TestRealClientAddr covers the security-sensitive parts of how the relay derives the originating client address: X-Real-IP must only be honored when the direct TCP peer is on loopback (a local reverse proxy), and a missing/malformed X-Real-IP from such a peer must surface as an error rather than a si
(t *testing.T)
| 12 | // proxy), and a missing/malformed X-Real-IP from such a peer must |
| 13 | // surface as an error rather than a silent fallback to 127.0.0.1. |
| 14 | func TestRealClientAddr(t *testing.T) { |
| 15 | tests := []struct { |
| 16 | name string |
| 17 | remoteAddr string |
| 18 | xRealIP string |
| 19 | xff string // must NEVER be honored; included to verify it's ignored |
| 20 | wantErr bool |
| 21 | wantIP string |
| 22 | wantPort int |
| 23 | }{ |
| 24 | { |
| 25 | name: "loopback peer with valid X-Real-IP returns the header value", |
| 26 | remoteAddr: "127.0.0.1:54321", |
| 27 | xRealIP: "203.0.113.7", |
| 28 | wantIP: "203.0.113.7", |
| 29 | wantPort: 54321, |
| 30 | }, |
| 31 | { |
| 32 | name: "loopback peer with no X-Real-IP errors out (does not fall back to 127.0.0.1)", |
| 33 | remoteAddr: "127.0.0.1:54321", |
| 34 | xRealIP: "", |
| 35 | wantErr: true, |
| 36 | }, |
| 37 | { |
| 38 | name: "loopback peer with malformed X-Real-IP errors out", |
| 39 | remoteAddr: "127.0.0.1:54321", |
| 40 | xRealIP: "not-an-ip", |
| 41 | wantErr: true, |
| 42 | }, |
| 43 | { |
| 44 | name: "IPv6 loopback peer is treated as loopback (X-Real-IP honored)", |
| 45 | remoteAddr: "[::1]:54321", |
| 46 | xRealIP: "203.0.113.8", |
| 47 | wantIP: "203.0.113.8", |
| 48 | wantPort: 54321, |
| 49 | }, |
| 50 | { |
| 51 | name: "non-loopback peer ignores X-Real-IP and returns the direct peer", |
| 52 | remoteAddr: "198.51.100.5:1234", |
| 53 | xRealIP: "203.0.113.99", // attacker setting it directly — must not be trusted |
| 54 | wantIP: "198.51.100.5", |
| 55 | wantPort: 1234, |
| 56 | }, |
| 57 | { |
| 58 | name: "non-loopback peer ignores X-Forwarded-For", |
| 59 | remoteAddr: "198.51.100.5:1234", |
| 60 | xff: "203.0.113.99", // even from XFF — must not be trusted |
| 61 | wantIP: "198.51.100.5", |
| 62 | wantPort: 1234, |
| 63 | }, |
| 64 | { |
| 65 | name: "loopback peer ignores X-Forwarded-For even when X-Real-IP is also set", |
| 66 | remoteAddr: "127.0.0.1:54321", |
| 67 | xRealIP: "203.0.113.7", |
| 68 | xff: "1.2.3.4", // attacker-prepended XFF — must be ignored |
| 69 | wantIP: "203.0.113.7", |
| 70 | wantPort: 54321, |
| 71 | }, |
nothing calls this directly
no test coverage detected