isTrustedProxyIP checks whether the given IP string matches any configured trusted proxy.
(ipStr string)
| 708 | |
| 709 | // isTrustedProxyIP checks whether the given IP string matches any configured trusted proxy. |
| 710 | func (r *DefaultReq) isTrustedProxyIP(ipStr string) bool { |
| 711 | cfg := r.c.app.config.TrustProxyConfig |
| 712 | |
| 713 | ip, err := netip.ParseAddr(ipStr) |
| 714 | if err != nil { |
| 715 | return false |
| 716 | } |
| 717 | |
| 718 | if cfg.Loopback && ip.IsLoopback() { |
| 719 | return true |
| 720 | } |
| 721 | if cfg.Private && ip.IsPrivate() { |
| 722 | return true |
| 723 | } |
| 724 | if cfg.LinkLocal && ip.IsLinkLocalUnicast() { |
| 725 | return true |
| 726 | } |
| 727 | |
| 728 | var canonicalIP [net.IPv6len * 3]byte |
| 729 | if _, trusted := cfg.ips[utils.UnsafeString(ip.AppendTo(canonicalIP[:0]))]; trusted { |
| 730 | return true |
| 731 | } |
| 732 | if len(cfg.ranges) == 0 { |
| 733 | return false |
| 734 | } |
| 735 | |
| 736 | if ip.Is4() { |
| 737 | ipv4 := ip.As4() |
| 738 | for _, ipNet := range cfg.ranges { |
| 739 | if ipNet.Contains(ipv4[:]) { |
| 740 | return true |
| 741 | } |
| 742 | } |
| 743 | return false |
| 744 | } |
| 745 | |
| 746 | ipv6 := ip.As16() |
| 747 | for _, ipNet := range cfg.ranges { |
| 748 | if ipNet.Contains(ipv6[:]) { |
| 749 | return true |
| 750 | } |
| 751 | } |
| 752 | return false |
| 753 | } |
| 754 | |
| 755 | // IPs returns a string slice of IP addresses specified in the X-Forwarded-For request header. |
| 756 | // When IP validation is enabled, only valid IPs are returned. |
no test coverage detected