search

Kong / ngx_wasm_module

Nginx + WebAssembly
Apache License 2.0
79 stars 7 forks source link

get real-ip issue #566

Closed ray1888 closed 2 months ago

ray1888 commented 2 months ago

i am using kong developing with a proxy-wasm base gosdk for some bussine logic, but i can't the the real ip with X-REAL-IP in header

using default config of kong container config like this 

_format_version: "1.1"
_transform: true

services:
- name: demo
  url: http://my-service
  routes:
  - name: my-route
    paths:
    - /
    strip_path: false
    filter_chains:
    - filters:
      - name: gitee-acl
        config: 
          cluster_name: 192.168.3.200:10000
          acl_service_host: 127.0.0.1
          acl_service_port: "10000"

upstreams:
  - name: my-service
    targets:
      - target: 192.168.3.200:10001
        weight: 100

my getting header code is below 

hs, err := proxywasm.GetHttpRequestHeaders()
if err != nil {
proxywasm.LogErrorf("failed to get request headers: %v", err)
return types.ActionContinue
}

var clientIp string

var tenantId string
for _, h := range hs {
proxywasm.LogDebugf("header is %s , value %s", h[0], h[1])
if h[0] != verify.CookieHeader && h[0] != verify.REALIPHeader {
    continue
}
key := strings.TrimSpace(h[0])
if key == verify.CookieHeader {
    proxywasm.LogDebugf("get cookies")
    _, tenantId, _ = verify.GetTenant(h[1])
} else if key == verify.REALIPHeader {
    proxywasm.LogDebugf("get real ip")
    clientIp = h[1]
}
}

if len(tenantId) == 0 {
proxywasm.LogInfof("Tenant id is 0")
return types.ActionContinue
}

var body []byte

if len(clientIp) == 0 {
proxywasm.LogInfof("clientIP is empty")
return types.ActionContinue
}

but the result is no include x-real-ip sector , logs are below 

2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] IN OnHttpRequestBody
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is :path , value /
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is :method , value GET
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is :scheme , value http
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is :authority , value kong:8000
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is Host , value 192.168.3.200:8000
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is User-Agent , value curl/7.81.0
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is Accept , value */*
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is content-type , value application/json
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is cookie , value lang=zh-CN; team_LAYOUT_STATE=eyJzaWRlYmFyV2lkdGgiOjI0MCwiZm9sZGluZyI6dHJ1ZX0=; _ga_R1FN4KJKJH=GS1.1.1709196284.1.0.1709196284.0.0.0; rememberMe=8mJZZe92zMKk/t7Zcz5I350HSSkyX7dd+ui+pfWAovHNPdsvh4LWfP54Yn7waIBbZ+8agkzWYWLIcGSYE+PGSaiL2Xd7iZrPzmqCSlV1tSzH6MXWnDKu72fOeSI/pfeSH6I+qog7ISTK+GgDsxsMvhD4imIGejDUHdZTB7lPJW2vkGCvi04/kaF9hB1NmLxQY7XLecU55ALDG+pvUemJVyOeETnAd8LPL71QmxpC7Dn0Idige9n38I2buj9xwmmzq56WaX644EchTK5n4vtlGviVgWoewofWQCYvJMg9Kok3HevJeCpMwt5Wbs7WbyZTZdnlbJmxd7S+LmJgGpZ5u289Ox5KjM762QRDu5YCyfLzzSZkV8fmQO+LydC0Hp7yQbhP8TR4b2NvFZLAWSU/E7rhUdVWlLpxevvTM3uDymDcVcdkqwtRDTvhT5/l86K0zajDENcb3nouh/m2Hm9F7QD3KgePDgxZEUoRoKasOjyi4Dh0QmJY6O3qNuSEe7yBfo+QUgxHtQRY5Mjv5WaKKOVhTOPaHihUZ3unKSdvOxSqmUeP6pEL3N5hgQwiv0QZJKdsV9uX5XOWnCcMiYSOnUl9VRETylc/NZ8kjt8MS9+ejVsmGluZtLYK6ACX898/zZZb+FQ6xtBZ; _ga=GA1.2.419558541.1709196285; _ga_N1XS2K7DEJ=GS1.2.1719987782.1.0.1719987782.60.0.0; _ga_T11SF3WXX2=GS1.2.1719987782.1.0.1719987782.60.0.0; _ga_K2SPJK2C73=GS1.2.1719987782.1.0.1719987782.60.0.0; USER_REALM_KEY=eyJyZWFsbVV1aWQiOiJvc2MiLCJjbGllbnRJZCI6Im9uZS1zc28iLCJyZWRpcmVjdFVyaSI6bnVsbH0=; PRE-GW-LOAD=eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjE3MDAiLCJ1U05DcmVhdGVkIjoiMTcwMCIsImRpc3BsYXlOYW1lIjoi6ZmI5L-K5a6PIiwic0FNQWNjb3VudE5hbWUiOiJjaGVuanVuaG9uZyIsImNvbXBhbnkiOiJ4bHktcG9jIiwiY29tcGFueUlkZW50aXR5IjoiQ09NUEFOWV9NRU1CRVIiLCJ1c2VyUHJpbmNpcGFsTmFtZSI6ImNoZW5qdW5ob25nQG9zY2hpbmEuY24iLCJqdGkiOiIzYTdhNjViYjNjOWY0MTQ1YjRkZDJjNzBiMTBmMDZmOCIsImlhdCI6MTcyMDU4MjUzMiwic3ViIjoiMTcwMCIsImV4cCI6MTcyMTE2MzYwMH0._xEPnxYcj-ayu5bU_CMujmAAPY1ks3KI-U-wBO95PRE; PRE-GW-SESSION=3a7a65bb3c9f4145b4dd2c70b10f06f8
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] get cookies
2024/07/10 11:31:12 [debug] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] header is Content-Length , value 43
2024/07/10 11:31:12 [info] 1333#0: *7735 [proxy-wasm]["gitee-acl" #1] clientIP is empty,

And i think base on the describe beolwo, realip module will work before my wasm filtter

image