chore(IP): add TrustedPlatform constant for Fly.io. (#3839)

Also add some more detail to the docs for how to use TrustedPlatform.

https://fly.io/docs/reference/runtime-environment/#fly-client-ip
This commit is contained in:
Andy Brody 2024-02-07 07:18:53 -05:00 committed by GitHub
parent 82bcd6d39b
commit bb3519d26f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 3 deletions

View File

@ -1569,6 +1569,12 @@ func TestContextClientIP(t *testing.T) {
c.Request.Header.Del("CF-Connecting-IP") c.Request.Header.Del("CF-Connecting-IP")
assert.Equal(t, "40.40.40.40", c.ClientIP()) assert.Equal(t, "40.40.40.40", c.ClientIP())
c.engine.TrustedPlatform = PlatformFlyIO
assert.Equal(t, "70.70.70.70", c.ClientIP())
c.Request.Header.Del("Fly-Client-IP")
assert.Equal(t, "40.40.40.40", c.ClientIP())
c.engine.TrustedPlatform = "" c.engine.TrustedPlatform = ""
// no port // no port
@ -1581,6 +1587,7 @@ func resetContextForClientIPTests(c *Context) {
c.Request.Header.Set("X-Forwarded-For", " 20.20.20.20, 30.30.30.30") c.Request.Header.Set("X-Forwarded-For", " 20.20.20.20, 30.30.30.30")
c.Request.Header.Set("X-Appengine-Remote-Addr", "50.50.50.50") c.Request.Header.Set("X-Appengine-Remote-Addr", "50.50.50.50")
c.Request.Header.Set("CF-Connecting-IP", "60.60.60.60") c.Request.Header.Set("CF-Connecting-IP", "60.60.60.60")
c.Request.Header.Set("Fly-Client-IP", "70.70.70.70")
c.Request.RemoteAddr = " 40.40.40.40:42123 " c.Request.RemoteAddr = " 40.40.40.40:42123 "
c.engine.TrustedPlatform = "" c.engine.TrustedPlatform = ""
c.engine.trustedCIDRs = defaultTrustedCIDRs c.engine.trustedCIDRs = defaultTrustedCIDRs

View File

@ -2214,10 +2214,16 @@ import (
func main() { func main() {
router := gin.Default() router := gin.Default()
// Use predefined header gin.PlatformXXX // Use predefined header gin.PlatformXXX
// Google App Engine
router.TrustedPlatform = gin.PlatformGoogleAppEngine router.TrustedPlatform = gin.PlatformGoogleAppEngine
// Or set your own trusted request header for another trusted proxy service // Cloudflare
// Don't set it to any suspect request header, it's unsafe router.TrustedPlatform = gin.PlatformCloudflare
router.TrustedPlatform = "X-CDN-IP" // Fly.io
router.TrustedPlatform = gin.PlatformFlyIO
// Or, you can set your own trusted request header. But be sure your CDN
// prevents users from passing this header! For example, if your CDN puts
// the client IP in X-CDN-Client-IP:
router.TrustedPlatform = "X-CDN-Client-IP"
router.GET("/", func(c *gin.Context) { router.GET("/", func(c *gin.Context) {
// If you set TrustedPlatform, ClientIP() will resolve the // If you set TrustedPlatform, ClientIP() will resolve the

2
gin.go
View File

@ -77,6 +77,8 @@ const (
// PlatformCloudflare when using Cloudflare's CDN. Trust CF-Connecting-IP for determining // PlatformCloudflare when using Cloudflare's CDN. Trust CF-Connecting-IP for determining
// the client's IP // the client's IP
PlatformCloudflare = "CF-Connecting-IP" PlatformCloudflare = "CF-Connecting-IP"
// PlatformFlyIO when running on Fly.io. Trust Fly-Client-IP for determining the client's IP
PlatformFlyIO = "Fly-Client-IP"
) )
// Engine is the framework's instance, it contains the muxer, middleware and configuration settings. // Engine is the framework's instance, it contains the muxer, middleware and configuration settings.