From 926f866e09adf171bd64486ec3906e532006e3ea Mon Sep 17 00:00:00 2001 From: Benny Saret <44523436+1kamma@users.noreply.github.com> Date: Fri, 30 Aug 2024 13:56:04 +0300 Subject: [PATCH 1/4] WIP: logging --- logging/logging.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/logging/logging.go b/logging/logging.go index 398de15..c888bb3 100644 --- a/logging/logging.go +++ b/logging/logging.go @@ -6,7 +6,7 @@ import ( "os" "time" "strings" - + "regexp" // Structured logging "github.com/rs/zerolog" "github.com/gin-gonic/gin" @@ -45,6 +45,11 @@ func InitLogger(level string, releaseMode bool) { } } +func GetIPFromHeader(req *http.Request) string{ + checkHeader := regexp. + return "" +} + // https://learninggolang.com/it5-gin-structured-logging.html func GinLogger() gin.HandlerFunc { return func(c *gin.Context) { From 6cd61b6e11520726c202001e2d72669e1d467172 Mon Sep 17 00:00:00 2001 From: 1kamma Date: Fri, 30 Aug 2024 14:38:35 +0300 Subject: [PATCH 2/4] get the ip from the header x-real-ip --- logging/logging.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/logging/logging.go b/logging/logging.go index c888bb3..45f595b 100644 --- a/logging/logging.go +++ b/logging/logging.go @@ -7,6 +7,7 @@ import ( "time" "strings" "regexp" + // Structured logging "github.com/rs/zerolog" "github.com/gin-gonic/gin" @@ -45,9 +46,14 @@ func InitLogger(level string, releaseMode bool) { } } -func GetIPFromHeader(req *http.Request) string{ - checkHeader := regexp. - return "" +func GetIPFromHeader(req *gin.Context) string{ + checkHeader := regexp.MustCompile(`(?i)x-real-ip`) + for key, value := range req.Request.Header { + if checkHeader.MatchString(key) { + return value[0] + } + } + return req.ClientIP() } // https://learninggolang.com/it5-gin-structured-logging.html @@ -64,7 +70,7 @@ func GinLogger() gin.HandlerFunc { param.TimeStamp = time.Now() // Stop timer - param.ClientIP = c.ClientIP() + param.ClientIP =GetIPFromHeader(c) param.Method = c.Request.Method param.StatusCode = c.Writer.Status() param.ErrorMessage = c.Errors.ByType(gin.ErrorTypePrivate).String() From 23a0b3201a9dc202af4ff2d15ec1de514f47ea37 Mon Sep 17 00:00:00 2001 From: Benny Saret <44523436+1kamma@users.noreply.github.com> Date: Sun, 8 Sep 2024 10:10:13 +0300 Subject: [PATCH 3/4] added trusted proxy --- README.md | 4 +++- logging/logging.go | 11 +---------- main.go | 10 ++++++++-- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 497ed6d..cbb9491 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ REWINGED_HTTPSPRIVATEKEYFILE (string) REWINGED_LISTEN (string) REWINGED_LOGLEVEL (string) REWINGED_MANIFESTPATH (string) +REWINGED_PROXY (string) ``` @@ -109,7 +110,8 @@ rewinged will not look for any configuration file by default. Config file must b "httpsPrivateKeyFile": "./private.key", "listen": "localhost:8080", "logLevel": "info", - "manifestPath": "./packages" + "manifestPath": "./packages", + "proxy":"127.0.0.1" } ``` diff --git a/logging/logging.go b/logging/logging.go index 45f595b..8ee90ac 100644 --- a/logging/logging.go +++ b/logging/logging.go @@ -46,15 +46,6 @@ func InitLogger(level string, releaseMode bool) { } } -func GetIPFromHeader(req *gin.Context) string{ - checkHeader := regexp.MustCompile(`(?i)x-real-ip`) - for key, value := range req.Request.Header { - if checkHeader.MatchString(key) { - return value[0] - } - } - return req.ClientIP() -} // https://learninggolang.com/it5-gin-structured-logging.html func GinLogger() gin.HandlerFunc { @@ -70,7 +61,7 @@ func GinLogger() gin.HandlerFunc { param.TimeStamp = time.Now() // Stop timer - param.ClientIP =GetIPFromHeader(c) + param.ClientIP =c.ClientIP() param.Method = c.Request.Method param.StatusCode = c.Writer.Status() param.ErrorMessage = c.Errors.ByType(gin.ErrorTypePrivate).String() diff --git a/main.go b/main.go index 631ef14..fff8a59 100644 --- a/main.go +++ b/main.go @@ -11,7 +11,7 @@ import ( "strings" "unicode" "path/filepath" - + "regexp" // Configuration "github.com/peterbourgon/ff/v3" @@ -46,6 +46,7 @@ func main() { autoInternalizePathPtr = fs.String("autoInternalizePath", "./installers", "The directory where auto-internalized installers will be stored") autoInternalizeSkipPtr = fs.String("autoInternalizeSkip", "", "List of hostnames excluded from