Compare commits
No commits in common. "125a57247b31d01bdb1c477c3296d596e027b5a2" and "1ee4a610fc031bb446e942b04df27535cb273a04" have entirely different histories.
125a57247b
...
1ee4a610fc
|
|
@ -9,18 +9,23 @@ const ipCheck = require('../ipCheck');
|
||||||
function getClientIp(request, s3config) {
|
function getClientIp(request, s3config) {
|
||||||
const clientIp = request.socket.remoteAddress;
|
const clientIp = request.socket.remoteAddress;
|
||||||
const requestConfig = s3config ? s3config.requests : {};
|
const requestConfig = s3config ? s3config.requests : {};
|
||||||
const { trustedProxyCIDRs, extractClientIPFromHeader } = requestConfig;
|
if (requestConfig && requestConfig.viaProxy) {
|
||||||
/**
|
/**
|
||||||
* if requests are configured to come via proxy,
|
* if requests are configured to come via proxy,
|
||||||
* check from config which proxies are to be trusted and
|
* check from config which proxies are to be trusted and
|
||||||
* which header to be used to extract client IP
|
* which header to be used to extract client IP
|
||||||
*/
|
*/
|
||||||
if (ipCheck.ipMatchCidrList(trustedProxyCIDRs, clientIp)) {
|
if (ipCheck.ipMatchCidrList(requestConfig.trustedProxyCIDRs,
|
||||||
const ipFromHeader = request.headers[extractClientIPFromHeader];
|
clientIp)) {
|
||||||
|
const ipFromHeader
|
||||||
|
// eslint-disable-next-line operator-linebreak
|
||||||
|
= request.headers[requestConfig.extractClientIPFromHeader];
|
||||||
if (ipFromHeader && ipFromHeader.trim().length) {
|
if (ipFromHeader && ipFromHeader.trim().length) {
|
||||||
return ipFromHeader.split(',')[0].trim();
|
return ipFromHeader.split(',')[0].trim();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return clientIp;
|
return clientIp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@ describe('requestUtils.getClientIp', () => {
|
||||||
assert.strictEqual(result, testClientIp1);
|
assert.strictEqual(result, testClientIp1);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should extract client Ip address from x-forwarded-for header ' +
|
it('should not return client Ip address from header ' +
|
||||||
'when the header is present and has valid ip address(es) if the ' +
|
'if the request is not forwarded from proxies or ' +
|
||||||
'request is not forwarded via proxy', () => {
|
'fails ip check', () => {
|
||||||
const request = new DummyRequest({
|
const request = new DummyRequest({
|
||||||
headers: {
|
headers: {
|
||||||
'x-forwarded-for': [testClientIp1, testProxyIp].join(','),
|
'x-forwarded-for': [testClientIp1, testProxyIp].join(','),
|
||||||
|
|
@ -42,11 +42,11 @@ describe('requestUtils.getClientIp', () => {
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
const result = requestUtils.getClientIp(request, configWithoutProxy);
|
const result = requestUtils.getClientIp(request, configWithoutProxy);
|
||||||
assert.strictEqual(result, testClientIp1);
|
assert.strictEqual(result, testClientIp2);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should not return client Ip address from header ' +
|
it('should not return client Ip address from header ' +
|
||||||
'if the request is forwarded from proxies, but the request ' +
|
'if the request is forwarded from proxies, but the request' +
|
||||||
'has no expected header or the header value is empty', () => {
|
'has no expected header or the header value is empty', () => {
|
||||||
const request = new DummyRequest({
|
const request = new DummyRequest({
|
||||||
headers: {
|
headers: {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue