commit 1cf9d719f0b8e27dc964ab61f277d322d1685a83
parent 311f4b52831f27279cf8a67629b438a15faf78b3
Author: William Casarin <jb55@jb55.com>
Date: Thu, 3 Nov 2022 11:01:38 -0700
feat: look for proxied ip headers
This enables support for using the proxied IP from cloudflare. The damus
relay is behind cloudflare, so to get accurate remote ip logging we need
to look at the headers instead of the socket address.
Signed-off-by: William Casarin <jb55@jb55.com>
Diffstat:
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/server.rs b/src/server.rs
@@ -13,6 +13,7 @@ use crate::nip05;
use crate::subscription::Subscription;
use futures::SinkExt;
use futures::StreamExt;
+use http::header::HeaderMap;
use hyper::header::ACCEPT;
use hyper::service::{make_service_fn, service_fn};
use hyper::upgrade::Upgraded;
@@ -85,7 +86,8 @@ async fn handle_web_request(
)
.await;
// spawn server with info... but include IP here.
- let remote_ip = remote_addr.ip().to_string();
+ let remote_ip =
+ get_remote_ip_string(&remote_addr, request.headers());
tokio::spawn(nostr_server(
pool, remote_ip, settings, ws_stream, broadcast, event_tx,
shutdown,
@@ -151,6 +153,23 @@ async fn handle_web_request(
}
}
+fn get_remote_ip_string(remote_addr: &SocketAddr, headers: &HeaderMap) -> String {
+ if let Some(ip) = get_cloudflare_remote_ip(headers) {
+ return ip;
+ }
+
+ return remote_addr.ip().to_string();
+}
+
+fn get_cloudflare_remote_ip(headers: &HeaderMap) -> Option<String> {
+ if let Some(val) = headers.get("CF-Connecting-IP") {
+ if let Ok(s) = val.to_str() {
+ return Some(s.to_string());
+ }
+ }
+ return None;
+}
+
// return on a control-c or internally requested shutdown signal
async fn ctrl_c_or_signal(mut shutdown_signal: Receiver<()>) {
let mut term_signal = tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())