-
Notifications
You must be signed in to change notification settings - Fork 48
/
ip.go
98 lines (87 loc) · 2.3 KB
/
ip.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package ip
import (
"bytes"
"net"
"net/http"
"strings"
"github.com/lbryio/lbrytv/internal/monitor"
)
var logger = monitor.NewModuleLogger("ip")
// most of this is from https://husobee.github.io/golang/ip-address/2015/12/17/remote-ip-go.html
//ipRange holds the start and end of a range of ip addresses
type ipRange struct {
start net.IP
end net.IP
}
// Contains returns true if the ipRange contains the ip address
func (r ipRange) Contains(ip net.IP) bool {
return bytes.Compare(ip, r.start) >= 0 && bytes.Compare(ip, r.end) < 0
}
var privateRanges = []ipRange{
{
start: net.ParseIP("10.0.0.0"),
end: net.ParseIP("10.255.255.255"),
},
{
start: net.ParseIP("100.64.0.0"),
end: net.ParseIP("100.127.255.255"),
},
{
start: net.ParseIP("127.0.0.1"),
end: net.ParseIP("127.255.255.255"),
},
{
start: net.ParseIP("172.16.0.0"),
end: net.ParseIP("172.31.255.255"),
},
{
start: net.ParseIP("192.0.0.0"),
end: net.ParseIP("192.0.0.255"),
},
{
start: net.ParseIP("192.168.0.0"),
end: net.ParseIP("192.168.255.255"),
},
{
start: net.ParseIP("198.18.0.0"),
end: net.ParseIP("198.19.255.255"),
},
}
// IsPrivateSubnet checks if this ip is in a private subnet
func IsPrivateSubnet(ipAddress net.IP) bool {
// my use case is only concerned with ipv4 atm
if ipCheck := ipAddress.To4(); ipCheck != nil {
// iterate over all our ranges
for _, r := range privateRanges {
// check if this ip is in a private range
if r.Contains(ipAddress) {
return true
}
}
}
return false
}
// AddressForRequest returns the real IP address of the request
func AddressForRequest(r *http.Request) string {
for _, h := range []string{"X-Forwarded-For", "X-Real-Ip"} {
addresses := strings.Split(r.Header.Get(h), ",")
// march from right to left until we get a public address
// that will be the address right before our proxy.
for i := len(addresses) - 1; i >= 0; i-- {
addr := strings.TrimSpace(addresses[i])
// header can contain spaces too, strip those out.
realIP := net.ParseIP(addr)
if !realIP.IsGlobalUnicast() || IsPrivateSubnet(realIP) {
// bad address, go to next
continue
}
return addr
}
}
ipParts := strings.Split(r.RemoteAddr, ":")
addr := strings.Join(ipParts[:len(ipParts)-1], ":")
if addr == "[::1]" {
return "127.0.0.1"
}
return addr
}