mirror of
https://github.com/gin-gonic/gin.git
synced 2026-07-08 19:54:08 +08:00
Compare commits
3 Commits
cb4f29928f
...
d05a48cb47
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
d05a48cb47 | ||
|
|
63dd3e60ca | ||
|
|
3b3d3bf6da |
27
context.go
27
context.go
@ -986,14 +986,27 @@ func (c *Context) ClientIP() string {
|
||||
}
|
||||
}
|
||||
|
||||
// It also checks if the remoteIP is a trusted proxy or not.
|
||||
// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
|
||||
// defined by Engine.SetTrustedProxies()
|
||||
remoteIP := net.ParseIP(c.RemoteIP())
|
||||
if remoteIP == nil {
|
||||
return ""
|
||||
var (
|
||||
trusted bool
|
||||
remoteIP net.IP
|
||||
)
|
||||
// If gin is listening a unix socket, always trust it.
|
||||
localAddr, ok := c.Request.Context().Value(http.LocalAddrContextKey).(net.Addr)
|
||||
if ok && strings.HasPrefix(localAddr.Network(), "unix") {
|
||||
trusted = true
|
||||
}
|
||||
|
||||
// Fallback
|
||||
if !trusted {
|
||||
// It also checks if the remoteIP is a trusted proxy or not.
|
||||
// In order to perform this validation, it will see if the IP is contained within at least one of the CIDR blocks
|
||||
// defined by Engine.SetTrustedProxies()
|
||||
remoteIP = net.ParseIP(c.RemoteIP())
|
||||
if remoteIP == nil {
|
||||
return ""
|
||||
}
|
||||
trusted = c.engine.isTrustedProxy(remoteIP)
|
||||
}
|
||||
trusted := c.engine.isTrustedProxy(remoteIP)
|
||||
|
||||
if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
|
||||
for _, headerName := range c.engine.RemoteIPHeaders {
|
||||
|
||||
@ -1884,6 +1884,16 @@ func TestContextClientIP(t *testing.T) {
|
||||
c.engine.trustedCIDRs, _ = c.engine.prepareTrustedCIDRs()
|
||||
resetContextForClientIPTests(c)
|
||||
|
||||
// unix address
|
||||
addr := &net.UnixAddr{Net: "unix", Name: "@"}
|
||||
c.Request = c.Request.WithContext(context.WithValue(c.Request.Context(), http.LocalAddrContextKey, addr))
|
||||
c.Request.RemoteAddr = addr.String()
|
||||
assert.Equal(t, "20.20.20.20", c.ClientIP())
|
||||
|
||||
// reset
|
||||
c.Request = c.Request.WithContext(context.Background())
|
||||
resetContextForClientIPTests(c)
|
||||
|
||||
// Legacy tests (validating that the defaults don't break the
|
||||
// (insecure!) old behaviour)
|
||||
assert.Equal(t, "20.20.20.20", c.ClientIP())
|
||||
|
||||
@ -68,6 +68,9 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
|
||||
}
|
||||
}
|
||||
}
|
||||
if e, ok := err.(error); ok && errors.Is(e, http.ErrAbortHandler) {
|
||||
brokenPipe = true
|
||||
}
|
||||
if logger != nil {
|
||||
const stackSkip = 3
|
||||
if brokenPipe {
|
||||
|
||||
@ -142,6 +142,30 @@ func TestPanicWithBrokenPipe(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// TestPanicWithAbortHandler asserts that recovery handles http.ErrAbortHandler as broken pipe
|
||||
func TestPanicWithAbortHandler(t *testing.T) {
|
||||
const expectCode = 204
|
||||
|
||||
var buf strings.Builder
|
||||
router := New()
|
||||
router.Use(RecoveryWithWriter(&buf))
|
||||
router.GET("/recovery", func(c *Context) {
|
||||
// Start writing response
|
||||
c.Header("X-Test", "Value")
|
||||
c.Status(expectCode)
|
||||
|
||||
// Panic with ErrAbortHandler which should be treated as broken pipe
|
||||
panic(http.ErrAbortHandler)
|
||||
})
|
||||
// RUN
|
||||
w := PerformRequest(router, http.MethodGet, "/recovery")
|
||||
// TEST
|
||||
assert.Equal(t, expectCode, w.Code)
|
||||
out := buf.String()
|
||||
assert.Contains(t, out, "net/http: abort Handler")
|
||||
assert.NotContains(t, out, "panic recovered")
|
||||
}
|
||||
|
||||
func TestCustomRecoveryWithWriter(t *testing.T) {
|
||||
errBuffer := new(strings.Builder)
|
||||
buffer := new(strings.Builder)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user