(Bug) req_id may incorrectly calculate IP address

poanetwork / poa-popa

DApp for proof of physical address (PoPA) attestation for validators of POA Network

https://popa.poa.network

GNU General Public License v3.0

24 stars 18 forks source link

(Bug) req_id may incorrectly calculate IP address #165

Closed phahulin closed 6 years ago

phahulin commented 6 years ago

What is it? (leave one option)
- (Bug) report (i.e. something doesn't work as it should)

https://github.com/poanetwork/poa-popa/blob/e259cec1fcfcfdff30a52bffb395d845c774855b/web-dapp/server-lib/req_id.js#L17-L25

Current implementation may incorrectly extract ips from x-forwarded-for header, e.g. from 192.168.0.10:50000, 37.10.5.2.

The fix is probably to swap code block starting from line 19 with code block starting from line 22.

fvictorio commented 6 years ago

This seems like a very testable code. I think we should add tests for all these branches (specially a test that reproduces the bug that this PR fixes).

fvictorio commented 6 years ago

Sorry, that comment was meant to be in the PR.