-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor remote address/X-Forwarded-For handling
- Loading branch information
1 parent
4475d65
commit 2ab14ca
Showing
22 changed files
with
600 additions
and
147 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
service/src/main/java/org/whispersystems/textsecuregcm/filters/RemoteAddressFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
/* | ||
* Copyright 2024 Signal Messenger, LLC | ||
* SPDX-License-Identifier: AGPL-3.0-only | ||
*/ | ||
|
||
package org.whispersystems.textsecuregcm.filters; | ||
|
||
import javax.servlet.Filter; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.ServletRequest; | ||
import javax.servlet.ServletResponse; | ||
import javax.servlet.http.HttpServletRequest; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.whispersystems.textsecuregcm.util.HeaderUtils; | ||
import org.whispersystems.textsecuregcm.util.HttpServletRequestUtil; | ||
import java.io.IOException; | ||
|
||
/** | ||
* Sets a {@link HttpServletRequest} attribute (that will also be available as a | ||
* {@link javax.ws.rs.container.ContainerRequestContext} property) with the remote address of the connection, using | ||
* either the {@link HttpServletRequest#getRemoteAddr()} or the {@code X-Forwarded-For} HTTP header value, depending on | ||
* whether {@link #preferRemoteAddress} is {@code true}. | ||
*/ | ||
public class RemoteAddressFilter implements Filter { | ||
|
||
public static final String REMOTE_ADDRESS_ATTRIBUTE_NAME = RemoteAddressFilter.class.getName() + ".remoteAddress"; | ||
private static final Logger logger = LoggerFactory.getLogger(RemoteAddressFilter.class); | ||
|
||
private final boolean preferRemoteAddress; | ||
|
||
|
||
public RemoteAddressFilter(boolean preferRemoteAddress) { | ||
this.preferRemoteAddress = preferRemoteAddress; | ||
} | ||
|
||
@Override | ||
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) | ||
throws ServletException, IOException { | ||
|
||
if (request instanceof HttpServletRequest httpServletRequest) { | ||
|
||
final String remoteAddress; | ||
|
||
if (preferRemoteAddress) { | ||
remoteAddress = HttpServletRequestUtil.getRemoteAddress(httpServletRequest); | ||
} else { | ||
final String forwardedFor = httpServletRequest.getHeader(com.google.common.net.HttpHeaders.X_FORWARDED_FOR); | ||
remoteAddress = HeaderUtils.getMostRecentProxy(forwardedFor) | ||
.orElseGet(() -> HttpServletRequestUtil.getRemoteAddress(httpServletRequest)); | ||
} | ||
|
||
request.setAttribute(REMOTE_ADDRESS_ATTRIBUTE_NAME, remoteAddress); | ||
|
||
} else { | ||
logger.warn("request was of unexpected type: {}", request.getClass()); | ||
} | ||
|
||
chain.doFilter(request, response); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.