removed RequestEvent.UnsafeRealIP

CHANGELOG.md

@@ -5,12 +5,14 @@
 
 - Fixed JSVM types errors ([#5797](https://github.com/pocketbase/pocketbase/issues/5797)).
 
-- Skip default `loadAuthToken` middleware if `e.Auth` is already loaded ([#5800](https://github.com/pocketbase/pocketbase/discussions/5800)).
+- Skip the default `loadAuthToken` middleware if `e.Auth` is already loaded ([#5800](https://github.com/pocketbase/pocketbase/discussions/5800)).
 
-- Changed the initial startup to generate a superuser with a random password if such no already exists. The installer is accessible with the link that would be printed in the terminal (it will attempt to auto open the browser).
+- ⚠️ Changed the initial PocketBase startup behavior based on @todo.
 
 - ⚠️ Removed `apis.RequireSuperuserAuthOnlyIfAny()` middleware.
 
+- ⚠️ Removed `RequestEvent.UnsafeRealIP()` to prevent misuse and confusion with `RequestEvent.RealIP()` (_the latter is considered safer because it checks the trusted proxy headers settings_).
+
 
 ## v0.23.0-rc10
 

apis/middlewares.go

@@ -397,17 +397,9 @@ func logRequest(event *core.RequestEvent, err error) {
 	}
 
 	if event.App.Settings().Logs.LogIP {
-		var userIP string
-		if len(event.App.Settings().TrustedProxy.Headers) > 0 {
-			userIP = event.RealIP()
-		} else {
-			// fallback to the legacy behavior (it is "safe" since it is only for log purposes)
-			userIP = cutStr(event.UnsafeRealIP(), 50)
-		}
-
 		attrs = append(
 			attrs,
-			slog.String("userIP", userIP),
+			slog.String("userIP", event.RealIP()),
 			slog.String("remoteIP", event.RemoteIP()),
 		)
 	}

tools/router/event.go

@@ -96,37 +96,6 @@ func (e *Event) RemoteIP() string {
 	return parsed.StringExpanded()
 }
 
-// UnsafeRealIP returns the "real" client IP from common proxy headers
-// OR fallbacks to the RemoteIP if none is found.
-//
-// NB! The returned IP value could be anything and it shouldn't be trusted if not behind a trusted reverse proxy!
-func (e *Event) UnsafeRealIP() string {
-	if ip := e.Request.Header.Get("CF-Connecting-IP"); ip != "" {
-		return ip
-	}
-
-	if ip := e.Request.Header.Get("Fly-Client-IP"); ip != "" {
-		return ip
-	}
-
-	if ip := e.Request.Header.Get("X-Real-IP"); ip != "" {
-		return ip
-	}
-
-	if ipsList := e.Request.Header.Get("X-Forwarded-For"); ipsList != "" {
-		// extract the first non-empty leftmost-ish ip
-		ips := strings.Split(ipsList, ",")
-		for _, ip := range ips {
-			ip = strings.TrimSpace(ip)
-			if ip != "" {
-				return ip
-			}
-		}
-	}
-
-	return e.RemoteIP()
-}
-
 // FindUploadedFiles extracts all form files of "key" from a http request
 // and returns a slice with filesystem.File instances (if any).
 func (e *Event) FindUploadedFiles(key string) ([]*filesystem.File, error) {

tools/router/event_test.go

@@ -219,65 +219,6 @@ func TestEventRemoteIP(t *testing.T) {
 	}
 }
 
-func TestEventUnsafeRealIP(t *testing.T) {
-	t.Parallel()
-
-	scenarios := []struct {
-		headers  map[string]string
-		expected string
-	}{
-		{nil, "1.2.3.4"},
-		{
-			map[string]string{"CF-Connecting-IP": "test"},
-			"test",
-		},
-		{
-			map[string]string{"Fly-Client-IP": "test"},
-			"test",
-		},
-		{
-			map[string]string{"X-Real-IP": "test"},
-			"test",
-		},
-		{
-			map[string]string{"X-Forwarded-For": "test1,test2,test3"},
-			"test1",
-		},
-	}
-
-	for i, s := range scenarios {
-		keys := make([]string, 0, len(s.headers))
-		for h := range s.headers {
-			keys = append(keys, h)
-		}
-
-		testName := strings.Join(keys, "_")
-		if testName == "" {
-			testName = "no_headers" + strconv.Itoa(i)
-		}
-
-		t.Run(testName, func(t *testing.T) {
-			req, err := http.NewRequest(http.MethodGet, "/", nil)
-			if err != nil {
-				t.Fatal(err)
-			}
-			req.RemoteAddr = "1.2.3.4:80" // fallback
-
-			for k, v := range s.headers {
-				req.Header.Set(k, v)
-			}
-
-			event := router.Event{Request: req}
-
-			ip := event.UnsafeRealIP()
-
-			if ip != s.expected {
-				t.Fatalf("Expected IP %q, got %q", s.expected, ip)
-			}
-		})
-	}
-}
-
 func TestFindUploadedFiles(t *testing.T) {
 	scenarios := []struct {
 		filename        string