Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2025-05-24 01:12:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
immich/server/src/workers/api.ts
Nicolò a3799b3053
feat(server): add IP trust list for reverse proxy (#11286) 
* feat(server): add IP trust list for reverse proxy

Signed-off-by: hitech95 <nicveronese@gmail.com>

* feat(docs): add documentation of `IMMICH_TRUSTED_PROXIES` env

Signed-off-by: hitech95 <nicveronese@gmail.com>

---------

Signed-off-by: hitech95 <nicveronese@gmail.com>
2024-07-26 09:23:58 -05:00

79 lines
2.7 KiB
TypeScript
Raw Blame History

import { NestFactory } from '@nestjs/core';
import { NestExpressApplication } from '@nestjs/platform-express';
import { json } from 'body-parser';
import cookieParser from 'cookie-parser';
import { existsSync } from 'node:fs';
import sirv from 'sirv';
import { ApiModule } from 'src/app.module';
import { envName, excludePaths, isDev, resourcePaths, serverVersion } from 'src/constants';
import { ILoggerRepository } from 'src/interfaces/logger.interface';
import { WebSocketAdapter } from 'src/middleware/websocket.adapter';
import { ApiService } from 'src/services/api.service';
import { otelStart } from 'src/utils/instrumentation';
import { useSwagger } from 'src/utils/misc';
const host = process.env.HOST;
function parseTrustedProxy(input?: string) {
if (!input) {
return [];
}
// Split on ',' char to allow multiple IPs
return input.split(',');
}
async function bootstrap() {
process.title = 'immich-api';
const otelPort = Number.parseInt(process.env.IMMICH_API_METRICS_PORT ?? '8081');
const trustedProxies = parseTrustedProxy(process.env.IMMICH_TRUSTED_PROXIES ?? '');
otelStart(otelPort);
const port = Number(process.env.IMMICH_PORT) || 3001;
const app = await NestFactory.create<NestExpressApplication>(ApiModule, { bufferLogs: true });
const logger = await app.resolve<ILoggerRepository>(ILoggerRepository);
logger.setAppName('Api');
logger.setContext('Bootstrap');
app.useLogger(logger);
app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal', ...trustedProxies]);
app.set('etag', 'strong');
app.use(cookieParser());
app.use(json({ limit: '10mb' }));
if (isDev()) {
app.enableCors();
}
app.useWebSocketAdapter(new WebSocketAdapter(app));
useSwagger(app);
app.setGlobalPrefix('api', { exclude: excludePaths });
if (existsSync(resourcePaths.web.root)) {
// copied from https://github.com/sveltejs/kit/blob/679b5989fe62e3964b9a73b712d7b41831aa1f07/packages/adapter-node/src/handler.js#L46
// provides serving of precompressed assets and caching of immutable assets
app.use(
sirv(resourcePaths.web.root, {
etag: true,
gzip: true,
brotli: true,
extensions: [],
setHeaders: (res, pathname) => {
if (pathname.startsWith(`/_app/immutable`) && res.statusCode === 200) {
res.setHeader('cache-control', 'public,max-age=31536000,immutable');
}
},
}),
);
}
app.use(app.get(ApiService).ssr(excludePaths));
const server = await (host ? app.listen(port, host) : app.listen(port));
server.requestTimeout = 30 * 60 * 1000;
logger.log(`Immich Server is listening on ${await app.getUrl()} [v${serverVersion}] [${envName}] `);
}
bootstrap().catch((error) => {
console.error(error);
throw error;
});
Reference in New Issue View Git Blame Copy Permalink