auto-internalization (comma or space to separate)") logLevelPtr = fs.String("logLevel", "info", "Set log verbosity: disable, error, warn, info, debug or trace") + trustedProxies = fs.String("proxy","", "get list of trusted proxy addresses") _ = fs.String("configFile", "", "Path to a json configuration file (optional)") ) @@ -145,7 +146,12 @@ func main() { } router := gin.New() - router.SetTrustedProxies(nil) + if(*trustedProxies != ""){ + spliter := regexp.MustCompile(`[,\s;]`) + router.SetTrustedProxies(spliter.Split(*trustedProxies, -1)) + } else{ + router.SetTrustedProxies(nil) + } router.Use(logging.GinLogger()) router.Use(gin.Recovery()) router.Static("/installers", *autoInternalizePathPtr) From d214ad9c4d1f3cb1b860fa0ab03c499c7b20da9f Mon Sep 17 00:00:00 2001 From: jantari Date: Tue, 10 Sep 2024 21:47:52 +0200 Subject: [PATCH 4/4] remove regexp dep, formatting, rename parameter, nits --- README.md | 6 ++++-- logging/logging.go | 4 +--- main.go | 16 ++++++++++------ 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index cbb9491..59dde90 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,8 @@ Commandline arguments have the highest priority and take precedence over both en Set log verbosity: disable, error, warn, info, debug or trace (default "info") -manifestPath string The directory to search for package manifest files (default "./packages") + -trustedProxies string + List of IPs from which to trust Client-IP headers (comma or space to separate) -version Print the version information and exit ``` @@ -89,7 +91,7 @@ REWINGED_HTTPSPRIVATEKEYFILE (string) REWINGED_LISTEN (string) REWINGED_LOGLEVEL (string) REWINGED_MANIFESTPATH (string) -REWINGED_PROXY (string) +REWINGED_TRUSTEDPROXIES (string) ``` @@ -111,7 +113,7 @@ rewinged will not look for any configuration file by default. Config file must b "listen": "localhost:8080", "logLevel": "info", "manifestPath": "./packages", - "proxy":"127.0.0.1" + "trustedProxies": "" } ``` diff --git a/logging/logging.go b/logging/logging.go index 8ee90ac..398de15 100644 --- a/logging/logging.go +++ b/logging/logging.go @@ -6,7 +6,6 @@ import ( "os" "time" "strings" - "regexp" // Structured logging "github.com/rs/zerolog" @@ -46,7 +45,6 @@ func InitLogger(level string, releaseMode bool) { } } - // https://learninggolang.com/it5-gin-structured-logging.html func GinLogger() gin.HandlerFunc { return func(c *gin.Context) { @@ -61,7 +59,7 @@ func GinLogger() gin.HandlerFunc { param.TimeStamp = time.Now() // Stop timer - param.ClientIP =c.ClientIP() + param.ClientIP = c.ClientIP() param.Method = c.Request.Method param.StatusCode = c.Writer.Status() param.ErrorMessage = c.Errors.ByType(gin.ErrorTypePrivate).String() diff --git a/main.go b/main.go index fff8a59..d442635 100644 --- a/main.go +++ b/main.go @@ -11,7 +11,6 @@ import ( "strings" "unicode" "path/filepath" - "regexp" // Configuration "github.com/peterbourgon/ff/v3" @@ -46,7 +45,7 @@ func main() { autoInternalizePathPtr = fs.String("autoInternalizePath", "./installers", "The directory where auto-internalized installers will be stored") autoInternalizeSkipPtr = fs.String("autoInternalizeSkip", "", "List of hostnames excluded from auto-internalization (comma or space to separate)") logLevelPtr = fs.String("logLevel", "info", "Set log verbosity: disable, error, warn, info, debug or trace") - trustedProxies = fs.String("proxy","", "get list of trusted proxy addresses") + trustedProxiesPtr = fs.String("trustedProxies", "", "List of IPs from which to trust Client-IP headers (comma or space to separate)") _ = fs.String("configFile", "", "Path to a json configuration file (optional)") ) @@ -146,10 +145,15 @@ func main() { } router := gin.New() - if(*trustedProxies != ""){ - spliter := regexp.MustCompile(`[,\s;]`) - router.SetTrustedProxies(spliter.Split(*trustedProxies, -1)) - } else{ + + // Users can set 0.0.0.0/0 or ::/0 to trust all proxies if need be + if (*trustedProxiesPtr != "") { + trustedProxies := strings.FieldsFunc(*trustedProxiesPtr, func(c rune) bool { + return unicode.IsSpace(c) || c == ',' + }) + router.SetTrustedProxies(trustedProxies) + } else { + // From my testing, both nil and '0.0.0.0' result in gin trusting noone router.SetTrustedProxies(nil) } router.Use(logging.GinLogger())