[mirotalkbro] - add trust proxy, fix typo, update env

miroslavpejic85 · Feb 6, 2025 · 7704f52 · 7704f52
1 parent 4e8c73c
commit 7704f52
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/.env.template b/.env.template
@@ -4,6 +4,10 @@ PROTOCOL=http # http or https
 HOST=localhost 
 PORT=3016
 
+# Trust Proxy
+
+TRUST_PROXY=false #true or false
+
 # Time Zone corresponding to timezone identifiers from the IANA Time Zone Database es Europe/Rome default UTC
 
 TZ=UTC
@@ -30,7 +34,8 @@ OIDC_ISSUER_BASE_URL='https://server.example.com'
 OIDC_BASE_URL='http://localhost:3016' # https://bro.mirotalk.com
 OIDC_CLIENT_ID='ClientID'
 OIDC_CLIENT_SECRET='ClientSecret'
-OIDC_AUTH_REUIRED=false # set to true if authentication is required for all routes
+OIDC_AUTH_REQUIRED=false # set to true if authentication is required for all routes
+OIDC_AUTH_LOGOUT=true # # controls automatic logout from both your app and Auth0 when set to true
 SESSION_SECRET='mirotalk-bro-oidc-secret'
 
 # Stun: https://bloggeek.me/webrtcglossary/stun/

diff --git a/app/server.js b/app/server.js
@@ -8,7 +8,7 @@
  * @license For open source under AGPL-3.0
  * @license For private project or commercial purposes contact us at: [email protected]
  * @author  Miroslav Pejic - [email protected]
- * @version 1.1.22
+ * @version 1.1.23
  */
 
 require('dotenv').config();
@@ -110,6 +110,9 @@ if (protocol === 'http') {
     server = https.createServer(options, app);
 }
 
+// Trust Proxy
+const trustProxy = !!getEnvBoolean(process.env.TRUST_PROXY);
+
 // Cors
 const cors_origin = process.env.CORS_ORIGIN;
 const cors_methods = process.env.CORS_METHODS;
@@ -155,7 +158,7 @@ const OIDC = {
             scope: 'openid profile email',
         },
         authRequired: process.env.OIDC_AUTH_REQUIRED ? getEnvBoolean(process.env.OIDC_AUTH_REQUIRED) : false,
-        auth0Logout: true,
+        auth0Logout: process.env.OIDC_AUTH_LOGOUT ? getEnvBoolean(process.env.OIDC_AUTH_LOGOUT) : true, // Set to true to enable logout with Auth0
         routes: {
             callback: '/auth/callback',
             login: false,
@@ -181,6 +184,7 @@ const html = {
     disconnect: path.join(__dirname, '../', 'public/views/disconnect.html'),
 };
 
+app.set('trust proxy', trustProxy); // Enables trust for proxy headers (e.g., X-Forwarded-For) based on the trustProxy setting
 app.use(helmet.xssFilter()); // Enable XSS protection
 app.use(helmet.noSniff()); // Enable content type sniffing prevention
 app.use(cors(corsOptions));
@@ -416,6 +420,7 @@ async function ngrokStart() {
         const list = await api.listTunnels();
         const tunnelHttps = list.tunnels[0].public_url;
         log.info('Server is running', {
+            trustProxy: trustProxy,
             oidc: OIDC.enabled ? OIDC : false,
             iceServers: iceServers,
             cors: corsOptions,
@@ -439,6 +444,7 @@ server.listen(port, () => {
         ngrokStart();
     } else {
         log.info('Server is running', {
+            trustProxy: trustProxy,
             oidc: OIDC.enabled ? OIDC : false,
             iceServers: iceServers,
             cors: corsOptions,

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "mirotalkbro",
-    "version": "1.1.22",
+    "version": "1.1.23",
     "description": "P2P WebRTC audio, video and screen live broadcast",
     "main": "app/server.js",
     "scripts": {
@@ -23,7 +23,7 @@
     "author": "Miroslav Pejic",
     "license": "AGPLv3",
     "dependencies": {
-        "@sentry/node": "^8.53.0",
+        "@sentry/node": "^8.54.0",
         "compression": "^1.7.5",
         "cors": "^2.8.5",
         "dotenv": "^16.4.7",