search

bodaay / GoOpenDrop

a Go Implementation and Enhancement of the Awesome Open Source AirDrop implementation work of seemoo-lab: https://github.com/seemoo-lab/opendrop
GNU General Public License v3.0
90 stars 10 forks source link

GIN-debug warning #7

Closed IronBit-0 closed 1 year ago

IronBit-0 commented 1 year ago

When running goopendrop, I'm getting this warning:

[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:   export GIN_MODE=release
 - using code:  gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /Discover                 --> goopendrop/awdl.(*AWDLServer).StartWebServer.func1 (3 handlers)
[GIN-debug] HEAD   /                         --> goopendrop/awdl.(*AWDLServer).StartWebServer.func2 (3 handlers)
[GIN-debug] POST   /Ask                      --> goopendrop/awdl.(*AWDLServer).StartWebServer.func3 (3 handlers)
[GIN-debug] POST   /Upload                   --> goopendrop/awdl.(*AWDLServer).StartWebServer.func4 (3 handlers)
[GIN-debug] Listening and serving HTTPS on [xxxx::xxxx:xxx:xxxx:f43%awdl0]:8772
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
bodaay commented 1 year ago

you can fix it by following their docs:

` Gin lets you specify which headers to hold the real client IP (if any), as well as specifying which proxies (or direct clients) you trust to specify one of these headers.

Use function SetTrustedProxies() on your gin.Engine to specify network addresses or network CIDRs from where clients which their request headers related to client IP can be trusted. They can be IPv4 addresses, IPv4 CIDRs, IPv6 addresses or IPv6 CIDRs.

Attention: Gin trust all proxies by default if you don't specify a trusted proxy using the function above, this is NOT safe. At the same time, if you don't use any proxy, you can disable this feature by using Engine.SetTrustedProxies(nil), then Context.ClientIP() will return the remote address directly to avoid some unnecessary computation. `

I can update the code to reflect this

IronBit-0 commented 1 year ago

Yeah, updating the code to remove the warning might help other people who don't know what it means.