extract real ip address when behind a load balancer (#68)

controller/enable.go

@@ -16,7 +16,6 @@ import (
 	sdk_config "github.com/openziti/sdk-golang/ziti/config"
 	"github.com/openziti/sdk-golang/ziti/enroll"
 	"github.com/sirupsen/logrus"
-	"strings"
 	"time"
 )
 
@@ -29,6 +28,8 @@ func newEnableHandler(cfg *Config) *enableHandler {
 }
 
 func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	logrus.Infof("headers = %v", params.HTTPRequest.Header)
+
 	// start transaction early; if it fails, don't bother creating ziti resources
 	tx, err := str.Begin()
 	if err != nil {
@@ -55,13 +56,10 @@ func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_
 		logrus.Error(err)
 		return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
-
-	addrTokens := strings.Split(params.HTTPRequest.RemoteAddr, ":")
-	addr := addrTokens[0]
 	envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{
 		Description:    params.Body.Description,
 		Host:           params.Body.Host,
-		Address:        addr,
+		Address:        realRemoteAddress(params.HTTPRequest),
 		ZitiIdentityId: ident.Payload.Data.ID,
 	}, tx)
 	if err != nil {

controller/util.go

@@ -11,6 +11,8 @@ import (
 	"github.com/openziti/edge/rest_management_api_client"
 	"github.com/openziti/edge/rest_util"
 	"github.com/pkg/errors"
+	"net/http"
+	"strings"
 )
 
 func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
@@ -60,3 +62,17 @@ func hashPassword(raw string) string {
 	hash.Write([]byte(raw))
 	return hex.EncodeToString(hash.Sum(nil))
 }
+
+func realRemoteAddress(req *http.Request) string {
+	ip := strings.Split(req.RemoteAddr, ":")[0]
+	fwdAddress := req.Header.Get("X-Forwarded-For")
+	if fwdAddress != "" {
+		ip = fwdAddress
+
+		ips := strings.Split(fwdAddress, ", ")
+		if len(ips) > 1 {
+			ip = ips[0]
+		}
+	}
+	return ip
+}