Merge branch 'remote-ip' into 'develop'

Add `remote_ip` plug See merge request pleroma/pleroma!1608
author: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2019-09-27 21:59:23 +0000
committer: Haelwenn <contact+git.pleroma.social@hacktivis.me> 2019-09-27 21:59:23 +0000
commit: 705ea1b975779180c15d7b32d22f7fb9a11b2ed9 (patch)
tree: 5bb67874c8b34ad13f25055938826475f38e2301 /lib
parent: 92d08d4113c4de09cd8d736ed1a0349745866eef (diff)
parent: f9380289eb251c818e87e8f0ad0a41fc8bdd90aa (diff)
download: pleroma-705ea1b975779180c15d7b32d22f7fb9a11b2ed9.tar.gz
2 files changed, 55 insertions, 4 deletions
diff --git a/lib/pleroma/plugs/remote_ip.ex b/lib/pleroma/plugs/remote_ip.ex
new file mode 100644
index 000000000..fdedc27ee
--- /dev/null
+++ b/lib/pleroma/plugs/remote_ip.ex
@@ -0,0 +1,54 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.RemoteIp do
+  @moduledoc """
+  This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+  """
+
+  @behaviour Plug
+
+  @headers ~w[
+    forwarded
+    x-forwarded-for
+    x-client-ip
+    x-real-ip
+  ]
+
+  # https://en.wikipedia.org/wiki/Localhost
+  # https://en.wikipedia.org/wiki/Private_network
+  @reserved ~w[
+    127.0.0.0/8
+    ::1/128
+    fc00::/7
+    10.0.0.0/8
+    172.16.0.0/12
+    192.168.0.0/16
+  ]
+
+  def init(_), do: nil
+
+  def call(conn, _) do
+    config = Pleroma.Config.get(__MODULE__, [])
+
+    if Keyword.get(config, :enabled, false) do
+      RemoteIp.call(conn, remote_ip_opts(config))
+    else
+      conn
+    end
+  end
+
+  defp remote_ip_opts(config) do
+    headers = config |> Keyword.get(:headers, @headers) |> MapSet.new()
+    reserved = Keyword.get(config, :reserved, @reserved)
+
+    proxies =
+      config
+      |> Keyword.get(:proxies, [])
+      |> Enum.concat(reserved)
+      |> Enum.map(&InetCidr.parse/1)
+
+    {headers, proxies}
+  end
+end
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index eb805e853..2212e93f4 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -97,10 +97,7 @@ defmodule Pleroma.Web.Endpoint do
     extra: extra
   )
 
-  # Note: the plug and its configuration is compile-time this can't be upstreamed yet
-  if proxies = Pleroma.Config.get([__MODULE__, :reverse_proxies]) do
-    plug(RemoteIp, proxies: proxies)
-  end
+  plug(Pleroma.Plugs.RemoteIp)
 
   defmodule Instrumenter do
     use Prometheus.PhoenixInstrumenter
author	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2019-09-27 21:59:23 +0000
committer	Haelwenn <contact+git.pleroma.social@hacktivis.me>	2019-09-27 21:59:23 +0000
commit	705ea1b975779180c15d7b32d22f7fb9a11b2ed9 (patch)
tree	5bb67874c8b34ad13f25055938826475f38e2301 /lib
parent	92d08d4113c4de09cd8d736ed1a0349745866eef (diff)
parent	f9380289eb251c818e87e8f0ad0a41fc8bdd90aa (diff)
download	pleroma-705ea1b975779180c15d7b32d22f7fb9a11b2ed9.tar.gz