go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-11-24 07:04:51 +02:00
Code Issues Releases Activity

[#282] fixed "real" user ip extraction

Browse Source
This commit is contained in:
Gani Georgiev
2022-08-20 07:57:17 +03:00
parent beb8e7924d
commit 07cd758112
3 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apis/middlewares.go
View File

@@ -304,22 +304,24 @@ func ActivityLogger(app core.App) echo.MiddlewareFunc {
// Returns the "real" user IP from common proxy headers (or fallbackIp if none is found).
//
// The returned IP shouldn't be trusted if not behind a trusted reverse proxy!
// The returned IP value shouldn't be trusted if not behind a trusted reverse proxy!
func realUserIp(r *http.Request, fallbackIp string) string {
if ip := r.Header.Get("CF-Connecting-IP"); ip != "" {
return ip
}
if ip := r.Header.Get("X-Forwarded-For"); ip != "" {
// extract only the last IP
if i := strings.IndexAny(ip, ","); i > 0 {
return strings.TrimSpace(ip[:i])
}
if ip := r.Header.Get("X-Real-IP"); ip != "" {
return ip
}
if ip := r.Header.Get("X-Forwarded-For"); ip != "" {
return ip
if ipsList := r.Header.Get("X-Forwarded-For"); ipsList != "" {
ips := strings.Split(ipsList, ",")
// extract the rightmost ip
for _, ip := range ips {
if trimmedIp := strings.TrimSpace(ip); trimmedIp != "" {
return trimmedIp
}
}
}
return fallbackIp