Added comments to the new code for reverse proxy support

revenz · Nov 12, 2023 · 34edf8e · 34edf8e
1 parent 5a134d8
commit 34edf8e
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/Models/ReverseProxySettings.cs b/Models/ReverseProxySettings.cs
@@ -1,18 +1,57 @@
 namespace Fenrus.Models;
 
+/// <summary>
+/// Configuration object that maps to the ReverseProxySettings section in appsettings.json
+/// </summary>
 public class ReverseProxySettings
 {
+    /// <summary>
+    /// If the request headers should be printed to the console when being redirected to the
+    /// authentication provider.
+    /// </summary>
     public bool DebugPrintRequestHeaders { get; set; }
+
+    /// <summary>
+    /// If the forwarded headers should be used.
+    /// </summary>
     public bool UseForwardedHeaders { get; set; }
+
+    /// <summary>
+    /// The IP-addresses of known proxies.
+    /// </summary>
     public string[] KnownProxies { get; set; } = Array.Empty<string>();
+
+    /// <summary>
+    /// The IP-address specification of a known network in IPv4 format
+    /// For example: 192.168.2.0/24, which will allow all IP-addresses from
+    /// 192.168.2.1 - 192.168.2.254
+    /// </summary>
     public KnownNetwork KnownIpv4Network { get; set; } = new();
+
+    /// <summary>
+    /// The IP-address specification of a known network in IPv6 format
+    /// For example: 2001:db8::/32, which will allow all IP-addresses from
+    /// 2001:db8:0:0:0:0:0:0 - 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
+    /// </summary>
     public KnownNetwork KnownIpv6Network { get; set; } = new();
 
 }
 
 public class KnownNetwork
 {
+    /// <summary>
+    /// If the known network should be added to the list of known networks.
+    /// </summary>
     public bool Enabled { get; set; }
+
+    /// <summary>
+    /// The IP-address of the known network.
+    /// For example: 192.168.2.0 or 2001:db8::
+    /// </summary>
     public string IpAddress { get; set; }
+
+    /// <summary>
+    /// The prefix length of the known network. For example: 24
+    /// </summary>
     public int PrefixLength { get; set; }
 }
diff --git a/Program.cs b/Program.cs
@@ -29,6 +29,9 @@
 builder.Configuration.AddEnvironmentVariables();
 builder.Services.AddControllersWithViews();
 builder.Services.AddMvc();
+
+//Gets the reverse proxy settings from the appsettings.json file
+//to check if the app is running behind a reverse proxy
 ReverseProxySettings reverseProxySettings = builder.Configuration.GetSection(nameof(ReverseProxySettings)).Get<ReverseProxySettings>();
 
 if(reverseProxySettings.UseForwardedHeaders)
@@ -100,6 +103,8 @@
             options.DisableTelemetry = true;
             options.Events.OnRedirectToIdentityProvider = context =>
             {
+                //Added option to debug request headers for reverse proxy
+                //Sometimes it can be difficult to find out if X-Forwarded-X headers are set correctly
                 if(reverseProxySettings.DebugPrintRequestHeaders)
                     Logger.DLog($"Request headers: {string.Join(Environment.NewLine, context.Request.Headers)}");
                 return Task.FromResult(0);
@@ -198,6 +203,10 @@
 Logger.ILog($"Fenrus v{Fenrus.Globals.Version} stopped");
 workers.ForEach(x => x.Stop());
 
+// Configure the app to use forwarded headers
+//If the app is running behind a reverse proxy, the app needs to be configured to use the forwarded headers
+//This means that X-Forwarded-For and X-Forwarded-Proto headers are used to determine if the request goes over https, 
+//but is using ssl termination
 void ConfigureUsingForwardedHeaders(WebApplicationBuilder webApplicationBuilder,
     ReverseProxySettings reverseProxySettings1)
 {