mirror of
https://github.com/gin-gonic/gin.git
synced 2026-07-13 22:52:20 +08:00
Compare commits
3 Commits
14971c481a
...
5727bf02f9
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5727bf02f9 | ||
|
|
b2b489dbf4 | ||
|
|
b9d6964b7e |
33
context.go
33
context.go
@ -978,14 +978,27 @@ func (c *Context) ClientIP() string {
|
||||
}
|
||||
}
|
||||
|
||||
// It also checks if the remoteIP is a trusted proxy or not.
|
||||
// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
|
||||
// defined by Engine.SetTrustedProxies()
|
||||
remoteIP := net.ParseIP(c.RemoteIP())
|
||||
if remoteIP == nil {
|
||||
return ""
|
||||
var (
|
||||
trusted bool
|
||||
remoteIP net.IP
|
||||
)
|
||||
// If gin is listening a unix socket, always trust it.
|
||||
localAddr, ok := c.Request.Context().Value(http.LocalAddrContextKey).(net.Addr)
|
||||
if ok && strings.HasPrefix(localAddr.Network(), "unix") {
|
||||
trusted = true
|
||||
}
|
||||
|
||||
// Fallback
|
||||
if !trusted {
|
||||
// It also checks if the remoteIP is a trusted proxy or not.
|
||||
// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
|
||||
// defined by Engine.SetTrustedProxies()
|
||||
remoteIP = net.ParseIP(c.RemoteIP())
|
||||
if remoteIP == nil {
|
||||
return ""
|
||||
}
|
||||
trusted = c.engine.isTrustedProxy(remoteIP)
|
||||
}
|
||||
trusted := c.engine.isTrustedProxy(remoteIP)
|
||||
|
||||
if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
|
||||
for _, headerName := range c.engine.RemoteIPHeaders {
|
||||
@ -1436,10 +1449,8 @@ func (c *Context) Value(key any) any {
|
||||
if key == ContextKey {
|
||||
return c
|
||||
}
|
||||
if keyAsString, ok := key.(string); ok {
|
||||
if val, exists := c.Get(keyAsString); exists {
|
||||
return val
|
||||
}
|
||||
if val, exists := c.Get(key); exists {
|
||||
return val
|
||||
}
|
||||
if !c.hasRequestContext() {
|
||||
return nil
|
||||
|
||||
@ -1915,6 +1915,16 @@ func TestContextClientIP(t *testing.T) {
|
||||
c.engine.trustedCIDRs, _ = c.engine.prepareTrustedCIDRs()
|
||||
resetContextForClientIPTests(c)
|
||||
|
||||
// unix address
|
||||
addr := &net.UnixAddr{Net: "unix", Name: "@"}
|
||||
c.Request = c.Request.WithContext(context.WithValue(c.Request.Context(), http.LocalAddrContextKey, addr))
|
||||
c.Request.RemoteAddr = addr.String()
|
||||
assert.Equal(t, "20.20.20.20", c.ClientIP())
|
||||
|
||||
// reset
|
||||
c.Request = c.Request.WithContext(context.Background())
|
||||
resetContextForClientIPTests(c)
|
||||
|
||||
// Legacy tests (validating that the defaults don't break the
|
||||
// (insecure!) old behaviour)
|
||||
assert.Equal(t, "20.20.20.20", c.ClientIP())
|
||||
@ -2859,6 +2869,10 @@ func TestContextGolangContext(t *testing.T) {
|
||||
c.Set("foo", "bar")
|
||||
assert.Equal(t, "bar", c.Value("foo"))
|
||||
assert.Nil(t, c.Value(1))
|
||||
|
||||
type contextKey struct{}
|
||||
c.Set(contextKey{}, "value")
|
||||
assert.Equal(t, "value", c.Value(contextKey{}))
|
||||
}
|
||||
|
||||
func TestWebsocketsRequired(t *testing.T) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user