Add trusted proxies property and find a solution to unix sockets

gotify · Jan 20, 2024 · 15dd6a3 · 15dd6a3
1 parent d32d131
commit 15dd6a3
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/config/config.go b/config/config.go
@@ -39,6 +39,8 @@ type Configuration struct {
 			AllowMethods []string
 			AllowHeaders []string
 		}
+
+		TrustedProxies []string
 	}
 	Database struct {
 		Dialect    string `default:"sqlite3"`

diff --git a/router/router.go b/router/router.go
@@ -2,6 +2,7 @@ package router
 
 import (
 	"fmt"
+	"net"
 	"net/http"
 	"path/filepath"
 	"regexp"
@@ -27,6 +28,18 @@ import (
 func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) {
 	g := gin.New()
 
+	if conf.Server.TrustedProxies != nil {
+		fmt.Printf("Trusted proxies: %s\n", strings.Join(conf.Server.TrustedProxies, ", "))
+		g.SetTrustedProxies(conf.Server.TrustedProxies)
+		g.ForwardedByClientIP = true
+	}
+
+	g.Use(func(ctx *gin.Context) {
+		if localAddr, ok := ctx.Request.Context().Value(http.LocalAddrContextKey).(net.Addr); ok && localAddr.Network() == "unix" {
+			ctx.Request.RemoteAddr = "127.0.0.1:65535" // set remote address to localhost for unix socket requests
+		}
+	})
+
 	g.Use(gin.LoggerWithFormatter(logFormatter), gin.Recovery(), gerror.Handler(), location.Default())
 	g.NoRoute(gerror.NotFound())