From 9b60ce49460876d0e599f2fec65f02856930dbcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Rodr=C3=ADguez?= Date: Thu, 30 Jun 2022 21:37:31 +0200 Subject: Pass original IP from PROXY requests to internal API calls --- internal/gitlabnet/accessverifier/client.go | 18 +----------------- internal/gitlabnet/client.go | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 17 deletions(-) (limited to 'internal/gitlabnet') diff --git a/internal/gitlabnet/accessverifier/client.go b/internal/gitlabnet/accessverifier/client.go index c46a16f..adeccd6 100644 --- a/internal/gitlabnet/accessverifier/client.go +++ b/internal/gitlabnet/accessverifier/client.go @@ -3,7 +3,6 @@ package accessverifier import ( "context" "fmt" - "net" "net/http" pb "gitlab.com/gitlab-org/gitaly/v14/proto/go/gitalypb" @@ -86,7 +85,7 @@ func (c *Client) Verify(ctx context.Context, args *commandargs.Shell, action com request.KeyId = args.GitlabKeyId } - request.CheckIp = parseIP(args.Env.RemoteAddr) + request.CheckIp = gitlabnet.ParseIP(args.Env.RemoteAddr) response, err := c.client.Post(ctx, "/allowed", request) if err != nil { @@ -117,18 +116,3 @@ func parse(hr *http.Response, args *commandargs.Shell) (*Response, error) { func (r *Response) IsCustomAction() bool { return r.StatusCode == http.StatusMultipleChoices } - -func parseIP(remoteAddr string) string { - // The remoteAddr field can be filled by: - // 1. An IP address via the SSH_CONNECTION environment variable - // 2. A host:port combination via the PROXY protocol - ip, _, err := net.SplitHostPort(remoteAddr) - - // If we don't have a port or can't parse this address for some reason, - // just return the original string. - if err != nil { - return remoteAddr - } - - return ip -} diff --git a/internal/gitlabnet/client.go b/internal/gitlabnet/client.go index 39c3320..9bcf6db 100644 --- a/internal/gitlabnet/client.go +++ b/internal/gitlabnet/client.go @@ -3,6 +3,7 @@ package gitlabnet import ( "encoding/json" "fmt" + "net" "net/http" "gitlab.com/gitlab-org/gitlab-shell/client" @@ -34,3 +35,18 @@ func ParseJSON(hr *http.Response, response interface{}) error { return nil } + +func ParseIP(remoteAddr string) string { + // The remoteAddr field can be filled by: + // 1. An IP address via the SSH_CONNECTION environment variable + // 2. A host:port combination via the PROXY protocol + ip, _, err := net.SplitHostPort(remoteAddr) + + // If we don't have a port or can't parse this address for some reason, + // just return the original string. + if err != nil { + return remoteAddr + } + + return ip +} -- cgit v1.2.1