mirror of
https://github.com/octoleo/syncthing.git
synced 2025-01-05 08:02:13 +00:00
### Purpose Treat X-Forwarded-For as a comma-separated string to prevent nil IP being returned by the Discovery Server ### Testing Unit Tests implemented Testing with a Discovery Client can be done as follows: ``` A simple example to replicate this entails running Discovery with HTTP, use Nginx as a reverse proxy and hardcode (as an example) a list of IPs in the X-Forwarded-For header. 1. Send an Announcement with tcp://0.0.0.0:<some-port> 2. Query the DeviceID 3. Observe the returned IP Address is no longer nil; i.e. `tcp://<nil>:<some-port>` ```
This commit is contained in:
parent
cb4c1f9ad2
commit
854499382e
@ -136,7 +136,12 @@ func (s *apiSrv) handler(w http.ResponseWriter, req *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if s.useHTTP {
|
if s.useHTTP {
|
||||||
remoteAddr.IP = net.ParseIP(req.Header.Get("X-Forwarded-For"))
|
// X-Forwarded-For can have multiple client IPs; split using the comma separator
|
||||||
|
forwardIP, _, _ := strings.Cut(req.Header.Get("X-Forwarded-For"), ",")
|
||||||
|
|
||||||
|
// net.ParseIP will return nil if leading/trailing whitespace exists; use strings.TrimSpace()
|
||||||
|
remoteAddr.IP = net.ParseIP(strings.TrimSpace(forwardIP))
|
||||||
|
|
||||||
if parsedPort, err := strconv.ParseInt(req.Header.Get("X-Client-Port"), 10, 0); err == nil {
|
if parsedPort, err := strconv.ParseInt(req.Header.Get("X-Client-Port"), 10, 0); err == nil {
|
||||||
remoteAddr.Port = int(parsedPort)
|
remoteAddr.Port = int(parsedPort)
|
||||||
}
|
}
|
||||||
@ -410,13 +415,13 @@ func fixupAddresses(remote *net.TCPAddr, addresses []string) []string {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if remote != nil {
|
|
||||||
if host == "" || ip.IsUnspecified() {
|
if host == "" || ip.IsUnspecified() {
|
||||||
|
if remote != nil {
|
||||||
// Replace the unspecified IP with the request source.
|
// Replace the unspecified IP with the request source.
|
||||||
|
|
||||||
// ... unless the request source is the loopback address or
|
// ... unless the request source is the loopback address or
|
||||||
// multicast/unspecified (can't happen, really).
|
// multicast/unspecified (can't happen, really).
|
||||||
if remote.IP.IsLoopback() || remote.IP.IsMulticast() || remote.IP.IsUnspecified() {
|
if remote.IP == nil || remote.IP.IsLoopback() || remote.IP.IsMulticast() || remote.IP.IsUnspecified() {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -432,11 +437,22 @@ func fixupAddresses(remote *net.TCPAddr, addresses []string) []string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
host = remote.IP.String()
|
host = remote.IP.String()
|
||||||
|
|
||||||
|
} else {
|
||||||
|
// remote is nil, unable to determine host IP
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If zero port was specified, use remote port.
|
// If zero port was specified, use remote port.
|
||||||
if port == "0" && remote.Port > 0 {
|
if port == "0" {
|
||||||
|
if remote != nil && remote.Port > 0 {
|
||||||
|
// use remote port
|
||||||
port = strconv.Itoa(remote.Port)
|
port = strconv.Itoa(remote.Port)
|
||||||
|
} else {
|
||||||
|
// unable to determine remote port
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -69,6 +69,14 @@ func TestFixupAddresses(t *testing.T) {
|
|||||||
remote: addr("123.123.123.123", 9000),
|
remote: addr("123.123.123.123", 9000),
|
||||||
in: []string{"tcp://44.44.44.44:0"},
|
in: []string{"tcp://44.44.44.44:0"},
|
||||||
out: []string{"tcp://44.44.44.44:9000"},
|
out: []string{"tcp://44.44.44.44:9000"},
|
||||||
|
}, { // remote ip nil
|
||||||
|
remote: addr("", 9000),
|
||||||
|
in: []string{"tcp://:22000", "tcp://44.44.44.44:9000"},
|
||||||
|
out: []string{"tcp://44.44.44.44:9000"},
|
||||||
|
}, { // remote port 0
|
||||||
|
remote: addr("123.123.123.123", 0),
|
||||||
|
in: []string{"tcp://:22000", "tcp://44.44.44.44"},
|
||||||
|
out: []string{"tcp://123.123.123.123:22000"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user