feat: log X-Real-IP header (#631)

* feat: log X-Real-IP header * fix: log first X-Forwarded-For client * refactor: add GetRealIP function * fix: RemoteAddr * feat: display the X-Real-IP and X-Forwarded-For --------- Co-authored-by: jeessy2 <6205259+jeessy2@users.noreply.github.com>
jeessy2 · Mar 24, 2023 · 9f7ee01 · 9f7ee01
1 parent d4bb61e
commit 9f7ee01
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 5 deletions.
diff --git a/util/net.go b/util/net.go
@@ -2,6 +2,7 @@ package util
 
 import (
 	"net"
+	"net/http"
 	"strings"
 )
 
@@ -34,3 +35,15 @@ func IsPrivateNetwork(remoteAddr string) bool {
 
 	return false
 }
+
+// GetRequestIPStr get IP string from request
+func GetRequestIPStr(r *http.Request) (addr string) {
+	addr = "Remote: " + r.RemoteAddr
+	if r.Header.Get("X-Real-IP") != "" {
+		addr = addr + " ,Real-IP: " + r.Header.Get("X-Real-IP")
+	}
+	if r.Header.Get("X-Forwarded-For") != "" {
+		addr = addr + " ,Forwarded-For: " + r.Header.Get("X-Forwarded-For")
+	}
+	return addr
+}
diff --git a/util/net_test.go b/util/net_test.go
@@ -1,6 +1,7 @@
 package util
 
 import (
+	"net/http"
 	"testing"
 )
 
@@ -31,3 +32,13 @@ func TestIsPrivateNetwork(t *testing.T) {
 
 	}
 }
+
+// test get request IP string from request
+func TestGetRequestIPStr(t *testing.T) {
+	req := http.Request{RemoteAddr: "192.168.1.1", Header: http.Header{}}
+	req.Header.Set("X-Real-IP", "10.0.0.1")
+	req.Header.Set("X-Forwarded-For", "10.0.0.2")
+	if GetRequestIPStr(&req) != "Remote: 192.168.1.1 ,Real-IP: 10.0.0.1 ,Forwarded-For: 10.0.0.2" {
+		t.Errorf("GetRequestIPStr failed")
+	}
+}
diff --git a/web/basic_auth.go b/web/basic_auth.go
@@ -30,15 +30,15 @@ func BasicAuth(f ViewFunc) ViewFunc {
 		if err != nil && time.Now().Unix()-startTime > 2*24*60*60 &&
 			(!util.IsPrivateNetwork(r.RemoteAddr) || !util.IsPrivateNetwork(r.Host)) {
 			w.WriteHeader(http.StatusForbidden)
-			log.Printf("配置文件为空, 超过2天禁止从公网访问。RemoteAddr: %s\n", r.RemoteAddr)
+			log.Printf("%q 配置文件为空, 超过2天禁止从公网访问。\n", util.GetRequestIPStr(r))
 			return
 		}
 
 		// 禁止公网访问
 		if conf.NotAllowWanAccess {
 			if !util.IsPrivateNetwork(r.RemoteAddr) || !util.IsPrivateNetwork(r.Host) {
 				w.WriteHeader(http.StatusForbidden)
-				log.Printf("%s 被禁止从公网访问\n", r.RemoteAddr)
+				log.Printf("%q 禁止从公网访问!\n", util.GetRequestIPStr(r))
 				return
 			}
 		}
@@ -51,7 +51,7 @@ func BasicAuth(f ViewFunc) ViewFunc {
 		}
 
 		if ld.FailTimes >= 5 {
-			log.Printf("%s 登陆失败超过5次! 并延时5分钟响应\n", r.RemoteAddr)
+			log.Printf("%q 登陆失败超过5次! 并延时5分钟响应!\n", util.GetRequestIPStr(r))
 			time.Sleep(5 * time.Minute)
 			if ld.FailTimes >= 5 {
 				ld.FailTimes = 0
@@ -84,14 +84,14 @@ func BasicAuth(f ViewFunc) ViewFunc {
 			}
 
 			ld.FailTimes = ld.FailTimes + 1
-			log.Printf("%s 登陆失败!\n", r.RemoteAddr)
+			log.Printf("%q 登陆失败!\n", util.GetRequestIPStr(r))
 		}
 
 		// 认证失败，提示 401 Unauthorized
 		// Restricted 可以改成其他的值
 		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 		// 401 状态码
 		w.WriteHeader(http.StatusUnauthorized)
-		log.Printf("%s 请求登陆!\n", r.RemoteAddr)
+		log.Printf("%q 请求登陆!\n", util.GetRequestIPStr(r))
 	}
 }