unjs · pi0 · Aug 14, 2023 · Aug 10, 2023 · Aug 10, 2023 · Aug 10, 2023
diff --git a/README.md b/README.md
@@ -224,6 +224,7 @@ H3 has a concept of composable utilities that accept `event` (from `eventHandler
 - `getRequestHost(event)`
 - `getRequestProtocol(event)`
 - `getRequestPath(event)`
+- `getRequestIP(event, { xForwardedFor: boolean })`
 
 #### Response
 

diff --git a/src/types.ts b/src/types.ts
@@ -44,6 +44,8 @@ export interface H3EventContext extends Record<string, any> {
   matchedRoute?: RouteNode;
   /* Cached session data */
   sessions?: Record<string, Session>;
+  /* Trusted IP Address of client */
+  clientAddress?: string;
 }
 
 export type EventHandlerResponse<T = any> = T | Promise<T>;

diff --git a/src/utils/request.ts b/src/utils/request.ts
@@ -149,3 +149,32 @@
   const path = getRequestPath(event);
   return new URL(path, `${protocol}://${host}`);
 }
+
+export function getRequestIP(
+  event: H3Event,
+  opts: {
+    /**
+     * Use the X-Forwarded-For HTTP header set by proxies.
+     *
+     * Note: Make sure that this header can be trusted (your application running behind a CDN or reverse proxy) before enabling.
+     */
+    xForwardedFor?: boolean;
+  } = {},
+): string | undefined {
+  if (event.context.clientAddress) {
+    return event.context.clientAddress;
+  }
+
+  if (opts.xForwardedFor) {
+    const xForwardedFor = getRequestHeader(event, "x-forwarded-for")
+      ?.split(",")
+      ?.pop();
+    if (xForwardedFor) {
+      return xForwardedFor;
+    }
+  }
+
+  if (event.node.req.socket.remoteAddress) {
+    return event.node.req.socket.remoteAddress;
+  }
+}
diff --git a/test/utils.test.ts b/test/utils.test.ts
@@ -11,6 +11,7 @@ import {
   getQuery,
   getRequestURL,
   readFormData,
+  getRequestIP,
 } from "../src";
 
 describe("", () => {
@@ -144,6 +145,48 @@ describe("", () => {
     }
   });
 
+  describe("getRequestIP", () => {
+    it("x-forwarded-for", async () => {
+      app.use(
+        "/",
+        eventHandler((event) => {
+          return getRequestIP(event, {
+            xForwardedFor: true,
+          });
+        }),
+      );
+      const req = request.get("/");
+      req.set("x-forwarded-for", "127.0.0.1");
+      expect((await req).text).toBe("127.0.0.1");
+    });
+    it("ports", async () => {
+      app.use(
+        "/",
+        eventHandler((event) => {
+          return getRequestIP(event, {
+            xForwardedFor: true,
+          });
+        }),
+      );
+      const req = request.get("/");
+      req.set("x-forwarded-for", "127.0.0.1:1234");
+      expect((await req).text).toBe("127.0.0.1:1234");
+    });
+    it("ipv6", async () => {
+      app.use(
+        "/",
+        eventHandler((event) => {
+          return getRequestIP(event, {
+            xForwardedFor: true,
+          });
+        }),
+      );
+      const req = request.get("/");
+      req.set("x-forwarded-for", "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+      expect((await req).text).toBe("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+    });
+  });
+
   describe("assertMethod", () => {
     it("only allow head and post", async () => {
       app.use(