sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions

fix(honeypot/naive): implement better IP parsing logic

Browse source 
Signed-off-by: Xe Iaso <me@xeiaso.net>
This commit is contained in:
Xe Iaso 2025-12-16 04:32:45 -05:00
parent 122e4bc072
commit 40afc13d7f
No known key found for this signature in database
2 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/headers.go
View file

@ -100,6 +100,9 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler {
ip := xff.Parse(xffHeader) ip := xff.Parse(xffHeader)
slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader) slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader)
r.Header.Set("X-Real-Ip", ip) r.Header.Set("X-Real-Ip", ip)
if addr, err := netip.ParseAddr(ip); err == nil {
r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr))
}
} }
next.ServeHTTP(w, r) next.ServeHTTP(w, r)

7
internal/honeypot/naive/naive.go
View file

@ -6,7 +6,9 @@ import (
"fmt" "fmt"
"log/slog" "log/slog"
"math/rand/v2" "math/rand/v2"
"net"
"net/http" "net/http"
"net/netip"
"time" "time"
"github.com/TecharoHQ/anubis/internal" "github.com/TecharoHQ/anubis/internal"
@ -152,9 +154,8 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) {
realIP, _ := internal.RealIP(r) realIP, _ := internal.RealIP(r)
if !realIP.IsValid() { if !realIP.IsValid() {
lg.Error("the real IP is somehow invalid, bad middleware stack?") host, _, _ := net.SplitHostPort(r.RemoteAddr)
http.Error(w, "The cake is a lie", http.StatusTeapot) realIP = netip.MustParseAddr(host)
return
} }
network, ok := internal.ClampIP(realIP) network, ok := internal.ClampIP(realIP)