MCPcopy
hub / github.com/gofiber/fiber / isTrustedProxyIP

Method isTrustedProxyIP

req.go:710–753  ·  view source on GitHub ↗

isTrustedProxyIP checks whether the given IP string matches any configured trusted proxy.

(ipStr string)

Source from the content-addressed store, hash-verified

708
709// isTrustedProxyIP checks whether the given IP string matches any configured trusted proxy.
710func (r *DefaultReq) isTrustedProxyIP(ipStr string) bool {
711 cfg := r.c.app.config.TrustProxyConfig
712
713 ip, err := netip.ParseAddr(ipStr)
714 if err != nil {
715 return false
716 }
717
718 if cfg.Loopback && ip.IsLoopback() {
719 return true
720 }
721 if cfg.Private && ip.IsPrivate() {
722 return true
723 }
724 if cfg.LinkLocal && ip.IsLinkLocalUnicast() {
725 return true
726 }
727
728 var canonicalIP [net.IPv6len * 3]byte
729 if _, trusted := cfg.ips[utils.UnsafeString(ip.AppendTo(canonicalIP[:0]))]; trusted {
730 return true
731 }
732 if len(cfg.ranges) == 0 {
733 return false
734 }
735
736 if ip.Is4() {
737 ipv4 := ip.As4()
738 for _, ipNet := range cfg.ranges {
739 if ipNet.Contains(ipv4[:]) {
740 return true
741 }
742 }
743 return false
744 }
745
746 ipv6 := ip.As16()
747 for _, ipNet := range cfg.ranges {
748 if ipNet.Contains(ipv6[:]) {
749 return true
750 }
751 }
752 return false
753}
754
755// IPs returns a string slice of IP addresses specified in the X-Forwarded-For request header.
756// When IP validation is enabled, only valid IPs are returned.

Callers 1

extractIPFromHeaderMethod · 0.95

Calls 1

ContainsMethod · 0.80

Tested by

no test coverage detected