update public gpg key

fix white-space on log message
trim extra IPs from x-forwarded-for header
2025-02-19 01:59:12 +00:00 · 2025-02-08 12:25:19 +00:00 · 2025-02-08 12:16:03 +00:00 · 2025-02-08 12:15:50 +00:00
8 changed files with 43 additions and 23 deletions
--- a/admin/accounthttp.go
+++ b/admin/accounthttp.go
@ -115,7 +115,7 @@ func changePasswordHandler(app *model.AppState) http.Handler {
            return
        }

-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r))

        controller.SetSessionError(app.DB, session, "")
        controller.SetSessionMessage(app.DB, session, "Password updated successfully.")
@ -145,7 +145,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {

        // check password
        if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(app, r))
            controller.SetSessionError(app.DB, session, "Incorrect password.")
            http.Redirect(w, r, "/admin/account", http.StatusFound)
            return
@ -159,7 +159,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler {
            return
        }

-        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r))

        controller.SetSessionAccount(app.DB, session, nil)
        controller.SetSessionError(app.DB, session, "")
--- a/admin/http.go
+++ b/admin/http.go
@ -201,7 +201,7 @@ func registerAccountHandler(app *model.AppState) http.Handler {
            return
        }

-        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(app, r))

        err = controller.DeleteInvite(app.DB, invite.Code)
        if err != nil {
@ -277,7 +277,7 @@ func loginHandler(app *model.AppState) http.Handler {

        err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password))
        if err != nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r))
            controller.SetSessionError(app.DB, session, "Invalid username or password.")
            render()
            return
@ -305,7 +305,7 @@ func loginHandler(app *model.AppState) http.Handler {

        // login success!
        // TODO: log login activity to user
-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(app, r))
        app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username)

        err = controller.SetSessionAccount(app.DB, session, account)
@ -363,7 +363,7 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
        totpCode := r.FormValue("totp")

        if len(totpCode) != controller.TOTP_CODE_LENGTH {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
            render()
            return
@ -377,13 +377,13 @@ func loginTOTPHandler(app *model.AppState) http.Handler {
            return
        }
        if totpMethod == nil {
-            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r))
+            app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r))
            controller.SetSessionError(app.DB, session, "Invalid TOTP.")
            render()
            return
        }

-        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(r))
+        app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(app, r))

        err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount)
        if err != nil {
--- a/admin/static/logs.css
+++ b/admin/static/logs.css
@ -71,6 +71,7 @@ th.log-type {
 td.log-content,
 td.log-content {
    width: 100%;
+    white-space: collapse;
 }

 .log:hover {
--- a/bundle.sh
+++ b/bundle.sh
@ -6,4 +6,4 @@ if [ ! -f arimelody-web ]; then
    exit 1
 fi

-tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
+tar czf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/
--- a/controller/config.go
+++ b/controller/config.go
@ -21,6 +21,7 @@ func GetConfig() model.Config {
        BaseUrl: "https://arimelody.me",
        Host: "0.0.0.0",
        Port: 8080,
+        TrustedProxies: []string{ "127.0.0.1" },
        DB: model.DBConfig{
            Host: "127.0.0.1",
            Port: 5432,
--- a/controller/ip.go
+++ b/controller/ip.go
@ -1,19 +1,23 @@
 package controller

 import (
+	"arimelody-web/model"
 	"net/http"
 	"slices"
+	"strings"
 )

 // Returns the request's original IP address, resolving the `x-forwarded-for`
 // header if the request originates from a trusted proxy.
-func ResolveIP(r *http.Request) string {
-    trustedProxies := []string{ "10.4.20.69" }
-    if slices.Contains(trustedProxies, r.RemoteAddr) {
+func ResolveIP(app *model.AppState, r *http.Request) string {
+    addr := strings.Split(r.RemoteAddr, ":")[0]
+    if slices.Contains(app.Config.TrustedProxies, addr) {
        forwardedFor := r.Header.Get("x-forwarded-for")
        if len(forwardedFor) > 0 {
+            // discard extra IPs; cloudflare tends to append their nodes
+            forwardedFor = strings.Split(forwardedFor, ", ")[0]
            return forwardedFor
        }
    }
-    return r.RemoteAddr
+    return addr
 }
--- a/model/appstate.go
+++ b/model/appstate.go
@ -26,6 +26,7 @@ type (
        Host string `toml:"host"`
        Port int64 `toml:"port"`
        DataDirectory string `toml:"data_dir"`
+        TrustedProxies []string `toml:"trusted_proxies"`
        DB DBConfig `toml:"db"`
        Discord DiscordConfig `toml:"discord"`
    }
--- a/melody_0x92678188_public.asc
+++ b/melody_0x92678188_public.asc
@ -1,13 +1,26 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----

 mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO
-JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJMEExYKADsWIQTu
-jeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbAwULCQgHAgIiAgYVCgkICwIEFgID
-AQIeBwIXgAAKCRDPmYKckmeBiGCbAP4wTcLCU5ZlfSTJrFtGhQKWA6DxtUO7Cegk
-Vu8SgkY3KgEA1/YqjZ1vSaqPDN4137vmhkhfduoYOjN0iptNj39u2wG4OARk1bTd
-EgorBgEEAZdVAQUBAQdAnA2drPzQBoXNdwIrFnovuF0CjX+8+8QSugCF4a5ZEXED
-AQgHiHgEGBYKACAWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbDAAKCRDP
-mYKckmeBiC/xAQD1hu4WcstR40lkUxMqhZ44wmizrDA+eGCdh7Ge3Gy79wEAx385
-GnYoNplMTA4BTGs7orV4WSfSkoBx0+px1UOewgs=
-=M1Bp
+JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF
+CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB
+iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ
+oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI
+kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC
+BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF
+ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P
+f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL
+d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq
+VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK
+CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA
+pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw
+Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK
+EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC
+PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P
+mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ
+cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO
+m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0
+D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC
+Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv
+TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs=
+=YmHI
 -----END PGP PUBLIC KEY BLOCK-----
Author	SHA1	Message	Date
ari melody	0fc6c9f86d	update public gpg key	2025-02-19 01:59:12 +00:00
ari melody	3cb8d2940a	fix white-space on log message	2025-02-08 12:25:19 +00:00
ari melody	edb4d7df3a	trim extra IPs from x-forwarded-for header	2025-02-08 12:16:03 +00:00
ari melody	23dbbf26e3	handle x-forwarded-for in IP logs	2025-02-08 12:15:50 +00:00