From 4d015eb7be51162c404d760c623d1e56101af888 Mon Sep 17 00:00:00 2001
From: eikendev <raphael@eiken.dev>
Date: Sun, 24 Apr 2022 18:11:10 +0200
Subject: [PATCH] Add support for setting trusted proxies

---
 cmd/pushbits/main.go                    |  5 ++++-
 config.example.yml                      |  3 +++
 internal/configuration/configuration.go |  5 +++--
 internal/router/router.go               | 14 ++++++++++++--
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/cmd/pushbits/main.go b/cmd/pushbits/main.go
index 6d3f4ee..605f69e 100644
--- a/cmd/pushbits/main.go
+++ b/cmd/pushbits/main.go
@@ -82,7 +82,10 @@ func main() {
 		log.L.Fatal(err)
 	}
 
-	engine := router.Create(c.Debug, cm, db, dp)
+	engine, err := router.Create(c.Debug, c.HTTP.TrustedProxies, cm, db, dp)
+	if err != nil {
+		log.L.Fatal(err)
+	}
 
 	err = runner.Run(engine, c.HTTP.ListenAddress, c.HTTP.Port)
 	if err != nil {
diff --git a/config.example.yml b/config.example.yml
index 34457c5..72e2c38 100644
--- a/config.example.yml
+++ b/config.example.yml
@@ -13,6 +13,9 @@ http:
     # The port to listen on.
     port: 8080
 
+    # What proxies to trust.
+    trustedproxies: []
+
 database:
     # Currently sqlite3 and mysql are supported.
     dialect: 'sqlite3'
diff --git a/internal/configuration/configuration.go b/internal/configuration/configuration.go
index 5da3653..e339136 100644
--- a/internal/configuration/configuration.go
+++ b/internal/configuration/configuration.go
@@ -37,8 +37,9 @@ type Matrix struct {
 type Configuration struct {
 	Debug bool `default:"false"`
 	HTTP  struct {
-		ListenAddress string `default:""`
-		Port          int    `default:"8080"`
+		ListenAddress  string   `default:""`
+		Port           int      `default:"8080"`
+		TrustedProxies []string `default:"[]"`
 	}
 	Database struct {
 		Dialect    string `default:"sqlite3"`
diff --git a/internal/router/router.go b/internal/router/router.go
index 29a156c..331e0fd 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -13,7 +13,7 @@ import (
 )
 
 // Create a Gin engine and setup all routes.
-func Create(debug bool, cm *credentials.Manager, db *database.Database, dp *dispatcher.Dispatcher) *gin.Engine {
+func Create(debug bool, trustedProxies []string, cm *credentials.Manager, db *database.Database, dp *dispatcher.Dispatcher) (*gin.Engine, error) {
 	log.L.Println("Setting up HTTP routes.")
 
 	if !debug {
@@ -30,6 +30,16 @@ func Create(debug bool, cm *credentials.Manager, db *database.Database, dp *disp
 	r := gin.New()
 	r.Use(log.GinLogger(log.L), gin.Recovery())
 
+	var err error
+	if len(trustedProxies) > 0 {
+		err = r.SetTrustedProxies(trustedProxies)
+	} else {
+		err = r.SetTrustedProxies(nil)
+	}
+	if err != nil {
+		return nil, err
+	}
+
 	r.Use(location.Default())
 
 	applicationGroup := r.Group("/application")
@@ -59,5 +69,5 @@ func Create(debug bool, cm *credentials.Manager, db *database.Database, dp *disp
 		userGroup.PUT("/:id", api.RequireIDInURI(), userHandler.UpdateUser)
 	}
 
-	return r
+	return r, nil
 }