home to your local SPACEGIRL 💫 arimelody.space
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

handle x-forwarded-for in IP logs

+17 -13
+3 -3
admin/accounthttp.go
··· 115 115 return 116 116 } 117 117 118 - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(r)) 118 + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) 119 119 120 120 controller.SetSessionError(app.DB, session, "") 121 121 controller.SetSessionMessage(app.DB, session, "Password updated successfully.") ··· 145 145 146 146 // check password 147 147 if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { 148 - app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(r)) 148 + app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(app, r)) 149 149 controller.SetSessionError(app.DB, session, "Incorrect password.") 150 150 http.Redirect(w, r, "/admin/account", http.StatusFound) 151 151 return ··· 159 159 return 160 160 } 161 161 162 - app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(r)) 162 + app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) 163 163 164 164 controller.SetSessionAccount(app.DB, session, nil) 165 165 controller.SetSessionError(app.DB, session, "")
+6 -6
admin/http.go
··· 201 201 return 202 202 } 203 203 204 - app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(r)) 204 + app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(app, r)) 205 205 206 206 err = controller.DeleteInvite(app.DB, invite.Code) 207 207 if err != nil { ··· 277 277 278 278 err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password)) 279 279 if err != nil { 280 - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(r)) 280 + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r)) 281 281 controller.SetSessionError(app.DB, session, "Invalid username or password.") 282 282 render() 283 283 return ··· 305 305 306 306 // login success! 307 307 // TODO: log login activity to user 308 - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(r)) 308 + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(app, r)) 309 309 app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username) 310 310 311 311 err = controller.SetSessionAccount(app.DB, session, account) ··· 363 363 totpCode := r.FormValue("totp") 364 364 365 365 if len(totpCode) != controller.TOTP_CODE_LENGTH { 366 - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r)) 366 + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) 367 367 controller.SetSessionError(app.DB, session, "Invalid TOTP.") 368 368 render() 369 369 return ··· 377 377 return 378 378 } 379 379 if totpMethod == nil { 380 - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(r)) 380 + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) 381 381 controller.SetSessionError(app.DB, session, "Invalid TOTP.") 382 382 render() 383 383 return 384 384 } 385 385 386 - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(r)) 386 + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(app, r)) 387 387 388 388 err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount) 389 389 if err != nil {
+1
controller/config.go
··· 21 21 BaseUrl: "https://arimelody.me", 22 22 Host: "0.0.0.0", 23 23 Port: 8080, 24 + TrustedProxies: []string{ "127.0.0.1" }, 24 25 DB: model.DBConfig{ 25 26 Host: "127.0.0.1", 26 27 Port: 5432,
+6 -4
controller/ip.go
··· 1 1 package controller 2 2 3 3 import ( 4 + "arimelody-web/model" 4 5 "net/http" 5 6 "slices" 7 + "strings" 6 8 ) 7 9 8 10 // Returns the request's original IP address, resolving the `x-forwarded-for` 9 11 // header if the request originates from a trusted proxy. 10 - func ResolveIP(r *http.Request) string { 11 - trustedProxies := []string{ "10.4.20.69" } 12 - if slices.Contains(trustedProxies, r.RemoteAddr) { 12 + func ResolveIP(app *model.AppState, r *http.Request) string { 13 + addr := strings.Split(r.RemoteAddr, ":")[0] 14 + if slices.Contains(app.Config.TrustedProxies, addr) { 13 15 forwardedFor := r.Header.Get("x-forwarded-for") 14 16 if len(forwardedFor) > 0 { 15 17 return forwardedFor 16 18 } 17 19 } 18 - return r.RemoteAddr 20 + return addr 19 21 }
+1
model/appstate.go
··· 26 26 Host string `toml:"host"` 27 27 Port int64 `toml:"port"` 28 28 DataDirectory string `toml:"data_dir"` 29 + TrustedProxies []string `toml:"trusted_proxies"` 29 30 DB DBConfig `toml:"db"` 30 31 Discord DiscordConfig `toml:"discord"` 31 32 }