From bf8831c64a0f307bbb486d873dfad2011965123e Mon Sep 17 00:00:00 2001 From: Tom Snelling Date: Fri, 17 Mar 2023 01:07:39 +0000 Subject: [PATCH] adds handling for x-forwarded-for comma-separated syntax (#452) --- lib/server/parse-http.js | 14 +++++++++++--- lib/server/parse-websocket.js | 14 +++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/lib/server/parse-http.js b/lib/server/parse-http.js index 5847251..1e6fe31 100644 --- a/lib/server/parse-http.js +++ b/lib/server/parse-http.js @@ -33,9 +33,17 @@ function parseHttpRequest (req, opts) { common.MAX_ANNOUNCE_PEERS ) - params.ip = opts.trustProxy - ? req.headers['x-forwarded-for'] || req.connection.remoteAddress - : req.connection.remoteAddress.replace(common.REMOVE_IPV4_MAPPED_IPV6_RE, '') // force ipv4 + if (opts.trustProxy) { + if (req.headers['x-forwarded-for']) { + const [realIp] = req.headers['x-forwarded-for'].split(',') + params.ip = realIp.trim() + } else { + params.ip = req.connection.remoteAddress + } + } else { + params.ip = req.connection.remoteAddress.replace(common.REMOVE_IPV4_MAPPED_IPV6_RE, '') // force ipv4 + } + params.addr = `${common.IPV6_RE.test(params.ip) ? `[${params.ip}]` : params.ip}:${params.port}` params.headers = req.headers diff --git a/lib/server/parse-websocket.js b/lib/server/parse-websocket.js index 5aeba9e..16fea56 100644 --- a/lib/server/parse-websocket.js +++ b/lib/server/parse-websocket.js @@ -55,9 +55,17 @@ function parseWebSocketRequest (socket, opts, params) { // On first parse, save important data from `socket.upgradeReq` and delete it // to reduce memory usage. if (socket.upgradeReq) { - socket.ip = opts.trustProxy - ? socket.upgradeReq.headers['x-forwarded-for'] || socket.upgradeReq.connection.remoteAddress - : socket.upgradeReq.connection.remoteAddress.replace(common.REMOVE_IPV4_MAPPED_IPV6_RE, '') // force ipv4 + if (opts.trustProxy) { + if (socket.upgradeReq.headers['x-forwarded-for']) { + const [realIp] = socket.upgradeReq.headers['x-forwarded-for'].split(',') + socket.ip = realIp.trim() + } else { + socket.ip = socket.upgradeReq.connection.remoteAddress + } + } else { + socket.ip = socket.upgradeReq.connection.remoteAddress.replace(common.REMOVE_IPV4_MAPPED_IPV6_RE, '') // force ipv4 + } + socket.port = socket.upgradeReq.connection.remotePort if (socket.port) { socket.addr = `${common.IPV6_RE.test(socket.ip) ? `[${socket.ip}]` : socket.ip}:${socket.port}`