feat: optional real-ip middleware

2023-07-06 08:16:11 -06:00 · 2023-07-06 08:16:11 -06:00 · 60487c11d6
parent e6f18e7cd8
commit 60487c11d6
4 changed files with 22 additions and 5 deletions
--- a/internal/admin/server.go
+++ b/internal/admin/server.go
@ -9,6 +9,7 @@ import (

 	"forge.cadoles.com/cadoles/bouncer/internal/auth"
 	"forge.cadoles.com/cadoles/bouncer/internal/auth/jwt"
+	bouncerChi "forge.cadoles.com/cadoles/bouncer/internal/chi"
 	"forge.cadoles.com/cadoles/bouncer/internal/config"
 	"forge.cadoles.com/cadoles/bouncer/internal/jwk"
 	"forge.cadoles.com/cadoles/bouncer/internal/store"
@ -91,7 +92,11 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e

 	router := chi.NewRouter()

-	router.Use(middleware.Logger)
+	if s.serverConfig.HTTP.UseRealIP {
+		router.Use(middleware.RealIP)
+	}
+
+	router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter()))

 	if s.serverConfig.Sentry.DSN != "" {
 		logger.Info(ctx, "enabling sentry http middleware")
--- a/internal/config/http.go
+++ b/internal/config/http.go
@ -1,13 +1,15 @@
 package config

 type HTTPConfig struct {
-	Host InterpolatedString `yaml:"host"`
-	Port InterpolatedInt    `yaml:"port"`
+	Host      InterpolatedString `yaml:"host"`
+	Port      InterpolatedInt    `yaml:"port"`
+	UseRealIP InterpolatedBool   `yaml:"useRealIP"`
 }

 func NewHTTPConfig(host string, port int) HTTPConfig {
 	return HTTPConfig{
-		Host: InterpolatedString(host),
-		Port: InterpolatedInt(port),
+		Host:      InterpolatedString(host),
+		Port:      InterpolatedInt(port),
+		UseRealIP: true,
 	}
 }
--- a/internal/proxy/server.go
+++ b/internal/proxy/server.go
@ -89,6 +89,10 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
 		s.directorLayers...,
 	)

+	if s.serverConfig.HTTP.UseRealIP {
+		router.Use(middleware.RealIP)
+	}
+
 	router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter()))

 	if s.serverConfig.Sentry.DSN != "" {
--- a/misc/packaging/common/config.yml
+++ b/misc/packaging/common/config.yml
@ -6,6 +6,9 @@ admin:
        host: 127.0.0.1
        # Port d'écoute du service
        port: 8081
+        # Utiliser les entêtes HTTP True-Client-IP, X-Real-IP ou X-Forwarded-For
+        # pour le calcul de l'adresse distante à l'origine des requêtes
+        useRealIP: true

    # Configuration CORS du service
    # Uniquement nécessaire si un frontend web
@ -73,6 +76,9 @@ proxy:
        host: 0.0.0.0
        # Port d'écoute du service
        port: 8080
+        # Utiliser les entêtes HTTP True-Client-IP, X-Real-IP ou X-Forwarded-For
+        # pour le calcul de l'adresse distante à l'origine des requêtes
+        useRealIP: true
    
    # Métriques Prometheus
    metrics: