[SERV-454] Detect client IP address when deployed behind a reverse proxy (#40)

Author: Mark A. Matney, Jr

src/main/java/edu/ucla/library/iiif/auth/verticles/MainVerticle.java

@@ -34,6 +34,7 @@
 import io.vertx.core.http.HttpServer;
 import io.vertx.core.http.HttpServerOptions;
 import io.vertx.core.json.JsonObject;
+import io.vertx.ext.web.AllowForwardHeaders;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.handler.APIKeyHandler;
 import io.vertx.ext.web.handler.ErrorHandler;
@@ -162,6 +163,9 @@ public Future<Router> createRouter(final JsonObject aConfig) {
                     .failureHandler(new AdminAuthenticationErrorHandler()) //
                     .failureHandler(new HtmlRenderingErrorHandler());
 
+            // Enable deployment behind a reverse proxy
+            router.allowForward(AllowForwardHeaders.X_FORWARD);
+
             return Future.succeededFuture(router);
         });
     }

src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java

@@ -17,6 +17,8 @@
 import edu.ucla.library.iiif.auth.services.DatabaseService;
 import edu.ucla.library.iiif.auth.utils.TestUtils;
 
+import info.freelibrary.util.StringUtils;
+
 import io.vertx.config.ConfigRetriever;
 import io.vertx.core.CompositeFuture;
 import io.vertx.core.Future;
@@ -64,6 +66,27 @@ public abstract class AbstractHandlerIT {
      */
     protected static final String POST_ITEMS_PATH = "/items";
 
+    /**
+     * The name of the HTTP request header used by the reverse proxy to carry the client IP address.
+     */
+    protected static final String X_FORWARDED_FOR = "X-Forwarded-For";
+
+    /**
+     * The fictitious client IP address that we'll pretend a reverse proxy sent through.
+     */
+    protected static final String FORWARDED_CLIENT_IP = "10.1.1.1";
+
+    /**
+     * The fictitious proxy IP address that we'll pretend a reverse proxy sent through.
+     */
+    protected static final String FORWARDED_PROXY_IP = "10.2.2.2";
+
+    /**
+     * The value to use for the {@link CLIENT_IP_HEADER} header.
+     */
+    protected static final String FORWARDED_IP_ADDRESSES =
+            StringUtils.format("{}, {}", FORWARDED_CLIENT_IP, FORWARDED_PROXY_IP);
+
     /**
      * A test id for an item with open access.
      */

src/test/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandlerIT.java

@@ -6,7 +6,10 @@
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 
+import org.jsoup.Jsoup;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import edu.ucla.library.iiif.auth.utils.MediaType;
 import edu.ucla.library.iiif.auth.utils.TestConstants;
@@ -27,20 +30,32 @@ public final class AccessCookieHandlerIT extends AbstractHandlerIT {
     /**
      * Tests that a client can obtain an access cookie.
      *
+     * @param aReverseProxyDeployment Whether or not to simulate app deployment behind a reverse proxy
      * @param aVertx A Vert.x instance
      * @param aContext A test context
      */
-    @Test
-    public void testGetCookie(final Vertx aVertx, final VertxTestContext aContext) {
+    @ParameterizedTest
+    @ValueSource(booleans = { true, false })
+    public void testGetCookie(final boolean aReverseProxyDeployment, final Vertx aVertx,
+            final VertxTestContext aContext) {
         final String requestURI =
                 StringUtils.format(GET_COOKIE_PATH, URLEncoder.encode(TEST_ORIGIN, StandardCharsets.UTF_8));
         final HttpRequest<?> getCookie = myWebClient.get(myPort, TestConstants.INADDR_ANY, requestURI);
 
+        if (aReverseProxyDeployment) {
+            getCookie.putHeader(X_FORWARDED_FOR, FORWARDED_IP_ADDRESSES);
+        }
+
         getCookie.send().onSuccess(response -> {
             assertEquals(HTTP.OK, response.statusCode());
             assertEquals(MediaType.TEXT_HTML.toString(), response.headers().get(HttpHeaders.CONTENT_TYPE));
             assertEquals(1, response.cookies().size());
 
+            if (aReverseProxyDeployment) {
+                assertEquals(FORWARDED_CLIENT_IP,
+                        Jsoup.parse(response.bodyAsString()).getElementById("client-ip-address").text());
+            }
+
             aContext.completeNow();
         }).onFailure(aContext::failNow);
     }

