Add "trust proxy" setting and req.path/host/ip/etc

helje5 · helje5 · commit 891edff61aea · 2026-03-04T17:41:49.000+01:00
Useful.
diff --git a/Sources/express/IncomingMessage.swift b/Sources/express/IncomingMessage.swift
@@ -3,26 +3,98 @@
 //  Noze.io / Macro
 //
 //  Created by Helge Heß on 6/2/16.
-//  Copyright © 2016-2024 ZeeZide GmbH. All rights reserved.
+//  Copyright © 2016-2026 ZeeZide GmbH. All rights reserved.
 //
 
 #if canImport(Foundation)
   import Foundation
 #endif
-import class http.IncomingMessage
+import http
 import NIOHTTP1
-
+import NIOCore
 
 public extension IncomingMessage {
   
   typealias Params = ExpressWrappedDictionary<String>
   typealias Query  = ExpressWrappedDictionary<Any>
 
-  // TODO: baseUrl, originalUrl, path
-  // TODO: hostname, ip, ips, protocol
+  /// The hostname from the `Host` header, or
+  /// `X-Forwarded-Host` when trust proxy is enabled.
+  @inlinable
+  var hostname: String? {
+    let host: String
+    if app?.settings.trustProxy ?? false,
+       let fh = headers["X-Forwarded-Host"].first
+    {
+      if let i = fh.firstIndex(of: ",") { host = String(fh[..<i]) }
+      else { host = fh }
+    }
+    else if let h = headers["Host"].first { host = h }
+    else { return nil }
+    
+    // IPv6 bracket notation: strip port after `]`
+    if host.hasPrefix("[") {
+      guard let b = host.firstIndex(of: "]") else { return host }
+      let a = host.index(after: b)
+      if a < host.endIndex, host[a] == ":" { return String(host[..<a]) }
+      return String(host[...b])
+    }
+    if let i = host.firstIndex(of: ":") {
+      return String(host[..<i])
+    }
+    return host
+  }
   
-  // TODO: originalUrl, path
-  // TODO: hostname, ip, ips, protocol
+  /// The client IP. Uses `X-Forwarded-For` when trust
+  /// proxy is enabled.
+  @inlinable
+  var ip: String? {
+    if app?.settings.trustProxy ?? false,
+       let xff = headers["X-Forwarded-For"].first
+    {
+      if let i = xff.firstIndex(of: ",") { return String(xff[..<i]) }
+      return xff
+    }
+    return socket?.remoteAddress?.ipAddress
+  }
+
+  /// All IPs from `X-Forwarded-For` when trust proxy
+  /// is enabled, empty otherwise.
+  @inlinable
+  var ips: [ String ] {
+    guard app?.settings.trustProxy ?? false,
+          let xff = headers["X-Forwarded-For"].first else { return [] }
+    return xff.split(separator: ",").map { part in
+      String(part.drop(while: { $0.isWhitespace }))
+    }
+  }
+
+  /**
+   * `"https"` when behind a trusted proxy setting
+   * `X-Forwarded-Proto`, `"http"` otherwise.
+   */
+  @inlinable
+  var `protocol`: String {
+    if app?.settings.trustProxy ?? false,
+       let proto = headers["X-Forwarded-Proto"].first
+    {
+      if let i = proto.firstIndex(of: ",") {
+        return String(proto[..<i])
+      }
+      return proto
+    }
+    return "http"
+  }
+
+  /// The URL path without the query string.
+  @inlinable
+  var path: String {
+    guard let qIdx = url.firstIndex(of: "?") else {
+      return url.isEmpty ? "/" : url
+    }
+    let p = String(url[..<qIdx])
+    return p.isEmpty ? "/" : p
+  }
 
   /// A reference to the active application. Updated when subapps are triggered.
   var app : Express? { return environment[ExpressExtKey.App.self] }
@@ -62,12 +134,12 @@ public extension IncomingMessage {
     // FIXME: improve parser (fragments?!)
     // TBD: just use Foundation?!
     guard let idx = url.firstIndex(of: "?") else {
-      environment[ExpressExtKey.Query.self] = .init([:])
+      environment[ExpressExtKey.Query.self] = Query([:])
       return Query([:])
     }
     let q  = url[url.index(after: idx)...]
     let qp = qs.parse(String(q))
-    environment[ExpressExtKey.Query.self] = .init(qp)
+    environment[ExpressExtKey.Query.self] = Query(qp)
     return Query(qp)
   }
   
diff --git a/Sources/express/Settings.swift b/Sources/express/Settings.swift
@@ -3,7 +3,7 @@
 //  Noze.io / Macro
 //
 //  Created by Helge Heß on 02/06/16.
-//  Copyright © 2016-2025 ZeeZide GmbH. All rights reserved.
+//  Copyright © 2016-2026 ZeeZide GmbH. All rights reserved.
 //
 
 /**
@@ -181,7 +181,8 @@ public extension ExpressSettings {
    *
    * This first checks for an explicit `env` setting in the SettingsHolder
    * (i.e. Express application object).
-   * If that's missing, it checks the `MACRO_ENV` environment variable.
+   * If that's missing, it checks the `EXPRESS_ENV` and `MACRO_ENV` environment 
+   * variable.
    */
   @inlinable
   var env : String {
@@ -202,22 +203,32 @@ public extension ExpressSettings {
    */
   @inlinable
   var xPoweredBy : Bool {
-    guard let v = holder.get("x-powered-by") else { return true }
-    return boolValue(v)
+    set { holder.set("x-powered-by", true) }
+    get { return boolValue(holder.get("x-powered-by")) }
+  }
+
+  /// Whether to trust `X-Forwarded-*` proxy headers.
+  @inlinable
+  var trustProxy : Bool {
+    set { holder.set("trust proxy", true) }
+    get { return boolValue(holder.get("trust proxy")) }
   }
 }
 
 
 // MARK: - Helpers
 
 @usableFromInline
-func boolValue(_ v : Any) -> Bool {
+func boolValue(_ v : Any?) -> Bool {
   // TODO: this should be some Foundation like thing
-  if let b = v as? Bool   { return b      }
-  if let b = v as? Int    { return b != 0 }
+  guard let v = v else { return false }
+  if let b = v as? Bool { return b      }
+  if let b = v as? Int  { return b != 0 }
+  
   #if swift(>=5.10)
   if let i = (v as? any BinaryInteger) { return Int(i) != 0 }
   #endif
+  
   if let s = v as? String {
     switch s.lowercased() {
       case "no", "false", "0", "disable": return false
