MCPcopy Index your code
hub / github.com/ZenNotes/zennotes / peerIsTrustedProxy

Method peerIsTrustedProxy

apps/server/internal/httpserver/security.go:220–239  ·  view source on GitHub ↗

peerIsTrustedProxy reports whether the immediate TCP peer (r.RemoteAddr) is in the configured ZENNOTES_TRUSTED_PROXIES set. Forwarded-* headers are only honoured when this is true.

(r *http.Request)

Source from the content-addressed store, hash-verified

218// is in the configured ZENNOTES_TRUSTED_PROXIES set. Forwarded-* headers
219// are only honoured when this is true.
220func (s *Server) peerIsTrustedProxy(r *http.Request) bool {
221 cfg := s.currentConfig()
222 if len(cfg.TrustedProxies) == 0 {
223 return false
224 }
225 host, _, err := net.SplitHostPort(r.RemoteAddr)
226 if err != nil {
227 host = r.RemoteAddr
228 }
229 ip := net.ParseIP(strings.Trim(host, "[]"))
230 if ip == nil {
231 return false
232 }
233 for _, n := range cfg.TrustedProxies {
234 if n.Contains(ip) {
235 return true
236 }
237 }
238 return false
239}
240
241// effectiveScheme returns "https" if the request is genuinely on TLS or
242// arrived through a trusted proxy that declares X-Forwarded-Proto: https.

Callers 3

effectiveSchemeMethod · 0.95
requestOriginMethod · 0.95
clientAddressKeyMethod · 0.95

Calls 1

currentConfigMethod · 0.95

Tested by

no test coverage detected