2021-02-03 16:09:17 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-06-27 15:43:28 -04:00
|
|
|
# Override Rack::Request to make use of the same list of trusted_proxies
|
|
|
|
# as the ActionDispatch::Request object. This is necessary for libraries
|
|
|
|
# like rack_attack where they don't use ActionDispatch, and we want them
|
|
|
|
# to block/throttle requests on private networks.
|
2017-08-15 13:44:37 -04:00
|
|
|
# Rack Attack specific issue: https://github.com/kickstarter/rack-attack/issues/145
|
2016-06-27 15:43:28 -04:00
|
|
|
module Rack
|
|
|
|
class Request
|
|
|
|
def trusted_proxy?(ip)
|
|
|
|
Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
|
2016-07-31 15:36:11 -04:00
|
|
|
rescue IPAddr::InvalidAddressError
|
|
|
|
false
|
2016-06-27 15:43:28 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-07-24 00:01:23 -04:00
|
|
|
gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
|
2019-03-13 09:42:43 -04:00
|
|
|
IPAddr.new(proxy)
|
2021-03-21 14:09:29 -04:00
|
|
|
rescue IPAddr::InvalidAddressError
|
2016-07-24 00:01:23 -04:00
|
|
|
end.compact
|
|
|
|
|
2016-04-28 15:05:45 -04:00
|
|
|
Rails.application.config.action_dispatch.trusted_proxies = (
|
2017-02-21 18:33:53 -05:00
|
|
|
['127.0.0.1', '::1'] + gitlab_trusted_proxies)
|
2018-05-03 05:14:20 -04:00
|
|
|
|
|
|
|
# A monkey patch to make trusted proxies work with Rails 5.0.
|
|
|
|
# Inspired by https://github.com/rails/rails/issues/5223#issuecomment-263778719
|
|
|
|
# Remove this monkey patch when upstream is fixed.
|
2018-12-07 13:15:06 -05:00
|
|
|
module TrustedProxyMonkeyPatch
|
|
|
|
def ip
|
|
|
|
@ip ||= (get_header("action_dispatch.remote_ip") || super).to_s
|
2018-05-03 05:14:20 -04:00
|
|
|
end
|
|
|
|
end
|
2018-12-07 13:15:06 -05:00
|
|
|
|
2021-01-05 13:10:25 -05:00
|
|
|
ActionDispatch::Request.include TrustedProxyMonkeyPatch
|