From 0ccf5a218badba417a704136b521a89f34724c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20=C5=BBydek?= Date: Thu, 13 Jun 2024 16:00:02 +0200 Subject: [PATCH] fix: strip port from client ip --- proxy/utils/headers.test.ts | 10 +++++----- proxy/utils/headers.ts | 13 +++++++++++-- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/proxy/utils/headers.test.ts b/proxy/utils/headers.test.ts index 8be5e18..b94367b 100644 --- a/proxy/utils/headers.test.ts +++ b/proxy/utils/headers.test.ts @@ -27,8 +27,8 @@ const mockReq = { 'strict-transport-security': 'max-age=600', 'x-azure-requestchain': 'hops=1', 'x-azure-socketip': '46.204.4.119', - 'x-forwarded-for': '127.0.0.1', - 'x-azure-clientip': '127.0.0.1', + 'x-forwarded-for': '127.0.0.1:12345', + 'x-azure-clientip': '127.0.0.1:12345', 'x-forwarded-host': 'fpjs.sh', }, user: null, @@ -163,7 +163,7 @@ describe('prepareHeadersForIngressAPI', () => { it('should set client ip and proxy secret', () => { const result = prepareHeadersForIngressAPI(mockReq, 'secret') - expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-forwarded-for']) + expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1') expect(result['fpjs-proxy-secret']).toBe('secret') expect(result['fpjs-proxy-forwarded-host']).toBe('fpjs.sh') }) @@ -171,7 +171,7 @@ describe('prepareHeadersForIngressAPI', () => { it('should set correct host', () => { const result = prepareHeadersForIngressAPI(mockReq, 'secret') - expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-forwarded-for']) + expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1') expect(result['fpjs-proxy-secret']).toBe('secret') expect(result['fpjs-proxy-forwarded-host']).toBe('fpjs.sh') }) @@ -179,7 +179,7 @@ describe('prepareHeadersForIngressAPI', () => { it('should not set secret if it is undefined', () => { const result = prepareHeadersForIngressAPI(mockReq, undefined) - expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-azure-clientip']) + expect(result['fpjs-proxy-client-ip']).toBe('127.0.0.1') expect(result['fpjs-proxy-secret']).toBe(undefined) expect(result['fpjs-proxy-forwarded-host']).toBe(undefined) }) diff --git a/proxy/utils/headers.ts b/proxy/utils/headers.ts index 8e88428..516d3e0 100644 --- a/proxy/utils/headers.ts +++ b/proxy/utils/headers.ts @@ -70,13 +70,22 @@ export function updateResponseHeaders( } function resolveClientIp(request: HttpRequest, logger?: Logger) { - const clientIp = request.headers['x-azure-clientip'] || request.headers['x-client-ip'] || request.headers['x-real-ip'] + const clientIp = + request.headers['x-azure-clientip'] || request.headers['x-client-ip'] || request.headers['x-real-ip'] || '' logger?.verbose('Client IP resolved', { clientIp, }) - return clientIp + return stripPort(clientIp) +} + +function stripPort(ip: string) { + if (!ip.includes(':')) { + return ip + } + + return ip.split(':')[0] } export function getHost(request: Pick) {