Merge branch 'sshd-forwarded-for' into 'main'

Pass original IP from PROXY requests to internal API calls

See merge request gitlab-org/gitlab-shell!665

1 files changed, 1 insertions, 17 deletions

diff --git a/internal/gitlabnet/accessverifier/client.go b/internal/gitlabnet/accessverifier/client.go
index c46a16f..adeccd6 100644
--- a/internal/gitlabnet/accessverifier/client.go
+++ b/internal/gitlabnet/accessverifier/client.go
@@ -3,7 +3,6 @@ package accessverifier
 import (
 	"context"
 	"fmt"
-	"net"
 	"net/http"
 
 	pb "gitlab.com/gitlab-org/gitaly/v14/proto/go/gitalypb"
@@ -86,7 +85,7 @@ func (c *Client) Verify(ctx context.Context, args *commandargs.Shell, action com
 		request.KeyId = args.GitlabKeyId
 	}
 
-	request.CheckIp = parseIP(args.Env.RemoteAddr)
+	request.CheckIp = gitlabnet.ParseIP(args.Env.RemoteAddr)
 
 	response, err := c.client.Post(ctx, "/allowed", request)
 	if err != nil {
@@ -117,18 +116,3 @@ func parse(hr *http.Response, args *commandargs.Shell) (*Response, error) {
 func (r *Response) IsCustomAction() bool {
 	return r.StatusCode == http.StatusMultipleChoices
 }
-
-func parseIP(remoteAddr string) string {
-	// The remoteAddr field can be filled by:
-	// 1. An IP address via the SSH_CONNECTION environment variable
-	// 2. A host:port combination via the PROXY protocol
-	ip, _, err := net.SplitHostPort(remoteAddr)
-
-	// If we don't have a port or can't parse this address for some reason,
-	// just return the original string.
-	if err != nil {
-		return remoteAddr
-	}
-
-	return ip
-}