From bc8e7162db7dd050c58fb2f2a92c094b7b5a22f9 Mon Sep 17 00:00:00 2001
From: Josef Johansson <josef@oderland.se>
Date: Sun, 25 Feb 2024 12:29:20 +0100
Subject: [PATCH] Allow parsing remote address headers over unix sockets

When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
---
 oauthproxy.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index c5a5928b..cc2a5ee6 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -606,7 +606,9 @@ func (p *OAuthProxy) isAPIPath(req *http.Request) bool {
 
 // isTrustedIP is used to check if a request comes from a trusted client IP address.
 func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
-	if p.trustedIPs == nil {
+	// RemoteAddr @ means unix socket
+	// https://github.com/golang/go/blob/0fa53e41f122b1661d0678a6d36d71b7b5ad031d/src/syscall/syscall_linux.go#L506-L511
+	if p.trustedIPs == nil && req.RemoteAddr != "@" {
 		return false
 	}