feat: support config.maxProxyCount to help get the real client ip (e…

…ggjs#3615)
ResearchMore · Apr 11, 2019 · d56b831 · d56b831
1 parent f0c1339
commit d56b831
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 3 deletions.
diff --git a/app/extend/request.js b/app/extend/request.js
@@ -91,6 +91,12 @@ module.exports = {
 
     const val = getFromHeaders(this, this.app.config.ipHeaders) || '';
     this[IPS] = val ? val.split(/\s*,\s*/) : [];
+
+    if (this.app.config.maxProxyCount > 0) {
+      // if maxProxyCount present, only keep `maxProxyCount + 1` ips
+      // [ illegalIp, clientRealIp, proxyIp1, proxyIp2 ...]
+      this[IPS] = this[IPS].slice(-(this.app.config.maxProxyCount + 1));
+    }
     return this[IPS];
   },
 

diff --git a/config/config.default.js b/config/config.default.js
@@ -47,6 +47,16 @@ module.exports = appInfo => {
      */
     proxy: false,
 
+    /**
+     * How many proxies the application deployed behind
+     * framework use this to get the clients' real ips
+     * `0` means not limited, for most common usage, it should be `1`
+     * @member {Integer} Config#maxProxyCount
+     * @default
+     * @since 1.19.0
+     */
+    maxProxyCount: 0,
+
     /**
      * Detect request's protocol from specified headers, not case-sensitive.
      * Only worked when config.proxy set to true.

diff --git a/test/app/extend/request.test.js b/test/app/extend/request.test.js
@@ -76,12 +76,26 @@ describe('test/app/extend/request.test.js', () => {
         assert(req.ip === '127.0.0.1');
         assert(req.ip === '127.0.0.1');
       });
+
+      it('should work with proxy', () => {
+        mm(req.socket, 'remoteAddress', '::ffff:127.0.0.1');
+        mm(req.header, 'x-forwarded-for', '127.0.0.1, 127.0.0.2, 127.0.0.3');
+        mm(app.config, 'proxy', true);
+        mm(app.config, 'maxProxyCount', 1);
+        assert(req.ip === '127.0.0.2');
+      });
     });
 
     describe('req.ips', () => {
-      it('should used x-forwarded-for', function* () {
-        mm(req.header, 'x-forwarded-for', '127.0.0.1,127.0.0.2');
-        assert.deepEqual(req.ips, [ '127.0.0.1', '127.0.0.2' ]);
+      it('should used x-forwarded-for', () => {
+        mm(req.header, 'x-forwarded-for', '127.0.0.1,127.0.0.2,127.0.0.3');
+        assert.deepEqual(req.ips, [ '127.0.0.1', '127.0.0.2', '127.0.0.3' ]);
+      });
+
+      it('should used work with maxProxyCount', () => {
+        mm(req.header, 'x-forwarded-for', '127.0.0.1,127.0.0.2,127.0.0.3');
+        mm(app.config, 'maxProxyCount', 1);
+        assert.deepEqual(req.ips, [ '127.0.0.2', '127.0.0.3' ]);
       });
 
       it('should used x-real-ip', function* () {