1
0
mirror of https://github.com/fafhrd91/actix-web synced 2024-11-23 16:21:06 +01:00

never return port in realip_remote_addr (#2554)

This commit is contained in:
Rob Ede 2021-12-28 14:52:43 +00:00 committed by GitHub
parent 0f5c876c6b
commit 2b2de29800
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 97 additions and 59 deletions

View File

@ -11,7 +11,13 @@
- Some guards now return `impl Guard` and their concrete types are made private: `guard::{Header}` and all the method guards. [#2552]
- The `Not` guard is now generic over the type of guard it wraps. [#2552]
### Fixed
- Rename `ConnectionInfo::{remote_addr => peer_addr}`, deprecating the old name. [#2554]
- `ConnectionInfo::peer_addr` will not return the port number. [#2554]
- `ConnectionInfo::realip_remote_addr` will not return the port number if sourcing the IP from the peer's socket address. [#2554]
[#2552]: https://github.com/actix/actix-web/pull/2552
[#2554]: https://github.com/actix/actix-web/pull/2554
## 4.0.0-beta.16 - 2021-12-27

View File

@ -128,7 +128,7 @@ impl AppConfig {
/// Server host name.
///
/// Host name is used by application router as a hostname for url generation.
/// Host name is used by application router as a hostname for URL generation.
/// Check [ConnectionInfo](super::dev::ConnectionInfo::host())
/// documentation for more information.
///
@ -137,7 +137,7 @@ impl AppConfig {
&self.host
}
/// Returns true if connection is secure(https)
/// Returns true if connection is secure (i.e., running over `https:`).
pub fn secure(&self) -> bool {
self.secure
}

View File

@ -67,7 +67,7 @@ fn first_header_value<'a>(req: &'a RequestHead, name: &'_ HeaderName) -> Option<
pub struct ConnectionInfo {
host: String,
scheme: String,
remote_addr: Option<String>,
peer_addr: Option<String>,
realip_remote_addr: Option<String>,
}
@ -134,67 +134,70 @@ impl ConnectionInfo {
.or_else(|| first_header_value(req, &*X_FORWARDED_FOR))
.map(str::to_owned);
let remote_addr = req.peer_addr.map(|addr| addr.to_string());
let peer_addr = req.peer_addr.map(|addr| addr.ip().to_string());
ConnectionInfo {
host,
scheme,
remote_addr,
peer_addr,
realip_remote_addr,
}
}
/// Real IP (remote address) of client that initiated request.
///
/// The address is resolved through the following, in order:
/// - `Forwarded` header
/// - `X-Forwarded-For` header
/// - peer address of opened socket (same as [`remote_addr`](Self::remote_addr))
///
/// # Security
/// Do not use this function for security purposes unless you can be sure that the `Forwarded`
/// and `X-Forwarded-For` headers cannot be spoofed by the client. If you are running without a
/// proxy then [obtaining the peer address](Self::peer_addr) would be more appropriate.
#[inline]
pub fn realip_remote_addr(&self) -> Option<&str> {
self.realip_remote_addr
.as_deref()
.or_else(|| self.peer_addr.as_deref())
}
/// Returns serialized IP address of the peer connection.
///
/// See [`HttpRequest::peer_addr`] for more details.
#[inline]
pub fn peer_addr(&self) -> Option<&str> {
self.peer_addr.as_deref()
}
/// Hostname of the request.
///
/// Hostname is resolved through the following, in order:
/// - `Forwarded` header
/// - `X-Forwarded-Host` header
/// - `Host` header
/// - request target / URI
/// - configured server hostname
#[inline]
pub fn host(&self) -> &str {
&self.host
}
/// Scheme of the request.
///
/// Scheme is resolved through the following headers, in this order:
///
/// - Forwarded
/// - X-Forwarded-Proto
/// - Uri
/// Scheme is resolved through the following, in order:
/// - `Forwarded` header
/// - `X-Forwarded-Proto` header
/// - request target / URI
#[inline]
pub fn scheme(&self) -> &str {
&self.scheme
}
/// Hostname of the request.
///
/// Hostname is resolved through the following headers, in this order:
///
/// - Forwarded
/// - X-Forwarded-Host
/// - Host
/// - Uri
/// - Server hostname
pub fn host(&self) -> &str {
&self.host
}
/// Remote address of the connection.
///
/// Get remote_addr address from socket address.
#[doc(hidden)]
#[deprecated(since = "4.0.0", note = "Renamed to `peer_addr`.")]
pub fn remote_addr(&self) -> Option<&str> {
self.remote_addr.as_deref()
}
/// Real IP (remote address) of client that initiated request.
///
/// The address is resolved through the following headers, in this order:
///
/// - Forwarded
/// - X-Forwarded-For
/// - remote_addr name of opened socket
///
/// # Security
/// Do not use this function for security purposes, unless you can ensure the Forwarded and
/// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
/// address explicitly, use [`HttpRequest::peer_addr()`][peer_addr] instead.
///
/// [peer_addr]: crate::web::HttpRequest::peer_addr()
#[inline]
pub fn realip_remote_addr(&self) -> Option<&str> {
self.realip_remote_addr
.as_deref()
.or_else(|| self.remote_addr.as_deref())
self.peer_addr()
}
}
@ -209,7 +212,7 @@ impl FromRequest for ConnectionInfo {
/// Extractor for peer's socket address.
///
/// Also see [`HttpRequest::peer_addr`].
/// Also see [`HttpRequest::peer_addr`] and [`ConnectionInfo::peer_addr`].
///
/// # Examples
/// ```
@ -432,13 +435,37 @@ mod tests {
#[actix_rt::test]
async fn peer_addr_extract() {
let req = TestRequest::default().to_http_request();
let res = PeerAddr::extract(&req).await;
assert!(res.is_err());
let addr = "127.0.0.1:8080".parse().unwrap();
let req = TestRequest::default().peer_addr(addr).to_http_request();
let peer_addr = PeerAddr::extract(&req).await.unwrap();
assert_eq!(peer_addr, PeerAddr(addr));
}
#[actix_rt::test]
async fn remote_address() {
let req = TestRequest::default().to_http_request();
let res = PeerAddr::extract(&req).await;
assert!(res.is_err());
let res = ConnectionInfo::extract(&req).await.unwrap();
assert!(res.peer_addr().is_none());
let addr = "127.0.0.1:8080".parse().unwrap();
let req = TestRequest::default().peer_addr(addr).to_http_request();
let conn_info = ConnectionInfo::extract(&req).await.unwrap();
assert_eq!(conn_info.peer_addr().unwrap(), "127.0.0.1");
}
#[actix_rt::test]
async fn real_ip_from_socket_addr() {
let req = TestRequest::default().to_http_request();
let res = ConnectionInfo::extract(&req).await.unwrap();
assert!(res.realip_remote_addr().is_none());
let addr = "127.0.0.1:8080".parse().unwrap();
let req = TestRequest::default().peer_addr(addr).to_http_request();
let conn_info = ConnectionInfo::extract(&req).await.unwrap();
assert_eq!(conn_info.realip_remote_addr().unwrap(), "127.0.0.1");
}
}

