o jg@s`ddlmZddlZddlmZmZmZmZGdddZdd d Z dd dZ GdddZ dS)) annotationsN)ASGI3ApplicationASGIReceiveCallableASGISendCallableScopec@s&eZdZdZddd d ZdddZdS)ProxyHeadersMiddlewareaBMiddleware for handling known proxy headers This middleware can be used when a known proxy is fronting the application, and is trusted to be properly setting the `X-Forwarded-Proto` and `X-Forwarded-For` headers with the connecting client information. Modifies the `client` and `scheme` information so that they reference the connecting client, rather that the connecting proxy. References: - - 127.0.0.1appr trusted_hostslist[str] | strreturnNonecCs||_t||_dSN)r _TrustedHostsr )selfr r rS/home/kuhnn/.local/lib/python3.10/site-packages/uvicorn/middleware/proxy_headers.py__init__szProxyHeadersMiddleware.__init__scoperreceiversendrc s|ddkr||||IdHS|d}|r|dnd}||jvrht|d}d|vrM|dd}|dvrM|dd krI|d d |d <n||d <d |vrh|d d}|j|\} } | rh| | f|d<||||IdHS)Ntypelifespanclientrheaderssx-forwarded-protolatin1>wswsshttphttps websocketrrschemesx-forwarded-for)r getr dictdecodestripreplaceget_trusted_client_address) rrrr client_addr client_hostrx_forwarded_protox_forwarded_forhostportrrr__call__s&      zProxyHeadersMiddleware.__call__N)r)r rr r r r )rrrrrrr r )__name__ __module__ __qualname____doc__rr.rrrrrs rvaluestrr list[str]cCsdd|dDS)NcSsg|]}|qSr)r%).0itemrrr <sz$_parse_raw_hosts..,)split)r3rrr_parse_raw_hosts;sr;tuple[str, int]cCs|drH|d}|dkr|dfS|d|}||dd}|s&|dfS|ds/|dfSz |t|ddfWStyG|dfYSw|ddkrl|dd\}}z|t|fWStyk|dfYSw|dfS)a&Parse a forwarded host value into host and optional port. Accepts bare IPs, IPv4 `host:port`, and bracketed IPv6 `[host]:port`. Any unrecognized or malformed value is treated conservatively and returned without a port so trust checks do not silently normalize arbitrary input. []rN:) startswithfindint ValueErrorcountrsplit)r3 bracket_endr, remainderr-rrr_parse_host_port?s.        rJc@s.eZdZdZdddZdd d ZdddZdS)rz(Container for trusted hosts and networksr r r r c Cs|ddgfv|_t|_t|_t|_|js^t|tr t|}|D]=}d|vrCz |jt |Wq"t yB|j|Yq"wz |jt |Wq"t y]|j|Yq"wdSdS)N*/) always_trustsettrusted_literalsr trusted_networks isinstancer4r;add ipaddress ip_networkrE ip_address)rr r,rrrres*   z_TrustedHosts.__init__r, str | Noneboolcsd|jrdS|s dSzt||jvrWdStfdd|jDWSty1||jvYSw)NTFc3s|]}|vVqdSrr)r6netiprr sz-_TrustedHosts.__contains__..)rMrSrUr anyrPrErO)rr,rrYr __contains__s   z_TrustedHosts.__contains__r+r4r<cCsTt|}|jr t|dSt|D]}t|\}}||vr#||fSqt|dS)zExtract the client address from x_forwarded_for header. In general this is the first "untrusted" host in the forwarded for list. r)r;rMrJreversed)rr+x_forwarded_for_hosts host_portr,r-rrrr's     z(_TrustedHosts.get_trusted_client_addressN)r r r r )r,rVr rW)r+r4r r<)r/r0r1r2rr]r'rrrrrbs   'r)r3r4r r5)r3r4r r<) __future__rrSuvicorn._typesrrrrrr;rJrrrrrs  3 #