From 60487c11d645c68bf5d35140197850395cc738fc Mon Sep 17 00:00:00 2001 From: William Petit Date: Thu, 6 Jul 2023 08:16:11 -0600 Subject: [PATCH] feat: optional real-ip middleware --- internal/admin/server.go | 7 ++++++- internal/config/http.go | 10 ++++++---- internal/proxy/server.go | 4 ++++ misc/packaging/common/config.yml | 6 ++++++ 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/internal/admin/server.go b/internal/admin/server.go index 84bfc64..9b9e0c5 100644 --- a/internal/admin/server.go +++ b/internal/admin/server.go @@ -9,6 +9,7 @@ import ( "forge.cadoles.com/cadoles/bouncer/internal/auth" "forge.cadoles.com/cadoles/bouncer/internal/auth/jwt" + bouncerChi "forge.cadoles.com/cadoles/bouncer/internal/chi" "forge.cadoles.com/cadoles/bouncer/internal/config" "forge.cadoles.com/cadoles/bouncer/internal/jwk" "forge.cadoles.com/cadoles/bouncer/internal/store" @@ -91,7 +92,11 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e router := chi.NewRouter() - router.Use(middleware.Logger) + if s.serverConfig.HTTP.UseRealIP { + router.Use(middleware.RealIP) + } + + router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter())) if s.serverConfig.Sentry.DSN != "" { logger.Info(ctx, "enabling sentry http middleware") diff --git a/internal/config/http.go b/internal/config/http.go index d99bcca..f344b0d 100644 --- a/internal/config/http.go +++ b/internal/config/http.go @@ -1,13 +1,15 @@ package config type HTTPConfig struct { - Host InterpolatedString `yaml:"host"` - Port InterpolatedInt `yaml:"port"` + Host InterpolatedString `yaml:"host"` + Port InterpolatedInt `yaml:"port"` + UseRealIP InterpolatedBool `yaml:"useRealIP"` } func NewHTTPConfig(host string, port int) HTTPConfig { return HTTPConfig{ - Host: InterpolatedString(host), - Port: InterpolatedInt(port), + Host: InterpolatedString(host), + Port: InterpolatedInt(port), + UseRealIP: true, } } diff --git a/internal/proxy/server.go b/internal/proxy/server.go index eeee775..47f4d8c 100644 --- a/internal/proxy/server.go +++ b/internal/proxy/server.go @@ -89,6 +89,10 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e s.directorLayers..., ) + if s.serverConfig.HTTP.UseRealIP { + router.Use(middleware.RealIP) + } + router.Use(middleware.RequestLogger(bouncerChi.NewLogFormatter())) if s.serverConfig.Sentry.DSN != "" { diff --git a/misc/packaging/common/config.yml b/misc/packaging/common/config.yml index ff1f1b7..03ba17a 100644 --- a/misc/packaging/common/config.yml +++ b/misc/packaging/common/config.yml @@ -6,6 +6,9 @@ admin: host: 127.0.0.1 # Port d'écoute du service port: 8081 + # Utiliser les entêtes HTTP True-Client-IP, X-Real-IP ou X-Forwarded-For + # pour le calcul de l'adresse distante à l'origine des requêtes + useRealIP: true # Configuration CORS du service # Uniquement nécessaire si un frontend web @@ -73,6 +76,9 @@ proxy: host: 0.0.0.0 # Port d'écoute du service port: 8080 + # Utiliser les entêtes HTTP True-Client-IP, X-Real-IP ou X-Forwarded-For + # pour le calcul de l'adresse distante à l'origine des requêtes + useRealIP: true # Métriques Prometheus metrics: