Add Configuration.RemoteAddrHeadersForce as requested at #1567 and change RemoteAddrHeaders from map to string slice

Read HISTORY.md entry
2026-03-05 16:05:58 +00:00 · 2020-07-26 14:37:30 +03:00
parent a50f0ed5ba
commit 22a89c12cb
7 changed files with 101 additions and 84 deletions
--- a/context/configuration.go
+++ b/context/configuration.go
@@ -57,7 +57,9 @@ type ConfigurationReadOnly interface {
 	GetViewDataContextKey() string

 	// GetRemoteAddrHeaders returns RemoteAddrHeaders field.
-	GetRemoteAddrHeaders() map[string]bool
+	GetRemoteAddrHeaders() []string
+	// GetRemoteAddrHeadersForce returns RemoteAddrHeadersForce field.
+	GetRemoteAddrHeadersForce() bool
 	// GetRemoteAddrPrivateSubnets returns the RemoteAddrPrivateSubnets field.
 	GetRemoteAddrPrivateSubnets() []netutil.IPRange
 	// GetSSLProxyHeaders returns the SSLProxyHeaders field.
--- a/context/context.go
+++ b/context/context.go
@@ -803,24 +803,38 @@ func (ctx *Context) FullRequestURI() string {
 // Based on allowed headers names that can be modified from Configuration.RemoteAddrHeaders.
 //
 // If parse based on these headers fail then it will return the Request's `RemoteAddr` field
-// which is filled by the server before the HTTP handler.
+// which is filled by the server before the HTTP handler,
+// unless the Configuration.RemoteAddrHeadersForce was set to true
+// which will force this method to return the first IP from RemoteAddrHeaders
+// even if it's part of a private network.
 //
 // Look `Configuration.RemoteAddrHeaders`,
+//		`Configuration.RemoteAddrHeadersForce`,
 //      `Configuration.WithRemoteAddrHeader(...)`,
 //      `Configuration.WithoutRemoteAddrHeader(...)` and
 //      `Configuration.RemoteAddrPrivateSubnets` for more.
 func (ctx *Context) RemoteAddr() string {
-	remoteHeaders := ctx.app.ConfigurationReadOnly().GetRemoteAddrHeaders()
-	privateSubnets := ctx.app.ConfigurationReadOnly().GetRemoteAddrPrivateSubnets()
+	if remoteHeaders := ctx.app.ConfigurationReadOnly().GetRemoteAddrHeaders(); len(remoteHeaders) > 0 {
+		privateSubnets := ctx.app.ConfigurationReadOnly().GetRemoteAddrPrivateSubnets()

-	for headerName, enabled := range remoteHeaders {
-		if !enabled {
-			continue
+		for _, headerName := range remoteHeaders {
+			ipAddresses := strings.Split(ctx.GetHeader(headerName), ",")
+			if ip, ok := netutil.GetIPAddress(ipAddresses, privateSubnets); ok {
+				return ip
+			}
 		}

-		ipAddresses := strings.Split(ctx.GetHeader(headerName), ",")
-		if ip, ok := netutil.GetIPAddress(ipAddresses, privateSubnets); ok {
-			return ip
+		if ctx.app.ConfigurationReadOnly().GetRemoteAddrHeadersForce() {
+			for _, headerName := range remoteHeaders {
+				// return the first valid IP,
+				//  even if it's a part of a private network.
+				ipAddresses := strings.Split(ctx.GetHeader(headerName), ",")
+				for _, addr := range ipAddresses {
+					if ip, _, err := net.SplitHostPort(addr); err == nil {
+						return ip
+					}
+				}
+			}
 		}
 	}