Skip to content

Commit

Permalink
Add support for trusting X-Forwarded-For header to get client IP
Browse files Browse the repository at this point in the history
falls back to remote ip if header unavailable
  • Loading branch information
Skyler84 committed Nov 13, 2023
1 parent 8b91e4a commit a6576a5
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
4 changes: 4 additions & 0 deletions warpgate-common/src/config/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,9 @@ pub struct HTTPConfig {

#[serde(default)]
pub key: String,

#[serde(default)]
pub trust_x_forwarded_for: bool,
}

impl Default for HTTPConfig {
Expand All @@ -148,6 +151,7 @@ impl Default for HTTPConfig {
listen: _default_http_listen(),
certificate: "".to_owned(),
key: "".to_owned(),
trust_x_forwarded_for: false,
}
}
}
Expand Down
14 changes: 13 additions & 1 deletion warpgate-protocol-http/src/logging.rs
Original file line number Diff line number Diff line change
@@ -1,18 +1,30 @@
use http::{Method, StatusCode, Uri};
use poem::{FromRequest, Request};
use poem::web::Data;
use tracing::*;
use warpgate_core::Services;

use crate::session_handle::WarpgateServerHandleFromRequest;

pub async fn span_for_request(req: &Request) -> poem::Result<Span> {
let handle = WarpgateServerHandleFromRequest::from_request_without_body(req).await;
let services: Data<&Services> = <_>::from_request_without_body(req).await?;
let config = services.config.lock().await;

let client_ip = req
let remote_ip = req
.remote_addr()
.as_socket_addr()
.map(|x| x.ip().to_string())
.unwrap_or("<unknown>".into());

let client_ip = match config.store.http.trust_x_forwarded_for {
true => req
.header("X-Forwarded-For")
.map(|x| x.to_string())
.unwrap_or(remote_ip),
false => remote_ip,
};

Ok(match handle {
Ok(ref handle) => {
let handle = handle.lock().await;
Expand Down

0 comments on commit a6576a5

Please sign in to comment.