From 1428877c379e21481c31114cf39df2c0c14d874f Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 11 Oct 2022 16:57:37 +0800 Subject: log real ip of requests from ssh (#21216) Partially fix #21213. This PR will get client IP address from SSH_CONNECTION env which should be the first field of that. And deliver it to the internal API so Gitea routers could record the real IP from SSH requests. Co-authored-by: wxiaoguang Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath --- modules/private/internal.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'modules/private/internal.go') diff --git a/modules/private/internal.go b/modules/private/internal.go index 2ea516ba80..21e5c9a279 100644 --- a/modules/private/internal.go +++ b/modules/private/internal.go @@ -10,6 +10,8 @@ import ( "fmt" "net" "net/http" + "os" + "strings" "code.gitea.io/gitea/modules/httplib" "code.gitea.io/gitea/modules/json" @@ -18,13 +20,14 @@ import ( "code.gitea.io/gitea/modules/setting" ) -func newRequest(ctx context.Context, url, method string) *httplib.Request { +func newRequest(ctx context.Context, url, method, sourceIP string) *httplib.Request { if setting.InternalToken == "" { log.Fatal(`The INTERNAL_TOKEN setting is missing from the configuration file: %q. Ensure you are running in the correct environment or set the correct configuration file with -c.`, setting.CustomConf) } return httplib.NewRequest(url, method). SetContext(ctx). + Header("X-Real-IP", sourceIP). Header("Authorization", fmt.Sprintf("Bearer %s", setting.InternalToken)) } @@ -42,8 +45,16 @@ func decodeJSONError(resp *http.Response) *Response { return &res } +func getClientIP() string { + sshConnEnv := strings.TrimSpace(os.Getenv("SSH_CONNECTION")) + if len(sshConnEnv) == 0 { + return "127.0.0.1" + } + return strings.Fields(sshConnEnv)[0] +} + func newInternalRequest(ctx context.Context, url, method string) *httplib.Request { - req := newRequest(ctx, url, method).SetTLSClientConfig(&tls.Config{ + req := newRequest(ctx, url, method, getClientIP()).SetTLSClientConfig(&tls.Config{ InsecureSkipVerify: true, ServerName: setting.Domain, }) -- cgit v1.2.3