cmd/anubis: set X-Real-Ip based on X-Forwarded-ForXe/xff-x-real-ip

This triggers a SHAME release[0]. [0]: https://pridever.org/
author: Xe Iaso <me@xeiaso.net> 2025-03-21 16:40:46 -0400
committer: Xe Iaso <me@xeiaso.net> 2025-03-21 16:40:46 -0400
commit: 1d46a7998ec16d5d8a022a98f51359651d483c42 (patch)
tree: 4dec2bdb3cec8151aeae6df9f28a284f5340ea22 /internal/headers.go
parent: a9777a3126b5908c5cebfb24f7422252101b2125 (diff)
download: anubis-Xe/xff-x-real-ip.tar.xz
anubis-Xe/xff-x-real-ip.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/internal/headers.go b/internal/headers.go
index 1de845d..681d076 100644
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/TecharoHQ/anubis"
+	"github.com/sebest/xff"
 )
 
 // UnchangingCache sets the Cache-Control header to cache a response for 1 year if
@@ -33,3 +34,17 @@ func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler {
 		next.ServeHTTP(w, r)
 	})
 }
+
+// XForwardedForToXRealIP sets the X-Real-Ip header based on the contents
+// of the X-Forwarded-For header.
+func XForwardedForToXRealIP(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if xffHeader := r.Header.Get("X-Forwarded-For"); r.Header.Get("X-Real-Ip") == "" && xffHeader != "" {
+			ip := xff.Parse(xffHeader)
+			slog.Debug("setting x-real-ip", "val", ip)
+			r.Header.Set("X-Real-Ip", ip)
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
author	Xe Iaso <me@xeiaso.net>	2025-03-21 16:40:46 -0400
committer	Xe Iaso <me@xeiaso.net>	2025-03-21 16:40:46 -0400
commit	1d46a7998ec16d5d8a022a98f51359651d483c42 (patch)
tree	4dec2bdb3cec8151aeae6df9f28a284f5340ea22 /internal/headers.go
parent	a9777a3126b5908c5cebfb24f7422252101b2125 (diff)
download	anubis-Xe/xff-x-real-ip.tar.xz anubis-Xe/xff-x-real-ip.zip