use x-forwarded-for to get client ip

2025-07-07 11:58:12 +02:00 · 2023-03-10 10:10:26 -05:00 · 2023-03-10 10:10:26 -05:00 · 9ba7ead459
commit 9ba7ead459
parent dda4a878bc
2 changed files with 17 additions and 1 deletions
--- a/authenticate/middleware.go
+++ b/authenticate/middleware.go
@ -1,6 +1,7 @@
 package authenticate

 import (
+	"context"
 	"net/http"
 	"net/url"

@ -61,7 +62,8 @@ func (a *Authenticate) logAuthenticateEvent(r *http.Request, profile *identity.P
 		log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
 	}

-	evt := log.Info(ctx).
+	evt := log.Info(context.Background()).
+		Str("ip", httputil.GetClientIP(r)).
 		Str("pomerium_version", params.Get(urlutil.QueryVersion)).
 		Str("pomerium_request_uuid", params.Get(urlutil.QueryRequestUUID)).
 		Str("pomerium_pub", pub.String())
--- a/internal/httputil/ip.go
+++ b/internal/httputil/ip.go
@ -0,0 +1,14 @@
+package httputil
+
+import (
+	"net/http"
+	"strings"
+)
+
+// GetClientIP returns the client IP address from the request.
+func GetClientIP(r *http.Request) string {
+	if clientIP := r.Header.Get("X-Forwarded-For"); clientIP != "" {
+		return strings.Split(clientIP, ",")[0]
+	}
+	return strings.Split(r.RemoteAddr, ":")[0]
+}