9CgnddlmZddlZddlmZmZmZmZGddZd d Z Gd d Z dS)) annotationsN)ASGI3ApplicationASGIReceiveCallableASGISendCallableScopec$eZdZdZddd ZddZdS)ProxyHeadersMiddlewareaBMiddleware for handling known proxy headers This middleware can be used when a known proxy is fronting the application, and is trusted to be properly setting the `X-Forwarded-Proto` and `X-Forwarded-For` headers with the connecting client information. Modifies the `client` and `scheme` information so that they reference the connecting client, rather that the connecting proxy. References: - - 127.0.0.1appr trusted_hostslist[str] | strreturnNonec<||_t||_dSN)r _TrustedHostsr )selfr r s R/var/www/api/venv/lib/python3.11/site-packages/uvicorn/middleware/proxy_headers.py__init__zProxyHeadersMiddleware.__init__s*=99scoperreceiversendrcXK|ddkr||||d{VS|d}|r|dnd}||jvrt|d}d|vr\|dd}|dvr+|dd kr|d d |d <n||d <d |vr@|d d}|j|} | r d} | | f|d<||||d{VS)Ntypelifespanclientrheaderssx-forwarded-protolatin1>wswsshttphttps websocketr"r schemesx-forwarded-for)r getr dictdecodestripreplaceget_trusted_client_host) rrrr client_addr client_hostrx_forwarded_protox_forwarded_forhostports r__call__zProxyHeadersMiddleware.__call__sn =J & &%$77777777 7ii)) (3=k!nn $, , ,5+,,G#w..$+,@$A$H$H$R$R$X$X$Z$Z!$(FFFV} 33*;*C*CFD*Q*Qh*;h!W,,")*<"="D"DX"N"N)AA/RR3D'+TlE(OXXeWd333333333rN)r )r rr r rr)rrrrrrrr)__name__ __module__ __qualname____doc__rr2rrr r sK  :::::!4!4!4!4!4!4rr valuestrr list[str]c@d|dDS)Nc6g|]}|Sr7)r)).0items r z$_parse_raw_hosts..@s 6 6 6TDJJLL 6 6 6r,)split)r8s r_parse_raw_hostsrB?s" 6 6U[[%5%5 6 6 66rc*eZdZdZddZdd Zdd ZdS)rz(Container for trusted hosts and networksr r rrcZ|ddgfv|_t|_t|_t|_|jst |t rt|}|D]}d|vrX |jtj |4#t$r|j|YZwxYw |jtj |#t$r|j|YwxYwdSdS)N*/) always_trustsettrusted_literalsr trusted_networks isinstancer9rBadd ipaddress ip_network ValueError ip_address)rr r0s rrz_TrustedHosts.__init__Fs\"/C#<"?*-%%QTQVQVTWTYTY  8--- @ 0 ? ? % 8 8 $;;8-11)2Ft2L2LMMMM%888-11$7777788*..y/CD/I/IJJJJ%888-11$777778' 8 8 8 8s$:,B''$C C,C??$D&%D&r0 str | Noneboolc|jrdS|sdS tj||jvrdSt fd|jDS#t $r ||jvcYSwxYw)NTFc3 K|]}|vV dSrr7)r=netips r z-_TrustedHosts.__contains__..xs'BBSrSyBBBBBBr)rGrMrPr anyrJrOrI)rr0rVs @r __contains__z_TrustedHosts.__contains__ms   4 5 1%d++BT'''tBBBBD,ABBBBB B 1 1 1400 0 0 0 1sAAA%$A%r/r9ct|}|jr|dSt|D] }||vr|cS |dS)zExtract the client host from x_forwarded_for header In general this is the first "untrusted" host in the forwarded for list. r)rBrGreversed)rr/x_forwarded_for_hostsr0s rr+z%_TrustedHosts.get_trusted_client_host}sh !1 A A   ,(+ +233  D4  %Q''rN)r r rr)r0rQrrR)r/r9rr9)r3r4r5r6rrYr+r7rrrrCsW22%8%8%8%8N1111 ((((((rr)r8r9rr:) __future__rrMuvicorn._typesrrrrr rBrr7rrr_s""""""YYYYYYYYYYYY4444444444444444n7777K(K(K(K(K(K(K(K(K(K(r