Compare commits

...

3 Commits

Author SHA1 Message Date
Rahul Padigela 125a57247b parse client ip 2020-12-10 13:46:19 -08:00
Ilke 4914a85f68 bf: S3C-3425 extracts client ip from header if present 2020-12-03 13:53:18 -08:00
Ilke c76b36b7ef bf: S3C-3425 should extract ip from header if present 2020-12-03 13:53:18 -08:00
2 changed files with 15 additions and 20 deletions

View File

@ -9,23 +9,18 @@ const ipCheck = require('../ipCheck');
function getClientIp(request, s3config) {
const clientIp = request.socket.remoteAddress;
const requestConfig = s3config ? s3config.requests : {};
if (requestConfig && requestConfig.viaProxy) {
/**
* if requests are configured to come via proxy,
* check from config which proxies are to be trusted and
* which header to be used to extract client IP
*/
if (ipCheck.ipMatchCidrList(requestConfig.trustedProxyCIDRs,
clientIp)) {
const ipFromHeader
// eslint-disable-next-line operator-linebreak
= request.headers[requestConfig.extractClientIPFromHeader];
if (ipFromHeader && ipFromHeader.trim().length) {
return ipFromHeader.split(',')[0].trim();
}
const { trustedProxyCIDRs, extractClientIPFromHeader } = requestConfig;
/**
* if requests are configured to come via proxy,
* check from config which proxies are to be trusted and
* which header to be used to extract client IP
*/
if (ipCheck.ipMatchCidrList(trustedProxyCIDRs, clientIp)) {
const ipFromHeader = request.headers[extractClientIPFromHeader];
if (ipFromHeader && ipFromHeader.trim().length) {
return ipFromHeader.split(',')[0].trim();
}
}
return clientIp;
}

View File

@ -28,9 +28,9 @@ describe('requestUtils.getClientIp', () => {
assert.strictEqual(result, testClientIp1);
});
it('should not return client Ip address from header ' +
'if the request is not forwarded from proxies or ' +
'fails ip check', () => {
it('should extract client Ip address from x-forwarded-for header ' +
'when the header is present and has valid ip address(es) if the ' +
'request is not forwarded via proxy', () => {
const request = new DummyRequest({
headers: {
'x-forwarded-for': [testClientIp1, testProxyIp].join(','),
@ -42,11 +42,11 @@ describe('requestUtils.getClientIp', () => {
},
});
const result = requestUtils.getClientIp(request, configWithoutProxy);
assert.strictEqual(result, testClientIp2);
assert.strictEqual(result, testClientIp1);
});
it('should not return client Ip address from header ' +
'if the request is forwarded from proxies, but the request' +
'if the request is forwarded from proxies, but the request ' +
'has no expected header or the header value is empty', () => {
const request = new DummyRequest({
headers: {