lywsvip/CLIProxyAPI
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPI.git synced 2026-06-20 18:16:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): add support for local management password validation and spoofed IP rejection

Browse Source 
- Introduced `newTestServerWithOptions` to customize server initialization in tests.
- Added `TestManagementLocalPasswordRejectsSpoofedForwardedFor` to validate security against spoofed `X-Forwarded-For` headers.
- Enabled default WebSocket authentication (`ws-auth`) in `config.example.yaml`.
- Disabled trusted proxy headers in Gin engine with appropriate logging to enhance security.
This commit is contained in:
Luis Pater
2026-05-18 01:22:45 +08:00
parent 9ef99aa766
commit 605adaa3c2
4 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/server.go
View File

@@ -217,6 +217,9 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk
// Create gin engine
engine := gin.New()
if errSetTrustedProxies := engine.SetTrustedProxies(nil); errSetTrustedProxies != nil {
log.Warnf("failed to disable trusted proxy headers: %v", errSetTrustedProxies)
}
if optionState.engineConfigurator != nil {
optionState.engineConfigurator(engine)
}