From 72b4f65d24f1dceba074a1845d218298e84977b5 Mon Sep 17 00:00:00 2001 From: Vanio Date: Sun, 13 Aug 2023 12:25:52 -0300 Subject: [PATCH 1/4] Refactor: Improve Code Readability with Constants and Early Returns --- middleware/realip.go | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/middleware/realip.go b/middleware/realip.go index 2c6b3b33..6771e36e 100644 --- a/middleware/realip.go +++ b/middleware/realip.go @@ -9,9 +9,11 @@ import ( "strings" ) -var trueClientIP = http.CanonicalHeaderKey("True-Client-IP") -var xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For") -var xRealIP = http.CanonicalHeaderKey("X-Real-IP") +const ( + trueClientIP = "True-Client-IP" + xRealIP = "X-Real-IP" + xForwardedFor = "X-Forwarded-For" +) // RealIP is a middleware that sets a http.Request's RemoteAddr to the results // of parsing either the True-Client-IP, X-Real-IP or the X-Forwarded-For headers @@ -40,21 +42,25 @@ func RealIP(h http.Handler) http.Handler { } func realIP(r *http.Request) string { - var ip string + if tcip := r.Header.Get(trueClientIP); isValidIP(tcip) { + return tcip + } + + if xrip := r.Header.Get(xRealIP); isValidIP(xrip) { + return xrip + } - if tcip := r.Header.Get(trueClientIP); tcip != "" { - ip = tcip - } else if xrip := r.Header.Get(xRealIP); xrip != "" { - ip = xrip - } else if xff := r.Header.Get(xForwardedFor); xff != "" { + if xff := r.Header.Get(xForwardedFor); xff != "" { i := strings.Index(xff, ",") if i == -1 { i = len(xff) } - ip = xff[:i] + return xff[:i] } - if ip == "" || net.ParseIP(ip) == nil { - return "" - } - return ip + + return "" +} + +func isValidIP(ip string) bool { + return ip != "" && net.ParseIP(ip) != nil } From 0ec89a4c546a9f48b7e86c347e9f7a2e323c8ccf Mon Sep 17 00:00:00 2001 From: k-vanio <100777775+k-vanio@users.noreply.github.com> Date: Mon, 28 Aug 2023 09:05:43 -0300 Subject: [PATCH 2/4] Refactor: Alphabetically sort constants for improved readability --- middleware/realip.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/middleware/realip.go b/middleware/realip.go index 6771e36e..baf322a8 100644 --- a/middleware/realip.go +++ b/middleware/realip.go @@ -11,8 +11,8 @@ import ( const ( trueClientIP = "True-Client-IP" - xRealIP = "X-Real-IP" xForwardedFor = "X-Forwarded-For" + xRealIP = "X-Real-IP" ) // RealIP is a middleware that sets a http.Request's RemoteAddr to the results From 7edfacc0f88889efb5ad4688fcbb3934ec050467 Mon Sep 17 00:00:00 2001 From: k-vanio <100777775+k-vanio@users.noreply.github.com> Date: Wed, 30 Aug 2023 09:53:05 -0300 Subject: [PATCH 3/4] Enhanced X-Forwarded-For Validation: Implemented thorough checks to validate the integrity of IP addresses within the X-Forwarded-For (XFF) header. --- middleware/realip.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/middleware/realip.go b/middleware/realip.go index baf322a8..37c0c80f 100644 --- a/middleware/realip.go +++ b/middleware/realip.go @@ -55,7 +55,10 @@ func realIP(r *http.Request) string { if i == -1 { i = len(xff) } - return xff[:i] + + if isValidIP(xff[:i]) { + return xff[:i] + } } return "" From 0b01520a67d6dc378f4805f84cbb0e1f50b4cd13 Mon Sep 17 00:00:00 2001 From: k-vanio <100777775+k-vanio@users.noreply.github.com> Date: Wed, 30 Aug 2023 11:33:52 -0300 Subject: [PATCH 4/4] Enhancing IP Address Validation in XFF --- middleware/realip.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/middleware/realip.go b/middleware/realip.go index 37c0c80f..5d5759cf 100644 --- a/middleware/realip.go +++ b/middleware/realip.go @@ -56,8 +56,8 @@ func realIP(r *http.Request) string { i = len(xff) } - if isValidIP(xff[:i]) { - return xff[:i] + if xff = xff[:i]; isValidIP(xff) { + return xff } }