Add options to control the behavior of Request.remote_addr (#1539)

* Add options to control the behavior of Request.remote_addr * Update tests for Request.remote_addr * Update documentation for Request.remote_addr
2019-04-16 16:30:28 +03:00
parent 5631a31099
commit 5c9ba189bc
5 changed files with 172 additions and 21 deletions
--- a/sanic/config.py
+++ b/sanic/config.py
@@ -25,6 +25,9 @@ DEFAULT_CONFIG = {
    "WEBSOCKET_WRITE_LIMIT": 2 ** 16,
    "GRACEFUL_SHUTDOWN_TIMEOUT": 15.0,  # 15 sec
    "ACCESS_LOG": True,
+    "PROXIES_COUNT": -1,
+    "FORWARDED_FOR_HEADER": "X-Forwarded-For",
+    "REAL_IP_HEADER": "X-Real-IP",
 }


--- a/sanic/request.py
+++ b/sanic/request.py
@@ -355,19 +355,38 @@ class Request(dict):

    @property
    def remote_addr(self):
-        """Attempt to return the original client ip based on X-Forwarded-For.
+        """Attempt to return the original client ip based on X-Forwarded-For
+        or X-Real-IP. If HTTP headers are unavailable or untrusted, returns
+        an empty string.

        :return: original client ip.
        """
        if not hasattr(self, "_remote_addr"):
-            forwarded_for = self.headers.get("X-Forwarded-For", "").split(",")
-            remote_addrs = [
-                addr
-                for addr in [addr.strip() for addr in forwarded_for]
-                if addr
-            ]
-            if len(remote_addrs) > 0:
-                self._remote_addr = remote_addrs[0]
+            if self.app.config.PROXIES_COUNT == 0:
+                self._remote_addr = ""
+            elif self.app.config.REAL_IP_HEADER and self.headers.get(
+                self.app.config.REAL_IP_HEADER
+            ):
+                self._remote_addr = self.headers[
+                    self.app.config.REAL_IP_HEADER
+                ]
+            elif self.app.config.FORWARDED_FOR_HEADER:
+                forwarded_for = self.headers.get(
+                    self.app.config.FORWARDED_FOR_HEADER, ""
+                ).split(",")
+                remote_addrs = [
+                    addr
+                    for addr in [addr.strip() for addr in forwarded_for]
+                    if addr
+                ]
+                if self.app.config.PROXIES_COUNT == -1:
+                    self._remote_addr = remote_addrs[0]
+                elif len(remote_addrs) >= self.app.config.PROXIES_COUNT:
+                    self._remote_addr = remote_addrs[
+                        -self.app.config.PROXIES_COUNT
+                    ]
+                else:
+                    self._remote_addr = ""
            else:
                self._remote_addr = ""
        return self._remote_addr