mirrors/go-hauk
2
0
Fork 0
mirror of https://github.com/parkan/go-hauk.git synced 2026-06-23 03:37:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

ratelimit: derive client IP from rightmost proxy hop

Browse Source
This commit is contained in:
Arkadiy Kukarkin
2026-05-26 22:41:24 +02:00
parent fe27e70e43
commit 70bb30a8ec
2 changed files with 72 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ratelimit/ratelimit.go
View File

@@ -102,16 +102,16 @@ func (l *Limiter) WrapFunc(next http.HandlerFunc) http.HandlerFunc {
func (l *Limiter) clientIP(r *http.Request) string {
if l.trustProxy {
// check X-Forwarded-For (railway, nginx, etc)
// rightmost hop is the one our proxy appended; leftmost is spoofable.
// assumes a single trusted proxy in front (railway, nginx)
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
if idx := strings.Index(xff, ","); idx != -1 {
return strings.TrimSpace(xff[:idx])
if idx := strings.LastIndex(xff, ","); idx != -1 {
return strings.TrimSpace(xff[idx+1:])
}
return strings.TrimSpace(xff)
}
// check X-Real-IP
if xri := r.Header.Get("X-Real-IP"); xri != "" {
return xri
return strings.TrimSpace(xri)
}
}
// use remote addr directly