From 57c3e9f1b2c1d685472670b8ba2660144d2ae316 Mon Sep 17 00:00:00 2001
From: Henri Vasserman <henv@hot.ee>
Date: Fri, 28 Mar 2025 19:38:34 +0200
Subject: Change how to make Anubis work without a reverse proxy (#86)

* Change how to make Anubis work without a reverse proxy

* Apply suggestions from code review

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Henri Vasserman <henv@hot.ee>

* add support for unix sockets.

* add env var docs

* lib: fix tests

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Henri Vasserman <henv@hot.ee>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
---
 internal/headers.go | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'internal')

diff --git a/internal/headers.go b/internal/headers.go
index 681d076..9d6ba76 100644
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -2,6 +2,7 @@ package internal
 
 import (
 	"log/slog"
+	"net"
 	"net/http"
 
 	"github.com/TecharoHQ/anubis"
@@ -21,16 +22,29 @@ func UnchangingCache(next http.Handler) http.Handler {
 	})
 }
 
-// DefaultXRealIP sets the X-Real-Ip header to the given value if and only if
-// it is not an empty string.
-func DefaultXRealIP(defaultIP string, next http.Handler) http.Handler {
-	if defaultIP == "" {
-		slog.Debug("skipping middleware, defaultIP is empty")
+// RemoteXRealIP sets the X-Real-Ip header to the request's real IP if
+// the setting is enabled by the user.
+func RemoteXRealIP(useRemoteAddress bool, bindNetwork string, next http.Handler) http.Handler {
+	if useRemoteAddress == false {
+		slog.Debug("skipping middleware, useRemoteAddress is empty")
 		return next
 	}
 
+	if bindNetwork == "unix" {
+		// For local sockets there is no real remote address but the localhost
+		// address should be sensible.
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			r.Header.Set("X-Real-Ip", "127.0.0.1")
+			next.ServeHTTP(w, r)
+		})
+	}
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		r.Header.Set("X-Real-Ip", defaultIP)
+		host, _, err := net.SplitHostPort(r.RemoteAddr)
+		if err != nil {
+			panic(err) // this should never happen
+		}
+		r.Header.Set("X-Real-Ip", host)
 		next.ServeHTTP(w, r)
 	})
 }
-- 
cgit v1.2.3