request-baskets icon indicating copy to clipboard operation
request-baskets copied to clipboard
verified publisher icon darklynx

Add client IP

Open ZanyMonk opened this issue 1 year ago • 2 comments

Add the client IP (http.Request.RemoteAddr) in the response "description".

ZanyMonk avatar Mar 05 '24 19:03 ZanyMonk

Hi @ZanyMonk

Thank you for your valuable contribution to the project.

I have no problem to merge your PR, however, I wanted to warn you about limited usefulness of this change: since Request Baskets service does not implement HTTPS protocol and certificates handling (on purpose, see #52), the recommended way to run the service is behind a proxy that support HTTPS, e.g. nginx. In this case the req.RemoteAddr will always point to the internal IP of the proxy and has a limited use for external users of the service.

You can get more insight and detailed explanation in this Stack Overflow answer: https://stackoverflow.com/a/27235620/2288384

Ideally the logic has to be extended and take into consideration the following HTTP request headers:

  • X-Forwarded-For - common header used by proxies and load balancers before a standard for Forwarded was estableshed
  • X-Real-Ip - another common HTTP headers, I have seen that its popular in nginx settings
  • Forwarded - a standard header, unfortunately not yet widely spread among classical proxies and load balancer, see Mozilla knowledge base article: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

Would you prefer to extend your PR? Otherwise I can merge it AS IS.

Cheers, darklynx

darklynx avatar Mar 06 '24 09:03 darklynx

Oh I didn't know about this issue.

Alright I'll come up with a better solution. Thank you for your quick and detailed answer.

ZanyMonk avatar Mar 06 '24 17:03 ZanyMonk