From 3111fff8dc41c3258202f8afb13bc5b54f690d5e Mon Sep 17 00:00:00 2001 From: maslow Date: Fri, 1 Dec 2023 12:33:45 +0800 Subject: [PATCH 1/2] fix(server): fix get_client_ip method, use x-forwarded-fro first --- .../authentication/email/email.controller.ts | 3 ++- .../authentication/phone/phone.controller.ts | 3 ++- server/src/utils/getter.ts | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/server/src/authentication/email/email.controller.ts b/server/src/authentication/email/email.controller.ts index 99fd922289..82ccff021d 100644 --- a/server/src/authentication/email/email.controller.ts +++ b/server/src/authentication/email/email.controller.ts @@ -4,6 +4,7 @@ import { ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger' import { ResponseUtil } from 'src/utils/response' import { SendEmailCodeDto } from '../dto/send-email-code.dto' import { EmailService } from './email.service' +import { GetClientIPFromRequest } from 'src/utils/getter' @ApiTags('Authentication') @Controller('auth') @@ -21,7 +22,7 @@ export class EmailController { @Post('email/code') async sendCode(@Req() req: IRequest, @Body() dto: SendEmailCodeDto) { const { email, type } = dto - const ip = req.headers['x-real-ip'] as string + const ip = GetClientIPFromRequest(req) const err = await this.emailService.sendCode(email, type, ip) if (err) { diff --git a/server/src/authentication/phone/phone.controller.ts b/server/src/authentication/phone/phone.controller.ts index f44396493d..57f552a68b 100644 --- a/server/src/authentication/phone/phone.controller.ts +++ b/server/src/authentication/phone/phone.controller.ts @@ -10,6 +10,7 @@ import { UserService } from 'src/user/user.service' import { AuthBindingType, AuthProviderBinding } from '../entities/types' import { SmsVerifyCodeType } from '../entities/sms-verify-code' import { SmsService } from './sms.service' +import { GetClientIPFromRequest } from 'src/utils/getter' @ApiTags('Authentication') @Controller('auth') @@ -31,7 +32,7 @@ export class PhoneController { @Post('phone/sms/code') async sendCode(@Req() req: IRequest, @Body() dto: SendPhoneCodeDto) { const { phone, type } = dto - const ip = req.headers['x-real-ip'] as string + const ip = GetClientIPFromRequest(req) const err = await this.phoneService.sendCode(phone, type, ip) if (err) { diff --git a/server/src/utils/getter.ts b/server/src/utils/getter.ts index ab71db06a1..9b88cf584e 100644 --- a/server/src/utils/getter.ts +++ b/server/src/utils/getter.ts @@ -30,3 +30,20 @@ export function isConditionTrue(type: string, conditions: Condition[] | any[]) { } return false } + +export function GetClientIPFromRequest(req: any) { + // try to get ip from x-forwarded-for + const ips_str = req.headers['x-forwarded-for'] as string + if (ips_str) { + const ips = ips_str.split(',') + return ips[0] + } + + // try to get ip from x-real-ip + const ip = req.headers['x-real-ip'] as string + if (ip) { + return ip + } + + return null +} From 75a81143f69a8f854f44c54bcbc11e04e0ed26d3 Mon Sep 17 00:00:00 2001 From: maslow Date: Fri, 1 Dec 2023 12:38:24 +0800 Subject: [PATCH 2/2] fix(runtime): fix x-real-ip from x-forwarded-for while gateway not set --- runtimes/nodejs/src/index.ts | 10 +++++++++- runtimes/nodejs/src/support/utils.ts | 18 ++++++++++++++++++ server/src/utils/getter.ts | 3 ++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/runtimes/nodejs/src/index.ts b/runtimes/nodejs/src/index.ts index d6a79e9e87..05c3d52d72 100644 --- a/runtimes/nodejs/src/index.ts +++ b/runtimes/nodejs/src/index.ts @@ -12,7 +12,7 @@ import { parseToken, splitBearerToken } from './support/token' import Config from './config' import { router } from './handler/router' import { logger } from './support/logger' -import { generateUUID } from './support/utils' +import { GetClientIPFromRequest, generateUUID } from './support/utils' import { WebSocketAgent } from './support/ws' import { DatabaseAgent } from './db' import xmlparser from 'express-xml-bodyparser' @@ -42,6 +42,14 @@ app.use( }), ) +// fix x-real-ip while gateway not set +app.use((req, _res, next) => { + if (!req.headers['x-real-ip']) { + req.headers['x-real-ip'] = GetClientIPFromRequest(req) + } + next() +}) + app.use(express.json({ limit: Config.REQUEST_LIMIT_SIZE }) as any) app.use( express.urlencoded({ diff --git a/runtimes/nodejs/src/support/utils.ts b/runtimes/nodejs/src/support/utils.ts index b707bcf6d7..9cdf014cb1 100644 --- a/runtimes/nodejs/src/support/utils.ts +++ b/runtimes/nodejs/src/support/utils.ts @@ -1,4 +1,5 @@ import * as crypto from 'crypto' +import { IRequest } from './types' /** * Generate UUID v4 @@ -115,3 +116,20 @@ export function base64ToUint8Array(base64: string) { const buffer = Buffer.from(base64, 'base64') return new Uint8Array(buffer) } + +export function GetClientIPFromRequest(req: IRequest) { + // try to get ip from x-forwarded-for + const ips_str = req.headers['x-forwarded-for'] as string + if (ips_str) { + const ips = ips_str.split(',') + return ips[0] + } + + // try to get ip from x-real-ip + const ip = req.headers['x-real-ip'] as string + if (ip) { + return ip + } + + return null +} diff --git a/server/src/utils/getter.ts b/server/src/utils/getter.ts index 9b88cf584e..0102a9827c 100644 --- a/server/src/utils/getter.ts +++ b/server/src/utils/getter.ts @@ -1,5 +1,6 @@ import { Condition } from 'src/region/cluster/types' import { ApplicationNamespaceMode, Region } from 'src/region/entities/region' +import { IRequest } from './interface' /** * Get application namespace name by appid (in kubernetes) @@ -31,7 +32,7 @@ export function isConditionTrue(type: string, conditions: Condition[] | any[]) { return false } -export function GetClientIPFromRequest(req: any) { +export function GetClientIPFromRequest(req: IRequest) { // try to get ip from x-forwarded-for const ips_str = req.headers['x-forwarded-for'] as string if (ips_str) {