fix: retrieve client IP from X-Forwarded-For header

[xav]

Description

Since the migration moved the service behind an ALB, we cannot retrieve the client IP directly for geo-location.
This leverages the X-Forwarded-For header injected by the LB instead.

How Has This Been Tested?

Unit tests

Due Diligence

• Breaking change
• Requires a documentation update
• Requires a e2e/integration test update

[chris13524]

Might be nice to use axum_client_ip instead for this?

[arein]

I think we use a library to abstract this away in Verify API or somewhere else - maybe @xDarksome or @chris13524 know?

But as a hotfix this shouldn't wait for that - can improve later

[xDarksome]

You mean this? https://github.com/WalletConnect/verify-server/blob/main/src/http_server/mod.rs#L26
I think @xav was the one who added it 😄

[geekbrother]

LGTM with the comment.

[geekbrother]

It looks scary not to handle any errors here. Malformed X-Forwarded-For can lead to 500 errors without any debug information.

[xav]

won't the and_then chain default to an Error and ultimately to a None if anything goes wrong?

[xav]

You mean this? https://github.com/WalletConnect/verify-server/blob/main/src/http_server/mod.rs#L26 I think @xav was the one who added it 😄

Yeah, I added it but

• I forgot about it and wanted to fix the issue ASAP
• honestly, I don't really like it, it feels a bit overkill just for the LBA issue. We might need to assess how correct we want the resolved IP to be, and in the case we want it to be correct, I think we need to "map" the network to configure the resolver.

[xav]

Might be nice to use axum_client_ip instead for this?

It's a hotfix and I think it should have the same end result. But we can overhaul this after.