Added untrust ip get in netutils

2025-10-18 08:39:40 +02:00 · 2025-10-16 20:13:33 +08:00
parent 9a5a0eb84d
commit 54a18169d7
2 changed files with 22 additions and 2 deletions
--- a/src/accesslist.go
+++ b/src/accesslist.go
@@ -210,9 +210,10 @@ func handleListBlacklisted(w http.ResponseWriter, r *http.Request) {
 	}

 	resulst := []string{}
-	if bltype == "country" {
+	switch bltype {
+	case "country":
 		resulst = rule.GetAllBlacklistedCountryCode()
-	} else if bltype == "ip" {
+	case "ip":
 		resulst = rule.GetAllBlacklistedIp()
 	}

--- a/src/mod/netutils/ipmatch.go
+++ b/src/mod/netutils/ipmatch.go
@@ -13,6 +13,25 @@ import (
 	CIDR and IPv4 / v6 validations
 */

+// Get the requester IP without trusting any proxy headers
+func GetRequesterIPUntrusted(r *http.Request) string {
+	// If the request is from an untrusted IP, we should not trust the X-Real-IP and X-Forwarded-For headers
+	ip := r.RemoteAddr
+	// Trim away the port number
+	reqHost, _, err := net.SplitHostPort(ip)
+	if err == nil {
+		ip = reqHost
+	}
+
+	// Check if the IP is a valid IPv4 or IPv6 address
+	parsedIP := net.ParseIP(ip)
+	if parsedIP == nil {
+		return ""
+	}
+	return ip
+}
+
+// Get the requester IP, trust the X-Real-IP and X-Forwarded-For headers
 func GetRequesterIP(r *http.Request) string {
 	ip := r.Header.Get("X-Real-Ip")
 	if ip == "" {