From e8ca2c42a6c045565a470e41f81fd42d44394347 Mon Sep 17 00:00:00 2001
From: Polianin Nikita <nikitkapolyanin@yandex.ru>
Date: Thu, 4 Jul 2024 23:46:43 +0300
Subject: [PATCH] sec: add random scret forward token for set ip if app under
 proxy

---
 Endpoint/Configuration/General/GeneralConfig.cs |  1 +
 Endpoint/Program.cs                             | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/Endpoint/Configuration/General/GeneralConfig.cs b/Endpoint/Configuration/General/GeneralConfig.cs
index 2f74a9a..2a6fcc2 100644
--- a/Endpoint/Configuration/General/GeneralConfig.cs
+++ b/Endpoint/Configuration/General/GeneralConfig.cs
@@ -18,6 +18,7 @@ public class GeneralConfig
     public ScheduleSettings? ScheduleSettings { get; set; }
     public EmailSettings? EmailSettings { get; set; }
     public LogSettings? LogSettings { get; set; }
+    public string? SecretForwardToken { get; set; }
 
     public void SaveSetting()
     {
diff --git a/Endpoint/Program.cs b/Endpoint/Program.cs
index 3066fa4..89c754c 100644
--- a/Endpoint/Program.cs
+++ b/Endpoint/Program.cs
@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
@@ -12,6 +13,7 @@ using Mirea.Api.Endpoint.Configuration.AppConfig;
 using Mirea.Api.Endpoint.Configuration.General;
 using Mirea.Api.Endpoint.Configuration.General.Validators;
 using Mirea.Api.Endpoint.Middleware;
+using Mirea.Api.Security.Services;
 using System;
 using System.IO;
 
@@ -64,6 +66,20 @@ public class Program
             });
         });
 
+        builder.Services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            var secretForward = builder.Configuration.Get<GeneralConfig>();
+
+            if (string.IsNullOrEmpty(secretForward!.SecretForwardToken))
+            {
+                secretForward.SecretForwardToken = GeneratorKey.GenerateBase64(18);
+                secretForward.SaveSetting();
+            }
+
+            options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+            options.ForwardedForHeaderName = secretForward.SecretForwardToken + "-X-Forwarded-For";
+        });
+
         builder.Services.AddCustomApiVersioning();
         builder.Services.AddCustomSwagger();
 
@@ -75,6 +91,7 @@ public class Program
         app.UseStaticFiles();
         app.UseCors("AllowAll");
         app.UseCustomSerilog();
+        app.UseForwardedHeaders();
 
         using (var scope = app.Services.CreateScope())
         {