2017-11-20 06:10:04 +01:00
|
|
|
package realip
|
|
|
|
|
|
|
|
import (
|
2017-12-16 20:25:18 +01:00
|
|
|
"errors"
|
2017-11-20 06:10:04 +01:00
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
|
|
|
)
|
|
|
|
|
|
|
|
var cidrs []*net.IPNet
|
|
|
|
|
|
|
|
func init() {
|
2017-12-16 20:25:18 +01:00
|
|
|
maxCidrBlocks := []string{
|
|
|
|
"127.0.0.1/8", // localhost
|
|
|
|
"10.0.0.0/8", // 24-bit block
|
|
|
|
"172.16.0.0/12", // 20-bit block
|
|
|
|
"192.168.0.0/16", // 16-bit block
|
|
|
|
"169.254.0.0/16", // link local address
|
|
|
|
"::1/128", // localhost IPv6
|
|
|
|
"fc00::/7", // unique local address IPv6
|
|
|
|
"fe80::/10", // link local address IPv6
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
cidrs = make([]*net.IPNet, len(maxCidrBlocks))
|
|
|
|
for i, maxCidrBlock := range maxCidrBlocks {
|
|
|
|
_, cidr, _ := net.ParseCIDR(maxCidrBlock)
|
|
|
|
cidrs[i] = cidr
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
// isLocalAddress works by checking if the address is under private CIDR blocks.
|
|
|
|
// List of private CIDR blocks can be seen on :
|
|
|
|
//
|
|
|
|
// https://en.wikipedia.org/wiki/Private_network
|
|
|
|
//
|
|
|
|
// https://en.wikipedia.org/wiki/Link-local_address
|
|
|
|
func isPrivateAddress(address string) (bool, error) {
|
|
|
|
ipAddress := net.ParseIP(address)
|
|
|
|
if ipAddress == nil {
|
|
|
|
return false, errors.New("address is not valid")
|
|
|
|
}
|
|
|
|
|
2017-11-20 06:10:04 +01:00
|
|
|
for i := range cidrs {
|
2017-12-16 20:25:18 +01:00
|
|
|
if cidrs[i].Contains(ipAddress) {
|
|
|
|
return true, nil
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
return false, nil
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
// FromRequest return client's real public IP address from http request headers.
|
|
|
|
func FromRequest(r *http.Request) string {
|
|
|
|
// Fetch header value
|
|
|
|
xRealIP := r.Header.Get("X-Real-Ip")
|
|
|
|
xForwardedFor := r.Header.Get("X-Forwarded-For")
|
2017-11-20 06:10:04 +01:00
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
// If both empty, return IP from remote address
|
|
|
|
if xRealIP == "" && xForwardedFor == "" {
|
|
|
|
var remoteIP string
|
|
|
|
|
|
|
|
// If there are colon in remote address, remove the port number
|
|
|
|
// otherwise, return remote address as is
|
|
|
|
if strings.ContainsRune(r.RemoteAddr, ':') {
|
|
|
|
remoteIP, _, _ = net.SplitHostPort(r.RemoteAddr)
|
|
|
|
} else {
|
|
|
|
remoteIP = r.RemoteAddr
|
|
|
|
}
|
2017-11-20 06:10:04 +01:00
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
return remoteIP
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
// Check list of IP in X-Forwarded-For and return the first global address
|
|
|
|
for _, address := range strings.Split(xForwardedFor, ",") {
|
|
|
|
address = strings.TrimSpace(address)
|
|
|
|
isPrivate, err := isPrivateAddress(address)
|
|
|
|
if !isPrivate && err == nil {
|
|
|
|
return address
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-16 20:25:18 +01:00
|
|
|
// If nothing succeed, return X-Real-IP
|
|
|
|
return xRealIP
|
|
|
|
}
|
|
|
|
|
|
|
|
// RealIP is depreciated, use FromRequest instead
|
|
|
|
func RealIP(r *http.Request) string {
|
|
|
|
return FromRequest(r)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|