docs: update clientIp description (#796)

chaoranz758 · web-flow · commit 766b67383003 · 2023-09-28T15:45:04.000+08:00
diff --git a/content/en/docs/hertz/tutorials/basic-feature/context/request.md b/content/en/docs/hertz/tutorials/basic-feature/context/request.md
@@ -1330,6 +1330,8 @@ func (ctx *RequestContext) SetClientIPFunc(f ClientIP)
 
 Obtain the address of the client IP.
 
+The default behavior of this function: If there is an ip in the `X-Forwarded-For` or `X-Real-IP` headers, read the ip from these two headers and return it (priority `X-Forwarded-For` greater than `X-Real-IP`), otherwise return remote address.
+
 Function Signature:
 
 ```go
@@ -1339,16 +1341,20 @@ func (ctx *RequestContext) ClientIP() string
 Example Code:
 
 ```go
+// X-Forwarded-For: 20.20.20.20, 30.30.30.30
+// X-Real-IP: 10.10.10.10
 h.Use(func(c context.Context, ctx *app.RequestContext) {
-    ip := ctx.ClientIP() // example: 127.0.0.1
+    ip := ctx.ClientIP() // 20.20.20.20
 })
 ```
 
 ### SetClientIPFunc
 
 If the default method provided by the [ClientIP](#clientip) function does not meet the requirements, users can use this function to customize the way to obtain the client ip.
 
-This function can be used in scenarios where you want to obtain an ip from the `X-Forwarded-For` or `X-Real-IP` header even if a remote ip exists (multiple proxies, want to obtain the initial ip from the `X-Forwarded-For` or `X-Real-IP` header).
+Users can implement custom functions themselves or by setting `app.ClientIPOptions`.
+
+> Note: When setting `app.ClientIPOptions`, `TrustedCIDRs` requires user customization(if not set, fixed return to remote address), representing trusted routes. If the remote address is within the trusted routing range, it will choose to obtain the ip from `RemoteIPHeaders`, otherwise it will return the remote address.
 
 Function Signature:
 
@@ -1360,18 +1366,24 @@ Example Code:
 
 ```go
 // POST http://example.com/user
-// X-Forwarded-For: 203.0.113.195
+// X-Forwarded-For: 30.30.30.30
 h.POST("/user", func(c context.Context, ctx *app.RequestContext) {
-    ip := ctx.ClientIP() // ip == "127.0.0.1"
-
-    opts := app.ClientIPOptions{
-        RemoteIPHeaders: []string{"X-Forwarded-For", "X-Real-IP"},
-        TrustedProxies:  map[string]bool{ip: true},
-    }
-    ctx.SetClientIPFunc(app.ClientIPWithOption(opts))
-
-    ip = ctx.ClientIP() // ip == "203.0.113.195"
-    ctx.String(consts.StatusOK, ip)
+    // method 1
+    customClientIPFunc := func(ctx *app.RequestContext) string {
+			return "127.0.0.1"
+	}
+	ctx.SetClientIPFunc(customClientIPFunc)
+	ip := ctx.ClientIP() // ip == "127.0.0.1"
+
+    // method 2
+    _, cidr, _ := net.ParseCIDR("127.0.0.1/32")
+	opts := app.ClientIPOptions{
+		RemoteIPHeaders: []string{"X-Forwarded-For", "X-Real-IP"},
+		TrustedCIDRs:    []*net.IPNet{cidr},
+	}
+	ctx.SetClientIPFunc(app.ClientIPWithOption(opts))
+
+	ip = ctx.ClientIP() // ip == "30.30.30.30"
 })
 ```
 
diff --git a/content/zh/docs/hertz/tutorials/basic-feature/context/request.md b/content/zh/docs/hertz/tutorials/basic-feature/context/request.md
@@ -1330,6 +1330,8 @@ func (ctx *RequestContext) SetClientIPFunc(f ClientIP)
 
 获取客户端 IP 的地址。
 
+该函数的默认行为：若 `X-Forwarded-For` 或 `X-Real-IP` Header 中存在 ip，则从这两个 Header 中读 ip 并返回（优先级 `X-Forwarded-For` 大于 `X-Real-IP`），否则返回 remote address。
+
 函数签名:
 
 ```go
@@ -1339,16 +1341,20 @@ func (ctx *RequestContext) ClientIP() string
 示例:
 
 ```go
+// X-Forwarded-For: 20.20.20.20, 30.30.30.30
+// X-Real-IP: 10.10.10.10
 h.Use(func(c context.Context, ctx *app.RequestContext) {
-    ip := ctx.ClientIP() // example: 127.0.0.1
+    ip := ctx.ClientIP() // 20.20.20.20
 })
 ```
 
 ### SetClientIPFunc
 
 若 [ClientIP](#clientip) 函数提供的默认方式不满足需求，用户可以使用该函数自定义获取客户端 ip 的方式。
 
-该函数可用于即使 remote ip 存在，也希望从 `X-Forwarded-For` 或 `X-Real-IP` Header 获取 ip 的场景（多重代理，想从 `X-Forwarded-For` 或 `X-Real-IP` Header 获得最初的 ip）。
+用户可以自己实现自定义函数，也可以通过设置 `app.ClientIPOptions` 实现。
+
+> 注意：在设置 `app.ClientIPOptions` 时，`TrustedCIDRs` 需用户自定义（若不设置则固定返回 remote address），代表可信任的路由。若 remote address 位于可信任的路由范围内，则会选择从 `RemoteIPHeaders` 中获取 ip，否则返回 remote address。
 
 函数签名:
 
@@ -1360,18 +1366,24 @@ func (ctx *RequestContext) SetClientIPFunc(f ClientIP)
 
 ```go
 // POST http://example.com/user
-// X-Forwarded-For: 203.0.113.195
+// X-Forwarded-For: 30.30.30.30
 h.POST("/user", func(c context.Context, ctx *app.RequestContext) {
-    ip := ctx.ClientIP() // ip == "127.0.0.1"
-
-    opts := app.ClientIPOptions{
-        RemoteIPHeaders: []string{"X-Forwarded-For", "X-Real-IP"},
-        TrustedProxies:  map[string]bool{ip: true},
-    }
-    ctx.SetClientIPFunc(app.ClientIPWithOption(opts))
-
-    ip = ctx.ClientIP() // ip == "203.0.113.195"
-    ctx.String(consts.StatusOK, ip)
+    // method 1
+    customClientIPFunc := func(ctx *app.RequestContext) string {
+			return "127.0.0.1"
+	}
+	ctx.SetClientIPFunc(customClientIPFunc)
+	ip := ctx.ClientIP() // ip == "127.0.0.1"
+
+    // method 2
+    _, cidr, _ := net.ParseCIDR("127.0.0.1/32")
+	opts := app.ClientIPOptions{
+		RemoteIPHeaders: []string{"X-Forwarded-For", "X-Real-IP"},
+		TrustedCIDRs:    []*net.IPNet{cidr},
+	}
+	ctx.SetClientIPFunc(app.ClientIPWithOption(opts))
+
+	ip = ctx.ClientIP() // ip == "30.30.30.30"
 })
 ```
 
