From 2c72c39612a6013d301bed3312aaf6a4acf6ffc5 Mon Sep 17 00:00:00 2001 From: Helge Date: Sun, 27 Oct 2024 16:39:34 +0100 Subject: [PATCH] Enable setting the port and allowPrivateAddress through environment vars By setting BEHIND_PROXY: "true" HOLLO_PORT: 80 ALLOW_PRIVATE_ADDRESS: "true" one allows private addresses and runs on port 80. --- .env.sample | 6 ++++++ src/federation/index.ts | 2 ++ src/index.tsx | 6 +++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 58a0ff5f..8e42a850 100644 --- a/.env.sample +++ b/.env.sample @@ -5,6 +5,12 @@ SECRET_KEY=secret_key # generate a secret key with `openssl rand -base64 32` LOG_LEVEL=info LOG_QUERY=false BEHIND_PROXY=false +LISTEN_PORT=3000 # if BEHIND_PROXY=true used as port for the server +# Setting ALLOW_PRIVATE_ADDRESS to true disables SSRF (Server-Side Request Forgery) protection +# Set to true to test in local network +# Will be replaced by list of allowed IPs once https://github.com/dahlia/fedify/issues/157 +# is implemented. +ALLOW_PRIVATE_ADDRESS=false REMOTE_ACTOR_FETCH_POSTS=10 AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= diff --git a/src/federation/index.ts b/src/federation/index.ts index 9561070e..6ab593fc 100644 --- a/src/federation/index.ts +++ b/src/federation/index.ts @@ -110,6 +110,8 @@ if (getRedisUrl() == null) { export const federation = createFederation({ kv, queue, + // biome-ignore lint/complexity/useLiteralKeys: tsc complains about this (TS4111) + allowPrivateAddress: process.env["ALLOW_PRIVATE_ADDRESS"] === "true", }); federation diff --git a/src/index.tsx b/src/index.tsx index f3a4dac7..beb3464f 100644 --- a/src/index.tsx +++ b/src/index.tsx @@ -31,5 +31,9 @@ app.get("/favicon.png", async (c) => { // biome-ignore lint/complexity/useLiteralKeys: tsc complains about this (TS4111) const BEHIND_PROXY = process.env["BEHIND_PROXY"] === "true"; +// biome-ignore lint/complexity/useLiteralKeys: tsc complains about this (TS4111) +const HOLLO_PORT = Number.parseInt(process.env["LISTEN_PORT"] ?? "3000", 10); -export default BEHIND_PROXY ? { fetch: behindProxy(app.fetch.bind(app)) } : app; +export default BEHIND_PROXY + ? { fetch: behindProxy(app.fetch.bind(app)), port: HOLLO_PORT } + : app;