Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

scheme validation fails when running behind double proxies

See original GitHub issue

Context

hapi-swagger@9.3.0

Running with a proxy behind a load balancer (e.g., load balancer -> proxy -> hapi)

What are you trying to achieve or the steps to reproduce?

If hapi-swagger is installed in the above environment, the attempt hit the swagger endpoint returns returns an error due to scheme validation failing as the x-forward headers contain a comma separated string of protocols (see below). The relevant line of code:

node_modules/hapi-swagger/lib/builder.js
182:    const forwardedProtocol = request.headers['x-forwarded-proto'];

this should work (only set the originating protocol):

const forwardedProtocol = request.headers['x-forwarded-proto'].split(',')[0];

What result did you get?

500 : {"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"} https://obscure.hiseva.com/api/swagger.json

req: {
  "id": "1549472040680:f1b96212bb92:72:jrtfmnjl:10024",
  "method": "get",
  "url": "/api/swagger.json",
  "headers": {
    "x-forwarded-host": "obscure.hiseva.com",
    "connection": "close",
    "x-forwarded-for": "208.185.185.131,10.255.0.2",
    "x-forwarded-proto": "https,http",
    "x-forwarded-port": "443,80",
    "cookie": "[Redacted]",
    "host": "api:3030",
    "accept-language": "en-US,en;q=0.9",
    "accept-encoding": "gzip, deflate, br",
    "referer": "https://obscure.hiseva.com/api/docs",
    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36",
    "accept": "application/json;charset=utf-8,*/*"
  }
}
err: {
  "type": "Error",
  "message": "{\n  \"swagger\": \"2.0\",\n  \"host\": \"obscure.hiseva.com\",\n  \"basePath\": \"/\",\n  \"schemes\": [\n    \"https,http\" \u001b[31m[1]\u001b[0m\n  ],\n  \"info\": {\n    \"title\": \"Seva api service\",\n    \"version\": \"0.0.1\"\n  }\n}\n\u001b[31m\n[1] \"0\" must be one of [http, https, ws, wss]\u001b[0m",
  "stack":
      ValidationError: {
        "swagger": "2.0",
        "host": "obscure.hiseva.com",
        "basePath": "/",
        "schemes": [
          "https,http" [1]
        ],
        "info": {
          "title": "Seva api service",
          "version": "0.0.1"
        }
      }

      [1] "0" must be one of [http, https, ws, wss]
          at Object.exports.process (/user-services/dashboard/node_modules/hapi-swagger/node_modules/joi/lib/errors.js:196:19)
          at internals.Object._validateWithOptions (/user-services/dashboard/node_modules/hapi-swagger/node_modules/joi/lib/types/any/index.js:675:31)
          at module.exports.internals.Any.root.validate (/user-services/dashboard/node_modules/hapi-swagger/node_modules/joi/lib/index.js:146:23)
          at module.exports.internals.Any.root.attempt (/user-services/dashboard/node_modules/hapi-swagger/node_modules/joi/lib/index.js:175:29)
          at module.exports.internals.Any.root.assert (/user-services/dashboard/node_modules/hapi-swagger/node_modules/joi/lib/index.js:170:14)
          at Object.builder.getSwaggerJSON (/user-services/dashboard/node_modules/hapi-swagger/lib/builder.js:79:9)
          at handler (/user-services/dashboard/node_modules/hapi-swagger/lib/index.js:116:52)
          at module.exports.internals.Manager.execute (/user-services/dashboard/node_modules/hapi/lib/toolkit.js:35:106)
          at Object.internals.handler (/user-services/dashboard/node_modules/hapi/lib/handler.js:50:48)
          at exports.execute (/user-services/dashboard/node_modules/hapi/lib/handler.js:35:36)
          at Request._lifecycle (/user-services/dashboard/node_modules/hapi/lib/request.js:263:62)
          at process._tickCallback (internal/process/next_tick.js:68:7)
  "isJoi": true,
  "name": "ValidationError",
  "details": [
    {
      "message": "\"0\" must be one of [http, https, ws, wss]",
      "path": [
        "schemes",
        0
      ],
      "type": "any.allowOnly",
      "context": {
        "value": "https,http",
        "valids": [
          "http",
          "https",
          "ws",
          "wss"
        ],
        "key": 0,
        "label": 0
      }
    }
  ],
  "_object": {
    "swagger": "2.0",
    "host": "obscure.hiseva.com",
    "basePath": "/",
    "schemes": [
      "https,http"
    ],
    "info": {
      "title": "Seva api service",
      "version": "0.0.1"
    }
  },
  "isBoom": true,
  "isServer": true,
  "data": null,
  "output": {
    "statusCode": 500,
    "payload": {
      "statusCode": 500,
      "error": "Internal Server Error",
      "message": "An internal server error occurred"
    },
    "headers": {}
  }
}

What did you expect?

documentation.

Issue Analytics

State:
Created 5 years ago
Comments:5

Top GitHub Comments

1reaction

cybercodecommented, Feb 7, 2019

On Thu, Feb 07, 2019 at 01:42:31AM +0000, robert mcguinness wrote:

@cybercode i agree with you. Mind submitting a PR with corresponding test case?

Will try and get to it this weekend.

References

Visible links . https://github.com/cybercode . https://github.com/glennjones/hapi-swagger/issues/561#issuecomment-461258509 . https://github.com/notifications/unsubscribe-auth/AAREnEZUW8-GwidHT5C5eQwWjz12C_D3ks5vK4SHgaJpZM4alrkn

0reactions

robmcguinnesscommented, Feb 10, 2019

Closed in https://github.com/glennjones/hapi-swagger/pull/562