Open pini-gh opened 3 years ago
Clients can set the X-Real-IP
header themselves, and spoof IPs (not that there's any harm).
Should this feature be gated by a config flag?
It makes sense. Something like that?
diff --git a/config/prod.exs b/config/prod.exs
index d2b0323..e116179 100644
--- a/config/prod.exs
+++ b/config/prod.exs
@@ -26,7 +26,8 @@ config :tmate, :websocket, Keyword.merge(websocket_ranch_opts,
cowboy_opts: %{
compress: true,
proxy_header: System.get_env("USE_PROXY_PROTOCOL") == "1"},
- base_url: System.get_env("WEBSOCKET_BASE_URL")
+ base_url: System.get_env("WEBSOCKET_BASE_URL"),
+ trust_x_real_ip: System.get_env("TRUST_X_REAL_IP") == "1"
)
config :tzdata, :autoupdate, :disabled
diff --git a/lib/tmate/ws_api/websocket.ex b/lib/tmate/ws_api/websocket.ex
index 2673f5d..f4c4d40 100644
--- a/lib/tmate/ws_api/websocket.ex
+++ b/lib/tmate/ws_api/websocket.ex
@@ -24,9 +24,10 @@ defmodule Tmate.WsApi.WebSocket do
{mode, session} ->
case Tmate.Session.ws_verify_auth(session) do
:ok ->
+ trust_x_real_ip = Application.get_env(:tmate, :websocket)[:trust_x_real_ip]
ip = case req do
%{proxy_header: %{src_address: ip}} -> ip
- %{headers: %{"x-real-ip" => ipstring}} ->
+ %{headers: %{"x-real-ip" => ipstring}} when trust_x_real_ip ->
{_, ip} = :inet.parse_address(ipstring |> to_charlist)
ip
%{peer: {ip, _port}} -> ip
Fix #5.