MCPcopy
hub / github.com/gofiber/fiber / IsProxyTrusted

Method IsProxyTrusted

req.go:1200–1239  ·  view source on GitHub ↗

IsProxyTrusted checks trustworthiness of remote ip. If Config.TrustProxy false, it returns false. IsProxyTrusted can check remote ip by proxy ranges and ip map.

()

Source from the content-addressed store, hash-verified

1198// If Config.TrustProxy false, it returns false.
1199// IsProxyTrusted can check remote ip by proxy ranges and ip map.
1200func (r *DefaultReq) IsProxyTrusted() bool {
1201 config := r.c.app.config
1202 if !config.TrustProxy {
1203 return false
1204 }
1205
1206 remoteAddr := r.c.fasthttp.RemoteAddr()
1207 switch remoteAddr.(type) {
1208 case *net.UnixAddr:
1209 return config.TrustProxyConfig.UnixSocket
1210 case *net.TCPAddr, *net.UDPAddr:
1211 // Keep existing RemoteIP/IP-map/CIDR checks for TCP/UDP paths as-is.
1212 default:
1213 // Unknown address type: do not trust by default.
1214 return false
1215 }
1216
1217 ip := r.c.fasthttp.RemoteIP()
1218 if ip == nil {
1219 return false
1220 }
1221
1222 if (config.TrustProxyConfig.Loopback && ip.IsLoopback()) ||
1223 (config.TrustProxyConfig.Private && ip.IsPrivate()) ||
1224 (config.TrustProxyConfig.LinkLocal && ip.IsLinkLocalUnicast()) {
1225 return true
1226 }
1227
1228 if _, trusted := config.TrustProxyConfig.ips[ip.String()]; trusted {
1229 return true
1230 }
1231
1232 for _, ipNet := range config.TrustProxyConfig.ranges {
1233 if ipNet.Contains(ip) {
1234 return true
1235 }
1236 }
1237
1238 return false
1239}
1240
1241// IsFromLocal will return true if request came from a loopback IP.
1242func (r *DefaultReq) IsFromLocal() bool {

Callers 3

HostMethod · 0.95
IPMethod · 0.95
SchemeMethod · 0.95

Calls 3

RemoteAddrMethod · 0.80
ContainsMethod · 0.80
StringMethod · 0.65

Tested by

no test coverage detected