diff --git a/src/node/handler/PadMessageHandler.js b/src/node/handler/PadMessageHandler.js index 0794a7b1d..78a8b9858 100644 --- a/src/node/handler/PadMessageHandler.js +++ b/src/node/handler/PadMessageHandler.js @@ -35,7 +35,6 @@ var _ = require('underscore'); var hooks = require("ep_etherpad-lite/static/js/pluginfw/hooks.js"); var channels = require("channels"); var stats = require('../stats'); -var remoteAddress = require("../utils/RemoteAddress").remoteAddress; const assert = require('assert').strict; const nodeify = require("nodeify"); const { RateLimiterMemory } = require('rate-limiter-flexible'); @@ -127,19 +126,11 @@ exports.handleDisconnect = async function(client) // if this connection was already etablished with a handshake, send a disconnect message to the others if (session && session.author) { - // Get the IP address from our persistant object - let ip = remoteAddress[client.id]; - - // Anonymize the IP address if IP logging is disabled - if (settings.disableIPlogging) { - ip = 'ANONYMOUS'; - } - const {session: {user} = {}} = client.client.request; accessLogger.info('[LEAVE]' + ` pad:${session.padId}` + ` socket:${client.id}` + - ` IP:${ip}` + + ` IP:${settings.disableIPlogging ? 'ANONYMOUS' : client.request.ip}` + ` authorID:${session.author}` + ((user && user.username) ? ` username:${user.username}` : '')); @@ -181,11 +172,11 @@ exports.handleMessage = async function(client, message) var env = process.env.NODE_ENV || 'development'; if (env === 'production') { - const clientIPAddress = remoteAddress[client.id]; try { - await rateLimiter.consume(clientIPAddress); // consume 1 point per event from IP - }catch(e){ - console.warn("Rate limited: ", clientIPAddress, " to reduce the amount of rate limiting that happens edit the rateLimit values in settings.json"); + await rateLimiter.consume(client.request.ip); // consume 1 point per event from IP + } catch (e) { + console.warn(`Rate limited: ${client.request.ip} to reduce the amount of rate limiting ` + + 'that happens edit the rateLimit values in settings.json'); stats.meter('rateLimited').mark(); client.json.send({disconnect:"rateLimited"}); return; @@ -239,7 +230,7 @@ exports.handleMessage = async function(client, message) 'Rejecting message from client because the author ID changed mid-session.' + ' Bad or missing token or sessionID?' + ` socket:${client.id}` + - ` IP:${settings.disableIPlogging ? ANONYMOUS : remoteAddress[client.id]}` + + ` IP:${settings.disableIPlogging ? 'ANONYMOUS' : client.request.ip}` + ` originalAuthorID:${thisSession.author}` + ` newAuthorID:${authorID}` + ((user && user.username) ? ` username:${user.username}` : '') + @@ -967,19 +958,11 @@ async function handleClientReady(client, message, authorID) sessionInfo.readonly = padIds.readonly || !webaccess.userCanModify(message.padId, client.client.request); - // Log creation/(re-)entering of a pad - let ip = remoteAddress[client.id]; - - // Anonymize the IP address if IP logging is disabled - if (settings.disableIPlogging) { - ip = 'ANONYMOUS'; - } - const {session: {user} = {}} = client.client.request; accessLogger.info(`[${pad.head > 0 ? 'ENTER' : 'CREATE'}]` + ` pad:${padIds.padId}` + ` socket:${client.id}` + - ` IP:${ip}` + + ` IP:${settings.disableIPlogging ? 'ANONYMOUS' : client.request.ip}` + ` authorID:${authorID}` + ((user && user.username) ? ` username:${user.username}` : '')); diff --git a/src/node/handler/SocketIORouter.js b/src/node/handler/SocketIORouter.js index a52393634..d7712b8ee 100644 --- a/src/node/handler/SocketIORouter.js +++ b/src/node/handler/SocketIORouter.js @@ -23,7 +23,6 @@ var log4js = require('log4js'); var messageLogger = log4js.getLogger("message"); var securityManager = require("../db/SecurityManager"); var readOnlyManager = require("../db/ReadOnlyManager"); -var remoteAddress = require("../utils/RemoteAddress").remoteAddress; var settings = require('../utils/Settings'); /** @@ -56,15 +55,6 @@ exports.setSocketIO = function(_socket) { socket.sockets.on('connection', function(client) { - // Broken: See http://stackoverflow.com/questions/4647348/send-message-to-specific-client-with-socket-io-and-node-js - // Fixed by having a persistant object, ideally this would actually be in the database layer - // TODO move to database layer - if (settings.trustProxy && client.handshake.headers['x-forwarded-for'] !== undefined) { - remoteAddress[client.id] = client.handshake.headers['x-forwarded-for']; - } else { - remoteAddress[client.id] = client.handshake.address; - } - // wrap the original send function to log the messages client._send = client.send; client.send = function(message) { diff --git a/src/node/hooks/express/socketio.js b/src/node/hooks/express/socketio.js index f5964f18a..aae450da3 100644 --- a/src/node/hooks/express/socketio.js +++ b/src/node/hooks/express/socketio.js @@ -1,4 +1,5 @@ const express = require("../express"); +const proxyaddr = require('proxy-addr'); var settings = require('../../utils/Settings'); var socketio = require('socket.io'); var socketIORouter = require("../../handler/SocketIORouter"); @@ -38,6 +39,14 @@ exports.expressCreateServer = function (hook_name, args, cb) { io.use((socket, next) => { const req = socket.request; + // Express sets req.ip but socket.io does not. Replicate Express's behavior here. + if (req.ip == null) { + if (settings.trustProxy) { + req.ip = proxyaddr(req, args.app.get('trust proxy fn')); + } else { + req.ip = socket.handshake.address; + } + } if (!req.headers.cookie) { // socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the // token and express_sid cookies have to be passed via a query parameter for unit tests. diff --git a/src/node/utils/RemoteAddress.js b/src/node/utils/RemoteAddress.js deleted file mode 100644 index 86a4a5b26..000000000 --- a/src/node/utils/RemoteAddress.js +++ /dev/null @@ -1 +0,0 @@ -exports.remoteAddress = {}; diff --git a/src/package.json b/src/package.json index 155638161..1d57e6116 100644 --- a/src/package.json +++ b/src/package.json @@ -55,6 +55,7 @@ "nodeify": "1.0.1", "npm": "6.14.8", "openapi-backend": "2.4.1", + "proxy-addr": "^2.0.6", "rate-limiter-flexible": "^2.1.4", "rehype": "^10.0.0", "rehype-format": "^3.0.1",