Use ForwardedIpUtil everywhere we're handling X-Forwarded-For values.

service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java

@@ -71,6 +71,7 @@ import org.whispersystems.textsecuregcm.storage.MessagesManager;
 import org.whispersystems.textsecuregcm.storage.PendingAccountsManager;
 import org.whispersystems.textsecuregcm.storage.UsernamesManager;
 import org.whispersystems.textsecuregcm.util.Constants;
+import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
 import org.whispersystems.textsecuregcm.util.Hex;
 import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.VerificationCode;
@@ -198,10 +199,7 @@ public class AccountController {
       transport = "voice";
     }
 
-    String requester = Arrays.stream(forwardedFor.split(","))
+    String requester = ForwardedIpUtil.getMostRecentProxy(forwardedFor).orElseThrow();
-                             .map(String::trim)
-                             .reduce((a, b) -> b)
-                             .orElseThrow();
 
     Optional<StoredVerificationCode> storedChallenge = pendingAccounts.getCodeForNumber(number);
     CaptchaRequirement               requirement     = requiresCaptcha(number, transport, forwardedFor, requester, captcha, storedChallenge, pushChallenge);

service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java

@@ -74,6 +74,7 @@ import org.whispersystems.textsecuregcm.storage.DynamicConfigurationManager;
 import org.whispersystems.textsecuregcm.storage.MessagesManager;
 import org.whispersystems.textsecuregcm.util.Base64;
 import org.whispersystems.textsecuregcm.util.Constants;
+import org.whispersystems.textsecuregcm.util.ForwardedIpUtil;
 import org.whispersystems.textsecuregcm.util.Util;
 import org.whispersystems.textsecuregcm.util.ua.UnrecognizedUserAgentException;
 import org.whispersystems.textsecuregcm.util.ua.UserAgentUtil;
@@ -265,7 +266,12 @@ public class MessageController {
 
           if (StringUtils.isAllBlank(masterDevice.getApnId(), masterDevice.getVoipApnId(), masterDevice.getGcmId()) || masterDevice.getUninstalledFeedbackTimestamp() > 0) {
             if (dynamicConfigurationManager.getConfiguration().getMessageRateConfiguration().getRateLimitedCountryCodes().contains(senderCountryCode)) {
-              if (dynamicConfigurationManager.getConfiguration().getMessageRateConfiguration().getRateLimitedHosts().contains(forwardedFor)) {
+
+              final boolean isRateLimitedHost = ForwardedIpUtil.getMostRecentProxy(forwardedFor)
+                  .map(proxy -> dynamicConfigurationManager.getConfiguration().getMessageRateConfiguration().getRateLimitedHosts().contains(proxy))
+                  .orElse(false);
+
+              if (isRateLimitedHost) {
                 return declineDelivery(messages, source.get(), destination.get());
               }
             }
@@ -566,15 +572,15 @@ public class MessageController {
   }
 
   @VisibleForTesting
-  void recordInternationalUnsealedSenderMetrics(final String senderIp, final String senderCountryCode, final String destinationNumber) {
+  void recordInternationalUnsealedSenderMetrics(final String forwardedFor, final String senderCountryCode, final String destinationNumber) {
-    {
+    ForwardedIpUtil.getMostRecentProxy(forwardedFor).ifPresent(senderIp -> {
       final String destinationSetKey = getDestinationSetKey(senderIp);
       final String messageCountKey = getMessageCountKey(senderIp);
 
       recordInternationalUnsealedSenderMetricsScript.execute(
           List.of(destinationSetKey, messageCountKey),
           List.of(destinationNumber));
-    }
+    });
 
     Metrics.counter(INTERNATIONAL_UNSEALED_SENDER_COUNTER_NAME, SENDER_COUNTRY_TAG_NAME, senderCountryCode).increment();
   }