src/test/java/edu/ucla/library/iiif/auth/handlers/AccessTokenHandlerIT.java

@@ -13,6 +13,8 @@
 
 import org.jsoup.Jsoup;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 
 import edu.ucla.library.iiif.auth.AccessTokenError;
 import edu.ucla.library.iiif.auth.Config;
@@ -51,26 +53,42 @@ public final class AccessTokenHandlerIT extends AbstractAccessTokenHandlerIT {
     /**
      * Tests that a browser client can use a valid access cookie to obtain an access token.
      *
+     * @param aReverseProxyDeployment Whether or not to simulate app deployment behind a reverse proxy
      * @param aVertx A Vert.x instance
      * @param aContext A test context
      */
-    @Test
-    public void testGetTokenBrowser(final Vertx aVertx, final VertxTestContext aContext) {
+    @ParameterizedTest
+    @ValueSource(booleans = { true, false })
+    public void testGetTokenBrowser(final boolean aReverseProxyDeployment, final Vertx aVertx,
+            final VertxTestContext aContext) {
         final String getCookieRequestURI =
                 StringUtils.format(GET_COOKIE_PATH, URLEncoder.encode(TEST_ORIGIN, StandardCharsets.UTF_8));
         final HttpRequest<?> getCookie = myWebClient.get(myPort, TestConstants.INADDR_ANY, getCookieRequestURI);
 
+        if (aReverseProxyDeployment) {
+            getCookie.putHeader(X_FORWARDED_FOR, FORWARDED_IP_ADDRESSES);
+        }
+
         getCookie.send().compose(result -> {
             final String cookieHeader = result.cookies().get(0);
             final String cookieValue = cookieHeader.split(EQUALS)[1];
-            final String clientIpAddress =
-                    Jsoup.parse(result.bodyAsString()).getElementById(myClientIpAddressID).text();
+            final String clientIpAddress;
+
+            if (aReverseProxyDeployment) {
+                clientIpAddress = FORWARDED_CLIENT_IP;
+            } else {
+                clientIpAddress = Jsoup.parse(result.bodyAsString()).getElementById(myClientIpAddressID).text();
+            }
 
             return myAccessCookieService.decryptCookie(cookieValue, clientIpAddress).compose(cookie -> {
                 final String getTokenRequestURI = StringUtils.format(GET_TOKEN_PATH, myGetTokenRequestQuery);
                 final HttpRequest<?> getToken = myWebClient.get(myPort, TestConstants.INADDR_ANY, getTokenRequestURI)
                         .putHeader(HttpHeaders.COOKIE.toString(), cookieHeader);
 
+                if (aReverseProxyDeployment) {
+                    getToken.putHeader(X_FORWARDED_FOR, FORWARDED_IP_ADDRESSES);
+                }
+
                 return getToken.send().onSuccess(response -> {
                     final JsonObject expectedAccessTokenDecoded =
                             new JsonObject().put(TokenJsonKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION)).put(
@@ -106,26 +124,42 @@ public void testGetTokenBrowser(final Vertx aVertx, final VertxTestContext aCont
     /**
      * Tests that a non-browser client can use a valid access cookie to obtain an access token.
      *
+     * @param aReverseProxyDeployment Whether or not to simulate app deployment behind a reverse proxy
      * @param aVertx A Vert.x instance
      * @param aContext A test context
      */
-    @Test
-    public void testGetTokenNonBrowser(final Vertx aVertx, final VertxTestContext aContext) {
+    @ParameterizedTest
+    @ValueSource(booleans = { true, false })
+    public void testGetTokenNonBrowser(final boolean aReverseProxyDeployment, final Vertx aVertx,
+            final VertxTestContext aContext) {
         final String getCookieRequestURI =
                 StringUtils.format(GET_COOKIE_PATH, URLEncoder.encode(TEST_ORIGIN, StandardCharsets.UTF_8));
         final HttpRequest<?> getCookie = myWebClient.get(myPort, TestConstants.INADDR_ANY, getCookieRequestURI);
 
+        if (aReverseProxyDeployment) {
+            getCookie.putHeader(X_FORWARDED_FOR, FORWARDED_IP_ADDRESSES);
+        }
+
         getCookie.send().compose(result -> {
             final String cookieHeader = result.cookies().get(0);
             final String cookieValue = cookieHeader.split(EQUALS)[1];
-            final String clientIpAddress =
-                    Jsoup.parse(result.bodyAsString()).getElementById(myClientIpAddressID).text();
+            final String clientIpAddress;
+
+            if (aReverseProxyDeployment) {
+                clientIpAddress = FORWARDED_CLIENT_IP;
+            } else {
+                clientIpAddress = Jsoup.parse(result.bodyAsString()).getElementById(myClientIpAddressID).text();
+            }
 
             return myAccessCookieService.decryptCookie(cookieValue, clientIpAddress).compose(cookie -> {
                 final String getTokenRequestURI = StringUtils.format(GET_TOKEN_PATH, EMPTY);
                 final HttpRequest<?> getToken = myWebClient.get(myPort, TestConstants.INADDR_ANY, getTokenRequestURI)
                         .putHeader(HttpHeaders.COOKIE.toString(), cookieHeader);
 
+                if (aReverseProxyDeployment) {
+                    getToken.putHeader(X_FORWARDED_FOR, FORWARDED_IP_ADDRESSES);
+                }
+
                 return getToken.send().onSuccess(response -> {
                     final JsonObject expectedAccessTokenDecoded =
                             new JsonObject().put(TokenJsonKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION)).put(