Add support for X-Forwarded-For header (e.g. if accessed via reverse proxy)

Programie · Programie · commit 22e69e78b32c · 2019-08-03T02:00:48.000+02:00
diff --git a/config.sample.json b/config.sample.json
@@ -2,6 +2,7 @@
     "server": "localhost",
     "ttl": 60,
     "nsupdate_options": "-k /path/to/keyfile",
+    "trusted_proxies": ["172.18.0.2"],
     "users": {
         "myuser": {
             "password_hash": "$5$qS83kPfObw5$hOL2P9IwOdGXOIhyoy3hir5KN4YT7x2gauQMHSOHxv2",
diff --git a/index.php b/index.php
@@ -1,6 +1,7 @@
 <?php
 use com\selfcoders\phpdyndns\config\Config;
 use com\selfcoders\phpdyndns\ErrorCode;
+use com\selfcoders\phpdyndns\IPUtils;
 use com\selfcoders\phpdyndns\NSUpdate;
 
 require_once __DIR__ . "/vendor/autoload.php";
@@ -38,7 +39,7 @@
 $username = $_GET["username"] ?? $_SERVER["PHP_AUTH_USER"] ?? null;
 $password = $_GET["password"] ?? $_SERVER["PHP_AUTH_PW"] ?? null;
 $hostname = $_GET["hostname"] ?? null;
-$ipAddress = $_GET["ipaddress"] ?? $_SERVER["REMOTE_ADDR"];
+$ipAddress = $_GET["ipaddress"] ?? IPUtils::getClientIP($config->trustedProxies);
 
 if ($username === null or $password === null) {
     header("WWW-Authenticate: Basic realm=\"DynDNS Update\"");
diff --git a/src/main/php/com/selfcoders/phpdyndns/IPUtils.php b/src/main/php/com/selfcoders/phpdyndns/IPUtils.php
@@ -0,0 +1,15 @@
+<?php
+namespace com\selfcoders\phpdyndns;
+
+class IPUtils
+{
+    public static function getClientIP($trustedProxies = [])
+    {
+        if (isset($_SERVER["X_FORWARDED_FOR"]) and in_array($_SERVER["REMOTE_ADDR"], $trustedProxies)) {
+            $ips = explode(",", $_SERVER["X_FORWARDED_FOR"]);
+            return trim(end($ips));
+        }
+
+        return $_SERVER["REMOTE_ADDR"];
+    }
+}
diff --git a/src/main/php/com/selfcoders/phpdyndns/config/Config.php b/src/main/php/com/selfcoders/phpdyndns/config/Config.php
@@ -21,6 +21,10 @@ class Config
      * @var string
      */
     public $nsupdateOptions = "";
+    /**
+     * @var string[]
+     */
+    public $trustedProxies = [];
 
     /**
      * @param string $username
@@ -45,8 +49,19 @@ public function setUsers(array $users)
         }
     }
 
+    /**
+     * @param string $options
+     */
     public function setNsupdateOptions(string $options)
     {
         $this->nsupdateOptions = $options;
     }
+
+    /**
+     * @param string[] $ips
+     */
+    public function setTrustedProxies(array $ips)
+    {
+        $this->trustedProxies = $ips;
+    }
 }
diff --git a/src/test/php/com/selfcoders/phpdyndns/ConfigTest.php b/src/test/php/com/selfcoders/phpdyndns/ConfigTest.php
@@ -36,6 +36,7 @@ public function testConfig(): void
         $this->assertEquals("localhost", $this->config->server);
         $this->assertEquals(60, $this->config->ttl);
         $this->assertEquals("-k /path/to/keyfile", $this->config->nsupdateOptions);
+        $this->assertEquals(["172.18.0.2"], $this->config->trustedProxies);
 
         $user = $this->config->getUser("myuser");
 

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,10 @@ class Config`
`21`	`21`	`* @var string`
`22`	`22`	`*/`
`23`	`23`	`public $nsupdateOptions = "";`
	`24`	`+ /**`
	`25`	`+ * @var string[]`
	`26`	`+ */`
	`27`	`+ public $trustedProxies = [];`
`24`	`28`
`25`	`29`	`/**`
`26`	`30`	`* @param string $username`
`@@ -45,8 +49,19 @@ public function setUsers(array $users)`
`45`	`49`	`}`
`46`	`50`	`}`
`47`	`51`
	`52`	`+ /**`
	`53`	`+ * @param string $options`
	`54`	`+ */`
`48`	`55`	`public function setNsupdateOptions(string $options)`
`49`	`56`	`{`
`50`	`57`	`$this->nsupdateOptions = $options;`
`51`	`58`	`}`
	`59`	`+`
	`60`	`+ /**`
	`61`	`+ * @param string[] $ips`
	`62`	`+ */`
	`63`	`+ public function setTrustedProxies(array $ips)`
	`64`	`+ {`
	`65`	`+ $this->trustedProxies = $ips;`
	`66`	`+ }`
`52`	`67`	`}`