From 4e0db7b07530c2542130e87a0cefc78350a5bebf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Przemys=C5=82aw=20=C5=BBydek?= <przemyslawzydek@gmail.com>
Date: Thu, 13 Jun 2024 15:45:34 +0200
Subject: [PATCH] fix: use x-azure-socketip first for resolving client ip

---
 proxy/utils/headers.test.ts |  3 ++-
 proxy/utils/headers.ts      | 17 ++---------------
 shared/test/azure.ts        |  4 ++++
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/proxy/utils/headers.test.ts b/proxy/utils/headers.test.ts
index 1e187a8c..8be5e18d 100644
--- a/proxy/utils/headers.test.ts
+++ b/proxy/utils/headers.test.ts
@@ -28,6 +28,7 @@ const mockReq = {
     'x-azure-requestchain': 'hops=1',
     'x-azure-socketip': '46.204.4.119',
     'x-forwarded-for': '127.0.0.1',
+    'x-azure-clientip': '127.0.0.1',
     'x-forwarded-host': 'fpjs.sh',
   },
   user: null,
@@ -178,7 +179,7 @@ describe('prepareHeadersForIngressAPI', () => {
   it('should not set secret if it is undefined', () => {
     const result = prepareHeadersForIngressAPI(mockReq, undefined)
 
-    expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-forwarded-for'])
+    expect(result['fpjs-proxy-client-ip']).toBe(mockReq.headers['x-azure-clientip'])
     expect(result['fpjs-proxy-secret']).toBe(undefined)
     expect(result['fpjs-proxy-forwarded-host']).toBe(undefined)
   })
diff --git a/proxy/utils/headers.ts b/proxy/utils/headers.ts
index 6907c028..8e884282 100644
--- a/proxy/utils/headers.ts
+++ b/proxy/utils/headers.ts
@@ -70,22 +70,9 @@ export function updateResponseHeaders(
 }
 
 function resolveClientIp(request: HttpRequest, logger?: Logger) {
-  const forwardedFor = request.headers['x-forwarded-for']
+  const clientIp = request.headers['x-azure-clientip'] || request.headers['x-client-ip'] || request.headers['x-real-ip']
 
-  if (forwardedFor) {
-    const [clientIp] = forwardedFor.split(',')
-
-    logger?.verbose('Client IP resolved from x-forwarded-for', {
-      clientIp,
-      forwardedFor,
-    })
-
-    return clientIp
-  }
-
-  const clientIp = request.headers['x-client-ip'] || request.headers['x-real-ip']
-
-  logger?.verbose('Client IP resolved from x-client-ip or x-real-ip', {
+  logger?.verbose('Client IP resolved', {
     clientIp,
   })
 
diff --git a/shared/test/azure.ts b/shared/test/azure.ts
index 39b34de7..6af6bcb3 100644
--- a/shared/test/azure.ts
+++ b/shared/test/azure.ts
@@ -39,6 +39,8 @@ export const mockRequestGet = (url: string, uri: string, query: HttpRequestQuery
       'x-azure-requestchain': 'hops=1',
       'x-azure-socketip': '46.204.4.119',
       'x-forwarded-for': '127.0.0.1',
+      'x-client-ip': '128.0.0.1',
+      'x-azure-clientip': '127.0.0.1',
     },
     query,
     params: {
@@ -66,6 +68,8 @@ export const mockRequestPost = (url: string, uri: string) => {
       'x-azure-requestchain': 'hops=1',
       'x-azure-socketip': '46.204.4.119',
       'x-forwarded-for': '127.0.0.1',
+      'x-client-ip': '128.0.0.1',
+      'x-azure-clientip': '127.0.0.1',
     },
     query: {},
     params: {