access IP headers form server from Meteor.call

gadicc / meteor-headers

Access HTTP headers on both server and client. Client IP with proxy support.

https://atmospherejs.com/gadicohen/headers

GNU Lesser General Public License v3.0

61 stars 21 forks source link

access IP headers form server from Meteor.call #2

Closed ccorcos closed 10 years ago

ccorcos commented 11 years ago

Meteor.methods({ method: function() { console.log(headers.get()); }, });

This produces nothing: {}

How do I get the IP of the user who sent it?

gadicc commented 11 years ago

My bad, I rushed out the 0.6.5 support and inadvertently broke header support on the server. Thanks for pointing this out, it's been fixed and I've just pushed version 0.0.4 out to Atmosphere.

headers.get('x-forwarded-for').replace(/, /, ',').split(',')[0]; should get you what you need - please confirm. Also, read elsewhere about the reliability of the X-Forwarded-For header for getting the user's IP address. It's very easy to spoof. Instead of using index 0, you should really take the final element in the array less the number of proxies under your control.

ccorcos commented 11 years ago

that works! thanks.

Any recommendations for what to use instead? spoofing could eventually be an issue...

gadicc commented 11 years ago

From my brief investigation of the issue (I don't use this personally), it should be fine if used as described above. I just threw in an undocumented freebie to do this a bit more cleanly, headers.getClientIP(proxyCount). proxyCount can be ommitted if you aren't running any proxies / caches / load balancers, otherwise it should be the number of proxies used as part of your hosting setup (i.e. that you can vouch for).

Just to explain, each proxy in the chain appends to the X-Forwarded-For header, such that if you know the number of proxies, you can work out the initial IP address specified by the first proxy in the chain (i.e. the end user's IP address). Thus, even if the end-user sends a request with his own X-Forwarded-For header, you can ignore these IPs. In the case where the user's ISP has a transparent proxy, you'll get that proxy's IP... but that remains the only IP that you know for sure is real.

DiyahM commented 10 years ago

This may be a newbie question, however, I receive error:

Exception in onConnection callback: Error: Call headers.getClientIP(this) only from within a method or publish function. With callbacks / anonymous functions, use: var self=this; and call headers.getClientIP(self);

when calling from from the server on connection. Code below:

if (Meteor.isServer) { Meteor.methods({ ip: function(){ return headers.getClientIP(this); } });

Meteor.onConnection(function () { console.log(Meteor.call('ip')); }); }

I receive the same error even when changed to the below:

if (Meteor.isServer) { Meteor.methods({ ip: function(){ var self = this; return headers.getClientIP(self); } });

Meteor.onConnection(function () { console.log(Meteor.call('ip')); }); }

Any suggestions?

gadicc commented 10 years ago

Hey, sorry for the long delay; almost missed this since you wrote it on a closed issue from 3 months ago? :) I've opened a new issue https://github.com/gadicohen/meteor-headers/issues/14 which deals with this problem specifically; I'd love to know what you're trying to accomplish and hopefully we can find a workaround.

DiyahM commented 10 years ago

Thanks. I'll post there.