2 files changed, 55 insertions, 4 deletions

diff --git a/lib/pleroma/plugs/remote_ip.ex b/lib/pleroma/plugs/remote_ip.ex
new file mode 100644
index 000000000..fdedc27ee
--- /dev/null
+++ b/lib/pleroma/plugs/remote_ip.ex
@@ -0,0 +1,54 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Plugs.RemoteIp do
+  @moduledoc """
+  This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+  """
+
+  @behaviour Plug
+
+  @headers ~w[
+    forwarded
+    x-forwarded-for
+    x-client-ip
+    x-real-ip
+  ]
+
+  # https://en.wikipedia.org/wiki/Localhost
+  # https://en.wikipedia.org/wiki/Private_network
+  @reserved ~w[
+    127.0.0.0/8
+    ::1/128
+    fc00::/7
+    10.0.0.0/8
+    172.16.0.0/12
+    192.168.0.0/16
+  ]
+
+  def init(_), do: nil
+
+  def call(conn, _) do
+    config = Pleroma.Config.get(__MODULE__, [])
+
+    if Keyword.get(config, :enabled, false) do
+      RemoteIp.call(conn, remote_ip_opts(config))
+    else
+      conn
+    end
+  end
+
+  defp remote_ip_opts(config) do
+    headers = config |> Keyword.get(:headers, @headers) |> MapSet.new()
+    reserved = Keyword.get(config, :reserved, @reserved)
+
+    proxies =
+      config
+      |> Keyword.get(:proxies, [])
+      |> Enum.concat(reserved)
+      |> Enum.map(&InetCidr.parse/1)
+
+    {headers, proxies}
+  end
+end
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index eb805e853..2212e93f4 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -97,10 +97,7 @@ defmodule Pleroma.Web.Endpoint do
     extra: extra
   )
 
-  # Note: the plug and its configuration is compile-time this can't be upstreamed yet
-  if proxies = Pleroma.Config.get([__MODULE__, :reverse_proxies]) do
-    plug(RemoteIp, proxies: proxies)
-  end
+  plug(Pleroma.Plugs.RemoteIp)
 
   defmodule Instrumenter do
     use Prometheus.PhoenixInstrumenter