From c68b2b5a724b2d900ecfc8da47661144e4473206 Mon Sep 17 00:00:00 2001 From: Laurence Date: Sat, 20 Jan 2024 17:45:32 +0000 Subject: [PATCH] Add trusted proxies property and find a solution to unix sockets --- config.example.yml | 4 ++++ config/config.go | 2 ++ router/router.go | 12 ++++++++++++ 3 files changed, 18 insertions(+) diff --git a/config.example.yml b/config.example.yml index 2cf2c35..46350d6 100644 --- a/config.example.yml +++ b/config.example.yml @@ -23,6 +23,10 @@ server: responseheaders: # response headers are added to every response (default: none) # X-Custom-Header: "custom value" +# + trustedproxies: # IPs or IP ranges of trusted proxies. Used to obtain the remote ip via the X-Forwarded-For header. (configure 127.0.0.1 to trust sockets) +# - 127.0.0.1/32 +# - ::1 cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers. alloworigins: diff --git a/config/config.go b/config/config.go index a1410c1..a8fbc2f 100644 --- a/config/config.go +++ b/config/config.go @@ -39,6 +39,8 @@ type Configuration struct { AllowMethods []string AllowHeaders []string } + + TrustedProxies []string } Database struct { Dialect string `default:"sqlite3"` diff --git a/router/router.go b/router/router.go index 228b672..01bcba3 100644 --- a/router/router.go +++ b/router/router.go @@ -27,6 +27,18 @@ import ( func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) { g := gin.New() + if conf.Server.TrustedProxies != nil { + g.SetTrustedProxies(conf.Server.TrustedProxies) + g.ForwardedByClientIP = true + } + + g.Use(func(ctx *gin.Context) { + // Map sockets "@" to 127.0.0.1, because gin-gonic can only trust IPs. + if ctx.Request.RemoteAddr == "@" { + ctx.Request.RemoteAddr = "127.0.0.1:65535" + } + }) + g.Use(gin.LoggerWithFormatter(logFormatter), gin.Recovery(), gerror.Handler(), location.Default()) g.NoRoute(gerror.NotFound())