View File

@ -547,7 +547,7 @@ impl FormatText {
*self = FormatText::Str(s.to_string());
}
FormatText::RemoteAddr => {
let s = if let Some(peer) = req.connection_info().remote_addr() {
let s = if let Some(peer) = req.connection_info().peer_addr() {
FormatText::Str((*peer).to_string())
} else {
FormatText::Str("-".to_string())

View File

@ -228,23 +228,28 @@ impl HttpRequest {
self.app_state().rmap()
}
/// Peer socket address.
/// Returns peer socket address.
///
/// Peer address is the directly connected peer's socket address. If a proxy is used in front of
/// the Actix Web server, then it would be address of this proxy.
///
/// To get client connection information `.connection_info()` should be used.
/// For expanded client connection information, use [`connection_info`] instead.
///
/// Will only return None when called in unit tests.
/// Will only return None when called in unit tests unless [`TestRequest::peer_addr`] is used.
///
/// [`TestRequest::peer_addr`]: crate::test::TestRequest::peer_addr
/// [`connection_info`]: Self::connection_info
#[inline]
pub fn peer_addr(&self) -> Option<net::SocketAddr> {
self.head().peer_addr
}
/// Get *ConnectionInfo* for the current request.
/// Returns connection info for the current request.
///
/// This method panics if request's extensions container is already
/// borrowed.
/// The return type, [`ConnectionInfo`], can also be used as an extractor.
///
/// # Panics
/// Panics if request's extensions container is already borrowed.
#[inline]
pub fn connection_info(&self) -> Ref<'_, ConnectionInfo> {
if !self.extensions().contains::<ConnectionInfo>() {
@ -252,7 +257,7 @@ impl HttpRequest {
self.extensions_mut().insert(info);
}
Ref::map(self.extensions(), |e| e.get().unwrap())
Ref::map(self.extensions(), |data| data.get().unwrap())
}
/// App config