Igor Gariev (gariev) wrote in changelog,
Igor Gariev
gariev
changelog

[ljcom] r9955: LJM-1684: User's IP in HTTP SUP::RPC req...

Committer: gariev
LJM-1684: User's IP in HTTP SUP::RPC requests

U   trunk/cgi-bin/LJ/Hooks/SUP.pm
U   trunk/htdocs/sup/rpc_interface.bml
Modified: trunk/cgi-bin/LJ/Hooks/SUP.pm
===================================================================
--- trunk/cgi-bin/LJ/Hooks/SUP.pm	2011-01-27 12:16:14 UTC (rev 9954)
+++ trunk/cgi-bin/LJ/Hooks/SUP.pm	2011-01-27 12:21:59 UTC (rev 9955)
@@ -1037,4 +1037,49 @@
     LJ::WishList->clean_post_id($ju, $entry->ditemid);
 });
 
+##
+## Hack for passing IP addresses of clients of SUP::RPC services as 
+## IPs of clients of LJ.com
+##
+LJ::register_hook("modify_forward_list", sub {
+    my $hosts_list = shift;     ## The list of hosts for updated header X-Forwarded-For, 
+                                ## the first IP will be used as remote_ip()
+    my $req_list = shift;       ## The list that is checked against sysban
+
+    ## Moscow dev servers through nginx proxy
+    if ($LJ::IS_DEV_SERVER) {
+        if (my $real_ip = LJ::Request->header_in('X-Real-IP')) {
+            push @$req_list, $real_ip;
+            unshift @$hosts_list, $real_ip;
+        }
+    }
+    ## X-LJ-ClientIP header from trusted services (SUP::RPC client)
+    ## 
+    ## Request path: Client --> SUP::RPC service (e.g. m.lj.com) --> LJ-com
+    ## Client IP                == "X-LJ-ClientIP" header set by SUP::RPC service.
+    ## SUP::RPC service's IP    == $hosts_list->[0].
+    ## Save SUP::RPC service's IP for later auth check, and set X-LJ-ClientIP as request IP
+    ## 
+    if (    @$hosts_list && _is_trusted_ip($hosts_list->[0]) && 
+            (my $client_ip = LJ::Request->header_in('X-LJ-ClientIP'))
+    ) {
+        my $trusted_service_ip = shift @$hosts_list;
+        LJ::Request->pnotes('trusted_service_ip', $trusted_service_ip);
+        unshift @$hosts_list, $client_ip;
+        push @$req_list, $client_ip;
+    }
+});
+
+sub _is_trusted_ip {
+    my $ip = shift;
+
+    return 1 if $ip eq '172.19.10.244';
+
+    my $ip_class = LJ::GeoLocation->ip_class($ip);
+    return $ip_class eq 'mon_local' || 
+            $ip_class eq 'mon_dtc'  ||
+            $ip_class eq 'sup_dtc'  ||
+            $ip_class eq 'sup_gazeta';
+}
+
 1;

Modified: trunk/htdocs/sup/rpc_interface.bml
===================================================================
--- trunk/htdocs/sup/rpc_interface.bml	2011-01-27 12:16:14 UTC (rev 9954)
+++ trunk/htdocs/sup/rpc_interface.bml	2011-01-27 12:21:59 UTC (rev 9955)
@@ -27,7 +27,7 @@
    
     my $params = LJ::did_post() ? \%POST : \%GET;
     my $ip_class  = LJ::LJcom::ip_class();
-    my $remote_ip = LJ::get_remote_ip();
+    my $remote_ip = LJ::Request->pnotes('trusted_service_ip') || LJ::get_remote_ip();
 
     LJ::Request->notes('codepath' => "interface.sup_rpc.index:" . $params->{action});
     

Tags: bml, gariev, ljcom, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments