RealIP returns the "real" IP address from the configured trusted proxy headers. If Settings.TrustedProxy is not configured or the found IP is empty, it fallbacks to e.RemoteIP(). NB! Be careful when used in a security critical context as it relies on the trusted proxy to be properly configured and
()
| 38 | // the trusted proxy to be properly configured and your app to be accessible only through it. |
| 39 | // If you are not sure, use e.RemoteIP(). |
| 40 | func (e *RequestEvent) RealIP() string { |
| 41 | settings := e.App.Settings() |
| 42 | |
| 43 | for _, h := range settings.TrustedProxy.Headers { |
| 44 | headerValues := e.Request.Header.Values(h) |
| 45 | if len(headerValues) == 0 { |
| 46 | continue |
| 47 | } |
| 48 | |
| 49 | // extract the last header value as it is expected to be the one controlled by the proxy |
| 50 | ipsList := headerValues[len(headerValues)-1] |
| 51 | if ipsList == "" { |
| 52 | continue |
| 53 | } |
| 54 | |
| 55 | ips := strings.Split(ipsList, ",") |
| 56 | |
| 57 | if settings.TrustedProxy.UseLeftmostIP { |
| 58 | for _, ip := range ips { |
| 59 | parsed, err := netip.ParseAddr(strings.TrimSpace(ip)) |
| 60 | if err == nil { |
| 61 | return parsed.StringExpanded() |
| 62 | } |
| 63 | } |
| 64 | } else { |
| 65 | for i := len(ips) - 1; i >= 0; i-- { |
| 66 | parsed, err := netip.ParseAddr(strings.TrimSpace(ips[i])) |
| 67 | if err == nil { |
| 68 | return parsed.StringExpanded() |
| 69 | } |
| 70 | } |
| 71 | } |
| 72 | } |
| 73 | |
| 74 | return e.RemoteIP() |
| 75 | } |
| 76 | |
| 77 | // HasSuperuserAuth checks whether the current RequestEvent has superuser authentication loaded. |
| 78 | func (e *RequestEvent) HasSuperuserAuth() bool { |