trim extra IPs from x-forwarded-for header

2025-02-07 17:15:02 +00:00 · 2025-02-07 17:15:02 +00:00 · edb4d7df3a
parent 23dbbf26e3
commit edb4d7df3a
2 changed files with 3 additions and 1 deletions
--- a/bundle.sh
+++ b/bundle.sh
@ -6,4 +6,4 @@ if [ ! -f arimelody-web ]; then
    exit 1
 fi

-tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
+tar czf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
--- a/controller/ip.go
+++ b/controller/ip.go
@ -14,6 +14,8 @@ func ResolveIP(app *model.AppState, r *http.Request) string {
    if slices.Contains(app.Config.TrustedProxies, addr) {
        forwardedFor := r.Header.Get("x-forwarded-for")
        if len(forwardedFor) > 0 {
+            // discard extra IPs; cloudflare tends to append their nodes
+            forwardedFor = strings.Split(forwardedFor, ", ")[0]
            return forwardedFor
        }
    }