Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of IPv6 addresses in getClientIP #3381

Merged
merged 2 commits into from Jul 14, 2023
Merged

Fix handling of IPv6 addresses in getClientIP #3381

merged 2 commits into from Jul 14, 2023

Conversation

n-thumann
Copy link
Contributor

@n-thumann n-thumann commented Jul 7, 2023
edited

⚠️⚠️⚠️ Since we do not accept all types of pull requests and do not want to waste your time. Please be sure that you have read pull request rules:
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma

Tick the checkbox if you understand [x]:

  • I have read and understand the pull request rules.

Description

This PR fixes the handling of IPv6 addresses in getClientIP. Currently this method fails to handle IPv6 addresses correctly. E.g. my log shows:

2023-07-08T00:15:01+02:00 [RATE-LIMIT] INFO: remaining requests: 19
2023-07-08T00:15:01+02:00 [AUTH] INFO: Successfully logged in user admin. IP=ca44
2023-07-08T00:15:02+02:00 [SETTINGS] DEBUG: Get Setting: initServerTimezone: null

when I logged in from xxxx:xxxx:xxxx:xxxx:59a9:4a64:bea4:ca44.

This is fixed by not blindly removing anything prefix the :, but only the relevant part (I suspect that this as been introduced in the first place to remove the prefix of IPv4-mapped IPv6 addresses):

> clientIP = "2001:db8::1"
'2001:db8::1'
> clientIP.replace(/^.*:/, "")
'1'
> clientIP.replace(/^::ffff:/, "")
'2001:db8::1'

> clientIP = "::ffff:127.0.0.1"
'::ffff:127.0.0.1'
> clientIP.replace(/^.*:/, "")
'127.0.0.1'
> clientIP.replace(/^::ffff:/, "")
'127.0.0.1'

The log now contains:

2023-07-08T00:16:02+02:00 [RATE-LIMIT] INFO: remaining requests: 19
2023-07-08T00:16:02+02:00 [AUTH] INFO: Successfully logged in user admin. IP=xxxx:xxxx:xxxx:xxxx:59a9:4a64:bea4:ca44
2023-07-08T00:16:02+02:00 [SETTINGS] DEBUG: Get Setting (cache): initServerTimezone: true

Type of change

Please delete any options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • My code follows the style guidelines of this project
  • I ran ESLint and other linters for modified files
  • I have performed a self-review of my own code and tested it
  • I have commented my code, particularly in hard-to-understand areas
    (including JSDoc for methods)
  • My changes generate no new warnings
  • My code needed automated testing. I have added them (this is optional task)

Screenshots (if any)

Please do not use any external image service. Instead, just paste in or drag and drop the image here, and it will be uploaded automatically.

@chakflying
Copy link
Collaborator

getClientIP has unit tests defined in test/backend.spec.js. Maybe you can add appropriate test cases there.

@n-thumann
Copy link
Contributor Author

getClientIP has unit tests defined in test/backend.spec.js. Maybe you can add appropriate test cases there.

Done :)

@louislam louislam added this to the 1.23.0 milestone Jul 10, 2023
@louislam louislam merged commit 2f5a565 into louislam:master Jul 14, 2023
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@n-thumann @chakflying @louislam