mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2025-08-21 07:44:23 +02:00
Make sure to validate the client's ip address
This commit is contained in:
Bolke de Bruin
parent
5fc75ef877
commit
0b299619ff
6 changed files with 70 additions and 10 deletions
49
client/remote.go
Normal file
49
client/remote.go
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
package client
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
ClientIPCtx = "ClientIP"
|
||||
ProxyAddressesCtx = "ProxyAddresses"
|
||||
RemoteAddressCtx = "RemoteAddress"
|
||||
)
|
||||
|
||||
func EnrichContext(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
|
||||
h := r.Header.Get("X-Forwarded-For")
|
||||
if h != "" {
|
||||
var proxies []string
|
||||
ips := strings.Split(h, ",")
|
||||
for i := range ips {
|
||||
ips[i] = strings.TrimSpace(ips[i])
|
||||
}
|
||||
clientIp := ips[0]
|
||||
if len(ips) > 1 {
|
||||
proxies = ips[1:]
|
||||
}
|
||||
ctx = context.WithValue(ctx, ClientIPCtx, clientIp)
|
||||
ctx = context.WithValue(ctx, ProxyAddressesCtx, proxies)
|
||||
}
|
||||
|
||||
remote := r.Header.Get("REMOTE_ADDR")
|
||||
ctx = context.WithValue(ctx, RemoteAddressCtx, remote)
|
||||
if h == "" {
|
||||
ctx = context.WithValue(ctx, ClientIPCtx, remote)
|
||||
}
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
|
||||
func GetClientIp(ctx context.Context) string {
|
||||
s, ok := ctx.Value(ClientIPCtx).(string)
|
||||
if !ok {
|
||||
return ""
|
||||
}
|
||||
return s
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue