refactor and fix reverse proxy IP fetch routines (!139) · Merge requests · The Tor Project / Web / donate-neo

anarcat requested to merge cleanup-mr135 into main Sep 12, 2024

The plan is to extract the logic so that we can log IP addresses in failed requests in #117.

In doing so, I found a flaw in how the rate limiter worked that allowed an attacker to inject fake IP addresses in the X-Forwarded-For header, allowing rate limiting bypass or denial of service of arbitrary addresses as well. That should be fixed.

The request of logging originating IP addresses (#117) is not actually fixed here, because while trying to address that I realized that where we're logging those failures is in the webhook callbacks, and there the request client is not the user, but the payment processor.

So we somehow need to either keep track of the client IP address to restore it when we get that webhook response (ewww) or take that IP address from the webhook data in the first place.

I'm less familiar with that part of the process, so I'll again defer that to later code.

Splitting that code up in a different function still feels useful though, because now we have it unit-tested.

Edited Sep 12, 2024 by anarcat

refactor and fix reverse proxy IP fetch routines

Merge request reports