Skip to content

Commit

Permalink
fix: strip port from client ip
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheUnderScorer
TheUnderScorer committed Jun 13, 2024
1 parent 869c9f7 commit 8469fb4
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
10 changes: 5 additions & 5 deletions proxy/utils/headers.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ const mockReq = {
'strict-transport-security': 'max-age=600',
'x-azure-requestchain': 'hops=1',
'x-azure-socketip': '46.204.4.119',
'x-forwarded-for': '127.0.0.1',
'x-azure-clientip': '127.0.0.1',
'x-forwarded-for': '127.0.0.1:12345',
'x-azure-clientip': '127.0.0.1:12345',
'x-forwarded-host': 'fpjs.sh',
},
user: null,
Expand Down Expand Up @@ -163,23 +163,23 @@ describe('prepareHeadersForIngressAPI', () => {
it('should set client ip and proxy secret', () => {
const result = prepareHeadersForIngressAPI(mockReq, 'secret')

expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-forwarded-for'])
expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1')
expect(result['fpjs-proxy-secret']).toBe('secret')
expect(result['fpjs-proxy-forwarded-host']).toBe('fpjs.sh')
})

it('should set correct host', () => {
const result = prepareHeadersForIngressAPI(mockReq, 'secret')

expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-forwarded-for'])
expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1')
expect(result['fpjs-proxy-secret']).toBe('secret')
expect(result['fpjs-proxy-forwarded-host']).toBe('fpjs.sh')
})

it('should not set secret if it is undefined', () => {
const result = prepareHeadersForIngressAPI(mockReq, undefined)

expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-azure-clientip'])
expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1')
expect(result['fpjs-proxy-secret']).toBe(undefined)
expect(result['fpjs-proxy-forwarded-host']).toBe(undefined)
})
Expand Down
13 changes: 11 additions & 2 deletions proxy/utils/headers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,13 +70,22 @@ export function updateResponseHeaders(
}

function resolveClientIp(request: HttpRequest, logger?: Logger) {
const clientIp = request.headers['x-azure-clientip'] || request.headers['x-client-ip'] || request.headers['x-real-ip']
const clientIp =
request.headers['x-azure-clientip'] || request.headers['x-client-ip'] || request.headers['x-real-ip'] || ''

Check warning on line 74 in proxy/utils/headers.ts

View workflow job for this annotation

GitHub Actions / Coverage annotations (🧪 jest-coverage-report-action)

🌿 Branch is not covered 

Warning! Not covered branch

Check warning on line 74 in proxy/utils/headers.ts

View workflow job for this annotation

GitHub Actions / Coverage annotations (🧪 jest-coverage-report-action)

🌿 Branch is not covered 

Warning! Not covered branch

Check warning on line 74 in proxy/utils/headers.ts

View workflow job for this annotation

GitHub Actions / Coverage annotations (🧪 jest-coverage-report-action)

🌿 Branch is not covered 

Warning! Not covered branch

logger?.verbose('Client IP resolved', {
clientIp,
})

return clientIp
return stripPort(clientIp)
}

function stripPort(ip: string) {
if (!ip.includes(':')) {
return ip
}

return ip.split(':')[0]
}

export function getHost(request: Pick<HttpRequest, 'headers' | 'url'>) {
Expand Down

0 comments on commit 8469fb4

Please sign in to comment.