Change to "proxy-forwarded-header" and add "proxy-trusted-addrs"

2025-07-20 10:04:08 +00:00 · 2025-05-31 22:39:18 -04:00 · 2025-05-31 22:39:18 -04:00 · 849884c947
commit 849884c947
parent 2cb4d089ab
12 changed files with 482 additions and 280 deletions
--- a/server/util_test.go
+++ b/server/util_test.go
@ -88,3 +88,29 @@ func TestMaybeDecodeHeaders(t *testing.T) {
 	r.Header.Set("X-Priority", "5") // ntfy priority header
 	require.Equal(t, "5", readHeaderParam(r, "x-priority", "priority", "p"))
 }
+
+func TestExtractIPAddress(t *testing.T) {
+	r, _ := http.NewRequest("GET", "http://ntfy.sh/mytopic/json?since=all", nil)
+	r.RemoteAddr = "10.0.0.1:1234"
+	r.Header.Set("X-Forwarded-For", "  1.2.3.4  , 5.6.7.8")
+	r.Header.Set("X-Client-IP", "9.10.11.12")
+	r.Header.Set("X-Real-IP", "13.14.15.16, 1.1.1.1")
+
+	trustedProxies := []string{"1.1.1.1"}
+
+	require.Equal(t, "5.6.7.8", extractIPAddress(r, true, "X-Forwarded-For", trustedProxies).String())
+	require.Equal(t, "9.10.11.12", extractIPAddress(r, true, "X-Client-IP", trustedProxies).String())
+	require.Equal(t, "13.14.15.16", extractIPAddress(r, true, "X-Real-IP", trustedProxies).String())
+	require.Equal(t, "10.0.0.1", extractIPAddress(r, false, "X-Forwarded-For", trustedProxies).String())
+}
+
+func TestExtractIPAddress_UnixSocket(t *testing.T) {
+	r, _ := http.NewRequest("GET", "http://ntfy.sh/mytopic/json?since=all", nil)
+	r.RemoteAddr = "@"
+	r.Header.Set("X-Forwarded-For", "1.2.3.4, 5.6.7.8, 1.1.1.1")
+
+	trustedProxies := []string{"1.1.1.1"}
+
+	require.Equal(t, "5.6.7.8", extractIPAddress(r, true, "X-Forwarded-For", trustedProxies).String())
+	require.Equal(t, "0.0.0.0", extractIPAddress(r, false, "X-Forwarded-For", trustedProxies).String())
+}