Merge pull request #14 from agencyenterprise/staging

Staging

Author: jpatterson933

src/index.ts

@@ -21,6 +21,7 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const publicPath = path.join(__dirname, "public");
 
 const app = express();
+app.set("trust proxy", true);
 
 const sessionManager = new SessionManager();
 app.locals.sessionManager = sessionManager;
@@ -39,6 +40,10 @@ if (config.nodeEnv !== "production") {
 app.use(express.static(publicPath));
 app.use(requestLogger);
 
+app.use(["/wp-admin/*", "/wordpress/*", "/*.php"], (_req, res) => {
+  res.status(404).end();
+});
+
 app.use("/docs", docsRouter);
 app.use("/health", healthRouter);
 app.use("/.well-known", wellKnownRouter);

src/middleware/auth.ts

@@ -33,7 +33,9 @@ function sendUnauthorized(
       errorType: "auth",
       code,
       message,
-      ip: req.ip || req.headers["x-forwarded-for"],
+      ip: req.ip,
+      forwardedFor: req.headers["x-forwarded-for"],
+      socketIp: req.socket.remoteAddress,
       userAgent: req.headers["user-agent"],
       method: req.method,
       path: req.path,

src/test/middleware/auth.test.ts

@@ -12,6 +12,7 @@ function createMockRequest(authHeader?: string): Request {
   return {
     headers: authHeader ? { authorization: authHeader } : {},
     userId: undefined,
+    socket: { remoteAddress: "127.0.0.1" },
   } as unknown as Request;
 }