Committer: gariev
LJM-1684: User's IP in HTTP SUP::RPC requestsU trunk/cgi-bin/LJ/Hooks/SUP.pm U trunk/htdocs/sup/rpc_interface.bml
Modified: trunk/cgi-bin/LJ/Hooks/SUP.pm =================================================================== --- trunk/cgi-bin/LJ/Hooks/SUP.pm 2011-01-27 12:16:14 UTC (rev 9954) +++ trunk/cgi-bin/LJ/Hooks/SUP.pm 2011-01-27 12:21:59 UTC (rev 9955) @@ -1037,4 +1037,49 @@ LJ::WishList->clean_post_id($ju, $entry->ditemid); }); +## +## Hack for passing IP addresses of clients of SUP::RPC services as +## IPs of clients of LJ.com +## +LJ::register_hook("modify_forward_list", sub { + my $hosts_list = shift; ## The list of hosts for updated header X-Forwarded-For, + ## the first IP will be used as remote_ip() + my $req_list = shift; ## The list that is checked against sysban + + ## Moscow dev servers through nginx proxy + if ($LJ::IS_DEV_SERVER) { + if (my $real_ip = LJ::Request->header_in('X-Real-IP')) { + push @$req_list, $real_ip; + unshift @$hosts_list, $real_ip; + } + } + ## X-LJ-ClientIP header from trusted services (SUP::RPC client) + ## + ## Request path: Client --> SUP::RPC service (e.g. m.lj.com) --> LJ-com + ## Client IP == "X-LJ-ClientIP" header set by SUP::RPC service. + ## SUP::RPC service's IP == $hosts_list->[0]. + ## Save SUP::RPC service's IP for later auth check, and set X-LJ-ClientIP as request IP + ## + if ( @$hosts_list && _is_trusted_ip($hosts_list->[0]) && + (my $client_ip = LJ::Request->header_in('X-LJ-ClientIP')) + ) { + my $trusted_service_ip = shift @$hosts_list; + LJ::Request->pnotes('trusted_service_ip', $trusted_service_ip); + unshift @$hosts_list, $client_ip; + push @$req_list, $client_ip; + } +}); + +sub _is_trusted_ip { + my $ip = shift; + + return 1 if $ip eq '172.19.10.244'; + + my $ip_class = LJ::GeoLocation->ip_class($ip); + return $ip_class eq 'mon_local' || + $ip_class eq 'mon_dtc' || + $ip_class eq 'sup_dtc' || + $ip_class eq 'sup_gazeta'; +} + 1; Modified: trunk/htdocs/sup/rpc_interface.bml =================================================================== --- trunk/htdocs/sup/rpc_interface.bml 2011-01-27 12:16:14 UTC (rev 9954) +++ trunk/htdocs/sup/rpc_interface.bml 2011-01-27 12:21:59 UTC (rev 9955) @@ -27,7 +27,7 @@ my $params = LJ::did_post() ? \%POST : \%GET; my $ip_class = LJ::LJcom::ip_class(); - my $remote_ip = LJ::get_remote_ip(); + my $remote_ip = LJ::Request->pnotes('trusted_service_ip') || LJ::get_remote_ip(); LJ::Request->notes('codepath' => "interface.sup_rpc.index:" . $params->{action});