From 07e6695430c4c0d77867bb31e547ceab1d65ddd0 Mon Sep 17 00:00:00 2001
From: Xe Iaso <me@xeiaso.net>
Date: Fri, 21 Mar 2025 16:45:33 -0400
Subject: cmd/anubis: set X-Real-Ip based on X-Forwarded-For (#63)

This triggers a SHAME release[0].

[0]: https://pridever.org/
---
 internal/headers.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'internal')

diff --git a/internal/headers.go b/internal/headers.go
index 1de845d..681d076 100644
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/TecharoHQ/anubis"
+	"github.com/sebest/xff"
 )
 
 // UnchangingCache sets the Cache-Control header to cache a response for 1 year if
@@ -33,3 +34,17 @@ func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler {
 		next.ServeHTTP(w, r)
 	})
 }
+
+// XForwardedForToXRealIP sets the X-Real-Ip header based on the contents
+// of the X-Forwarded-For header.
+func XForwardedForToXRealIP(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if xffHeader := r.Header.Get("X-Forwarded-For"); r.Header.Get("X-Real-Ip") == "" && xffHeader != "" {
+			ip := xff.Parse(xffHeader)
+			slog.Debug("setting x-real-ip", "val", ip)
+			r.Header.Set("X-Real-Ip", ip)
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
-- 
cgit v1.2.3