fix client IP handling behind proxies
Deployment Config CI / Deployment Config (push) Successful in 27s
Frontend CI / Frontend (push) Successful in 3m2s
Backend CI / Backend (push) Successful in 14m8s

This commit is contained in:
2026-05-05 23:01:25 +08:00
parent ffb7d179c6
commit 3c912949e4
20 changed files with 272 additions and 16 deletions
@@ -72,3 +72,36 @@ func TestLoggerIncludesDetailedAuthFailureContext(t *testing.T) {
require.Contains(t, logLine, `"auth_parse_error":"token has invalid claims: token is expired"`)
require.Contains(t, logLine, `"auth_token_fingerprint":"`)
}
func TestLoggerUsesForwardedClientIPFromTrustedProxy(t *testing.T) {
t.Parallel()
gin.SetMode(gin.TestMode)
var logBuffer bytes.Buffer
encoderConfig := zap.NewProductionEncoderConfig()
encoderConfig.TimeKey = ""
logger := zap.New(zapcore.NewCore(
zapcore.NewJSONEncoder(encoderConfig),
zapcore.AddSync(&logBuffer),
zapcore.DebugLevel,
))
router := gin.New()
require.NoError(t, router.SetTrustedProxies([]string{"10.42.0.0/16"}))
router.Use(RequestID())
router.Use(Logger(logger))
router.GET("/test", func(c *gin.Context) {
c.Status(http.StatusOK)
})
req := httptest.NewRequest(http.MethodGet, "/test", nil)
req.RemoteAddr = "10.42.0.128:51234"
req.Header.Set("X-Forwarded-For", "106.14.89.27")
resp := httptest.NewRecorder()
router.ServeHTTP(resp, req)
require.Equal(t, http.StatusOK, resp.Code)
require.Contains(t, logBuffer.String(), `"client_ip":"106.14.89.27"`)
}