.0.0-beta.7",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 6f3faabe0..e6f8f276c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@coralproject/talk",
-  "version": "5.0.0-beta.6",
+  "version": "5.0.0-beta.7",
   "author": "The Coral Project",
   "homepage": "https://coralproject.net/",
   "sideEffects": [
diff --git a/src/core/server/app/index.ts b/src/core/server/app/index.ts
index 90c0c366d..1961f3491 100644
--- a/src/core/server/app/index.ts
+++ b/src/core/server/app/index.ts
@@ -104,9 +104,12 @@ export const listenAndServe = (
 function configureApplication(options: AppOptions) {
   const { parent } = options;
 
-  // Trust the first proxy in front of us, this will enable us to trust the fact
-  // that SSL was terminated correctly.
-  parent.set("trust proxy", 1);
+  // Trust the proxy in front of us, this will enable us to trust the fact that
+  // SSL was terminated correctly.
+  const trust = options.config.get("trust_proxy");
+  if (trust) {
+    parent.set("trust proxy", trust);
+  }
 
   // Setup the view config.
   setupViews(options);
diff --git a/src/core/server/config.ts b/src/core/server/config.ts
index 3750b5ad3..e9fc9076b 100644
--- a/src/core/server/config.ts
+++ b/src/core/server/config.ts
@@ -59,6 +59,14 @@ const config = convict({
     default: "en-US",
     env: "LOCALE",
   },
+  trust_proxy: {
+    doc:
+      'When provided, it configures the "trust proxy" settings for Express (See https://expressjs.com/en/guide/behind-proxies.html)',
+    format: String,
+    default: "",
+    env: "TRUST_PROXY",
+    arg: "trustProxy",
+  },
   enable_graphiql: {
     doc: "When true, this will enable the GraphiQL interface at /graphiql",
     format: Boolean,