From 07e6695430c4c0d77867bb31e547ceab1d65ddd0 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Fri, 21 Mar 2025 16:45:33 -0400 Subject: [PATCH] cmd/anubis: set X-Real-Ip based on X-Forwarded-For (#63) This triggers a SHAME release[0]. [0]: https://pridever.org/ --- VERSION | 2 +- cmd/anubis/main.go | 1 + docs/docs/CHANGELOG.md | 7 +++++++ go.mod | 1 + go.sum | 2 ++ internal/headers.go | 15 +++++++++++++++ 6 files changed, 27 insertions(+), 1 deletion(-) diff --git a/VERSION b/VERSION index cd99d38..30f101c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.14.0 \ No newline at end of file +1.14.1 \ No newline at end of file diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index 75d3038..e27e02f 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -214,6 +214,7 @@ func main() { var h http.Handler h = mux h = internal.DefaultXRealIP(*debugXRealIPDefault, h) + h = internal.XForwardedForToXRealIP(h) srv := http.Server{Handler: h} listener, url := setupListener(*bindNetwork, *bind) diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 1c42808..ef94d1b 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -11,6 +11,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## v1.14.1 + +Livia sas Junius: Echo 1 + +- Set the `X-Real-Ip` header based on the contents of `X-Forwarded-For` + [#62](https://github.com/TecharoHQ/anubis/issues/62) + ## v1.14.0 Livia sas Junius diff --git a/go.mod b/go.mod index 8caa7fa..f4f54bc 100644 --- a/go.mod +++ b/go.mod @@ -34,6 +34,7 @@ require ( github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.62.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a // indirect golang.org/x/mod v0.24.0 // indirect golang.org/x/net v0.37.0 // indirect golang.org/x/sync v0.12.0 // indirect diff --git a/go.sum b/go.sum index 839037b..a3dea0d 100644 --- a/go.sum +++ b/go.sum @@ -59,6 +59,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+uQBDeAhHhwdzB5fSlVdhGcM= +github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a/go.mod h1:wozgYq9WEBQBaIJe4YZ0qTSFAMxmcwBhQH0fO0R34Z0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= diff --git a/internal/headers.go b/internal/headers.go index 1de845d..681d076 100644 --- a/internal/headers.go +++ b/internal/headers.go @@ -5,6 +5,7 @@ import ( "net/http" "github.com/TecharoHQ/anubis" + "github.com/sebest/xff" ) // UnchangingCache sets the Cache-Control header to cache a response for 1 year if @@ -33,3 +34,17 @@ func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler { next.ServeHTTP(w, r) }) } + +// XForwardedForToXRealIP sets the X-Real-Ip header based on the contents +// of the X-Forwarded-For header. +func XForwardedForToXRealIP(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if xffHeader := r.Header.Get("X-Forwarded-For"); r.Header.Get("X-Real-Ip") == "" && xffHeader != "" { + ip := xff.Parse(xffHeader) + slog.Debug("setting x-real-ip", "val", ip) + r.Header.Set("X-Real-Ip", ip) + } + + next.ServeHTTP(w, r) + }) +}