Use the RealIP middleware also behind a reverse proxy (#2858)

* Use the RealIP middleware only behind a reverse proxy * Fix proxy ip source in tests * Fix test for PR#2087 The PR did not update the test after changing the behavior, but the test still passed because another condition was preventing the user from being created in the test. * Use RealIP even without a trusted reverse proxy * Use own type for context key * Fix casing to follow go's conventions * Do not apply RealIP middleware twice * Fix IP source in logs The most interesting data point in the log message is the proxy's IP, but having the client IP too can help identify integration issues.
2024-04-26 02:43:58 +02:00
parent 8f9ed1b994
commit 18143fa5a1
5 changed files with 71 additions and 30 deletions
@@ -148,7 +148,7 @@ func getPlayer(players core.Players) func(next http.Handler) http.Handler {
 			userName, _ := request.UsernameFrom(ctx)
 			client, _ := request.ClientFrom(ctx)
 			playerId := playerIDFromCookie(r, userName)
-			ip, _, _ := net.SplitHostPort(realIP(r))
+			ip, _, _ := net.SplitHostPort(r.RemoteAddr)
 			userAgent := canonicalUserAgent(r)
 			player, trc, err := players.Register(ctx, playerId, client, userAgent, ip)
 			if err != nil {
@@ -185,19 +185,6 @@ func canonicalUserAgent(r *http.Request) string {
 	return userAgent
 }

-func realIP(r *http.Request) string {
-	if xrip := r.Header.Get("X-Real-IP"); xrip != "" {
-		return xrip
-	} else if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
-		i := strings.Index(xff, ", ")
-		if i == -1 {
-			i = len(xff)
-		}
-		return xff[:i]
-	}
-	return r.RemoteAddr
-}
-
 func playerIDFromCookie(r *http.Request, userName string) string {
 	cookieName := playerIDCookieName(userName)
 	var playerId string