7x31/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-08-08 06:29:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Correctly handle multiple IPs in X-Forwarded-For (#2177)

Browse Source 
Co-authored-by: Louis Lam <louislam@users.noreply.github.com>
This commit is contained in:
Ben Scobie
2022-10-05 16:45:21 +01:00
committed by GitHub
parent 528a615fb2
commit c28d8ddff9
3 changed files with 87 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
test/backend.spec.js
View File

@@ -1,7 +1,11 @@
const { genSecret, DOWN } = require("../src/util");
const { genSecret, DOWN, log} = require("../src/util");
const utilServerRewire = require("../server/util-server");
const Discord = require("../server/notification-providers/discord");
const axios = require("axios");
const { UptimeKumaServer } = require("../server/uptime-kuma-server");
const Database = require("../server/database");
const {Settings} = require("../server/settings");
const fs = require("fs");
jest.mock("axios");
@@ -225,3 +229,80 @@ describe("The function filterAndJoin", () => {
expect(result).toBe("");
});
});
describe("Test uptimeKumaServer.getClientIP()", () => {
it("should able to get a correct client IP", async () => {
Database.init({
"data-dir": "./data/test"
});
if (! fs.existsSync(Database.path)) {
log.info("server", "Copying Database");
fs.copyFileSync(Database.templatePath, Database.path);
}
await Database.connect(true);
await Database.patch();
const fakeSocket = {
client: {
conn: {
remoteAddress: "192.168.10.10",
request: {
headers: {
}
}
}
}
}
const server = Object.create(UptimeKumaServer.prototype);
let ip = await server.getClientIP(fakeSocket);
await Settings.set("trustProxy", false);
expect(await Settings.get("trustProxy")).toBe(false);
expect(ip).toBe("192.168.10.10");
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "10.10.10.10";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("192.168.10.10");
fakeSocket.client.conn.request.headers["x-real-ip"] = "20.20.20.20";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("192.168.10.10");
await Settings.set("trustProxy", true);
expect(await Settings.get("trustProxy")).toBe(true);
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "10.10.10.10";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("10.10.10.10");
// x-real-ip
delete fakeSocket.client.conn.request.headers["x-forwarded-for"];
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("20.20.20.20");
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "2001:db8:85a3:8d3:1319:8a2e:370:7348";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("2001:db8:85a3:8d3:1319:8a2e:370:7348");
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "203.0.113.195";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("203.0.113.195");
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("203.0.113.195");
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "203.0.113.195,2001:db8:85a3:8d3:1319:8a2e:370:7348,150.172.238.178";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("203.0.113.195");
// Elements are comma-separated, with optional whitespace surrounding the commas.
fakeSocket.client.conn.request.headers["x-forwarded-for"] = "203.0.113.195 , 2001:db8:85a3:8d3:1319:8a2e:370:7348,150.172.238.178";
ip = await server.getClientIP(fakeSocket);
expect(ip).toBe("203.0.113.195");
await Database.close();
}, 120000);
});