From ffa01ba58618d54ce3e825132ebffbdbdf6946fc Mon Sep 17 00:00:00 2001
From: Jonathan Cremin <jonathan@crem.in>
Date: Sun, 7 Aug 2016 20:41:21 +0100
Subject: [PATCH] Use the right header for remote IPs

---
 api/lib/auth.js    | 2 +-
 api/routes/pro.js  | 2 +-
 lib/uploader.js    | 2 +-
 web/lib/auth.js    | 2 +-
 web/routes/user.js | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/api/lib/auth.js b/api/lib/auth.js
index 5fead69..034d0e1 100644
--- a/api/lib/auth.js
+++ b/api/lib/auth.js
@@ -8,7 +8,7 @@ const badLoginMsg = '{"error": {"message": "Incorrect login details.", "code": 6
 
 export default function* (next) {
   let user = false;
-  const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress;
+  const remoteIp = this.req.headers['x-forwarded-for'] || this.req.connection.remoteAddress;
   const login = yield models.login.create({
     ip: remoteIp,
     successful: false,
diff --git a/api/routes/pro.js b/api/routes/pro.js
index 5fadcd8..8387332 100644
--- a/api/routes/pro.js
+++ b/api/routes/pro.js
@@ -14,7 +14,7 @@ const fromname = process.env.EMAIL_NAME;
 export function* create() {
   const stripeToken = this.request.body.stripeToken;
 
-  const ip = this.request.headers['x-real-ip'] || this.req.connection.remoteAddress;
+  const ip = this.request.headers['x-forwarded-for'] || this.req.connection.remoteAddress;
 
   const createCustomer = {
     card: stripeToken.id,
diff --git a/lib/uploader.js b/lib/uploader.js
index 7b8fd0b..1ebb767 100644
--- a/lib/uploader.js
+++ b/lib/uploader.js
@@ -24,7 +24,7 @@ export default class Uploader {
     this.context = context;
     this.expectedSize = context.request.headers['content-length'];
     this.tempGuid = context.request.headers['hostr-guid'];
-    this.remoteIp = context.request.headers['x-real-ip'] || context.req.connection.remoteAddress;
+    this.remoteIp = context.request.headers['x-forwarded-for'] || context.req.connection.remoteAddress;
     this.md5sum = crypto.createHash('md5');
 
     this.lastPercent = 0;
diff --git a/web/lib/auth.js b/web/lib/auth.js
index 66cfe01..5c79579 100644
--- a/web/lib/auth.js
+++ b/web/lib/auth.js
@@ -14,7 +14,7 @@ const from = process.env.EMAIL_FROM;
 const fromname = process.env.EMAIL_NAME;
 
 export function* authenticate(email, password) {
-  const remoteIp = this.headers['x-real-ip'] || this.ip;
+  const remoteIp = this.headers['x-forwarded-for'] || this.ip;
 
   if (!password || password.length < 6) {
     debug('No password, or password too short');
diff --git a/web/routes/user.js b/web/routes/user.js
index 35cd59a..dc422af 100644
--- a/web/routes/user.js
+++ b/web/routes/user.js
@@ -52,7 +52,7 @@ export function* signup() {
       csrf: this.csrf });
     return;
   }
-  const ip = this.headers['x-real-ip'] || this.ip;
+  const ip = this.headers['x-forwarded-for'] || this.ip;
   const email = this.request.body.email;
   const password = this.request.body.password;
   try {