diff --git a/datacube_ows/feature_info.py b/datacube_ows/feature_info.py index a6709ef3..46208287 100644 --- a/datacube_ows/feature_info.py +++ b/datacube_ows/feature_info.py @@ -112,7 +112,7 @@ def _make_band_dict(prod_cfg: OWSNamedLayer, pixel_dataset: xarray.Dataset) -> d @log_call -def _make_derived_band_dict(pixel_dataset: xarray.Dataset, style_index: dict[str, StyleDef]) -> dict[str, int | float]: +def _make_derived_band_dict(pixel_dataset: xarray.Dataset, style_index: dict[str, StyleDef]) -> dict[str, int | float | str]: """Creates a dict of values for bands derived by styles. This only works for styles with an `index_function` defined. diff --git a/datacube_ows/ogc.py b/datacube_ows/ogc.py index 23a61bd0..f83e2616 100644 --- a/datacube_ows/ogc.py +++ b/datacube_ows/ogc.py @@ -12,13 +12,28 @@ from sqlalchemy import text from datacube_ows import __version__ -from datacube_ows.http_utils import (capture_headers, get_service_base_url, - lower_get_args, resp_headers) +from datacube_ows.http_utils import ( + capture_headers, + get_service_base_url, + lower_get_args, + resp_headers, +) from datacube_ows.legend_generator import create_legend_for_style from datacube_ows.ogc_exceptions import OGCException, WMSException from datacube_ows.ows_configuration import get_config from datacube_ows.protocol_versions import supported_versions -from datacube_ows.startup_utils import * # pylint: disable=wildcard-import,unused-wildcard-import +from datacube_ows.startup_utils import ( + initialise_aws_credentials, + initialise_babel, + initialise_debugging, + initialise_flask, + initialise_ignorable_warnings, + initialise_logger, + initialise_prometheus, + initialise_sentry, + parse_config_file, + proxy_fix, +) from datacube_ows.wcs1 import WCS_REQUESTS from datacube_ows.wms import WMS_REQUESTS @@ -43,6 +58,9 @@ # (controlled by environment variables) metrics = initialise_prometheus(app, _LOG) +# Add middleware to fix proxy headers, controlled by environment variables +app = proxy_fix(app, _LOG) + # Protocol/Version lookup table OWS_SUPPORTED = supported_versions() diff --git a/datacube_ows/startup_utils.py b/datacube_ows/startup_utils.py index 893cd2e0..04d0a87b 100644 --- a/datacube_ows/startup_utils.py +++ b/datacube_ows/startup_utils.py @@ -210,6 +210,15 @@ def initialise_prometheus(app, log=None): return metrics return FakeMetrics() +def proxy_fix(app, log=None): + # Proxy Fix, to respect X-Forwarded-For headers + if os.environ.get("PROXY_FIX", False): + from werkzeug.middleware.proxy_fix import ProxyFix + app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1) + if log is not None: + log.info("ProxyFix was enabled") + return app + def request_extractor(): qreq = request.args.get('request') return qreq diff --git a/docs/environment_variables.rst b/docs/environment_variables.rst index f4b84ac8..68fb14cd 100644 --- a/docs/environment_variables.rst +++ b/docs/environment_variables.rst @@ -116,6 +116,14 @@ prometheus_multiproc_dir: The `Prometheus event monitoring system `_ is activated by setting this lower case environment variable. +PROXY_FIX: + If ``$PROXY_FIX`` is set to "true", "yes", "on" or "1", the Flask application will trust the + X-Forwarded-For and other headers from a proxy server. + + This is useful when running behind a reverse proxy server such as Nginx or CloudFront. + + NEVER use in production without a reverse proxy server. + Dev Tools ---------