From ffa01ba58618d54ce3e825132ebffbdbdf6946fc Mon Sep 17 00:00:00 2001 From: Jonathan Cremin Date: Sun, 7 Aug 2016 20:41:21 +0100 Subject: [PATCH] Use the right header for remote IPs --- api/lib/auth.js | 2 +- api/routes/pro.js | 2 +- lib/uploader.js | 2 +- web/lib/auth.js | 2 +- web/routes/user.js | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/api/lib/auth.js b/api/lib/auth.js index 5fead69..034d0e1 100644 --- a/api/lib/auth.js +++ b/api/lib/auth.js @@ -8,7 +8,7 @@ const badLoginMsg = '{"error": {"message": "Incorrect login details.", "code": 6 export default function* (next) { let user = false; - const remoteIp = this.req.headers['x-real-ip'] || this.req.connection.remoteAddress; + const remoteIp = this.req.headers['x-forwarded-for'] || this.req.connection.remoteAddress; const login = yield models.login.create({ ip: remoteIp, successful: false, diff --git a/api/routes/pro.js b/api/routes/pro.js index 5fadcd8..8387332 100644 --- a/api/routes/pro.js +++ b/api/routes/pro.js @@ -14,7 +14,7 @@ const fromname = process.env.EMAIL_NAME; export function* create() { const stripeToken = this.request.body.stripeToken; - const ip = this.request.headers['x-real-ip'] || this.req.connection.remoteAddress; + const ip = this.request.headers['x-forwarded-for'] || this.req.connection.remoteAddress; const createCustomer = { card: stripeToken.id, diff --git a/lib/uploader.js b/lib/uploader.js index 7b8fd0b..1ebb767 100644 --- a/lib/uploader.js +++ b/lib/uploader.js @@ -24,7 +24,7 @@ export default class Uploader { this.context = context; this.expectedSize = context.request.headers['content-length']; this.tempGuid = context.request.headers['hostr-guid']; - this.remoteIp = context.request.headers['x-real-ip'] || context.req.connection.remoteAddress; + this.remoteIp = context.request.headers['x-forwarded-for'] || context.req.connection.remoteAddress; this.md5sum = crypto.createHash('md5'); this.lastPercent = 0; diff --git a/web/lib/auth.js b/web/lib/auth.js index 66cfe01..5c79579 100644 --- a/web/lib/auth.js +++ b/web/lib/auth.js @@ -14,7 +14,7 @@ const from = process.env.EMAIL_FROM; const fromname = process.env.EMAIL_NAME; export function* authenticate(email, password) { - const remoteIp = this.headers['x-real-ip'] || this.ip; + const remoteIp = this.headers['x-forwarded-for'] || this.ip; if (!password || password.length < 6) { debug('No password, or password too short'); diff --git a/web/routes/user.js b/web/routes/user.js index 35cd59a..dc422af 100644 --- a/web/routes/user.js +++ b/web/routes/user.js @@ -52,7 +52,7 @@ export function* signup() { csrf: this.csrf }); return; } - const ip = this.headers['x-real-ip'] || this.ip; + const ip = this.headers['x-forwarded-for'] || this.ip; const email = this.request.body.email; const password = this.request.body.password; try {