Forward real IP in internal-api client calls

This commit is contained in:
Andrey Beletsky 2019-09-18 18:02:03 +07:00
parent fd916d9eae
commit a8c339e5b4
2 changed files with 83 additions and 49 deletions

View file

@ -15,9 +15,18 @@ import (
// Client stores data about internal-apis call it is about to make.
type Client struct {
ServerAddress string
AuthToken string
Logger *log.Logger
serverAddress string
extraHeaders map[string]string
}
// ClientOpts allow to provide extra parameters to NewClient:
// - ServerAddress
// - RemoteIP — to forward the IP of a frontend client making the request
type ClientOpts struct {
ServerAddress string
RemoteIP string
}
// APIResponse reflects internal-apis JSON response format.
@ -31,23 +40,35 @@ type APIResponse struct {
type ResponseData map[string]interface{}
const (
defaultAPIHost = "https://api.lbry.com"
timeout = 5 * time.Second
userObjectPath = "user"
defaultServerAddress = "https://api.lbry.com"
timeout = 5 * time.Second
userObjectPath = "user"
headerForwardedFor = "X-Forwarded-For"
)
// NewClient returns a client instance for internal-apis. It requires authToken to be provided
// for authentication.
func NewClient(authToken string) Client {
return Client{
ServerAddress: defaultAPIHost,
func NewClient(authToken string, opts *ClientOpts) Client {
c := Client{
serverAddress: defaultServerAddress,
extraHeaders: make(map[string]string),
AuthToken: authToken,
Logger: log.StandardLogger(),
}
if opts != nil {
if opts.ServerAddress != "" {
c.serverAddress = opts.ServerAddress
}
if opts.RemoteIP != "" {
c.extraHeaders[headerForwardedFor] = opts.RemoteIP
}
}
return c
}
func (c Client) getEndpointURL(object, method string) string {
return fmt.Sprintf("%s/%s/%s", c.ServerAddress, object, method)
return fmt.Sprintf("%s/%s/%s", c.serverAddress, object, method)
}
func (c Client) prepareParams(params map[string]interface{}) (string, error) {
@ -69,9 +90,14 @@ func (c Client) doCall(url string, payload string) ([]byte, error) {
if err != nil {
return body, err
}
req.Header.Add("Accept", "application/json")
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
for k, v := range c.extraHeaders {
req.Header.Set(k, v)
}
client := &http.Client{Timeout: timeout}
r, err := client.Do(req)
if err != nil {

View file

@ -1,8 +1,8 @@
package lbryinc
import (
"log"
"net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/assert"
@ -10,56 +10,64 @@ import (
)
func TestUserMeWrongToken(t *testing.T) {
c := NewClient("abc")
c := NewClient("abc", nil)
r, err := c.UserMe()
require.NotNil(t, err)
assert.Equal(t, "could not authenticate user", err.Error())
assert.Nil(t, r)
}
const dummyServerURL = "http://127.0.0.1:59999"
func launchDummyServer() {
s := &http.Server{
Addr: "127.0.0.1:59999",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(http.StatusOK)
response := []byte(`{
"success": true,
"error": null,
"data": {
"id": 751365,
"language": "en",
"given_name": null,
"family_name": null,
"created_at": "2019-01-17T12:13:06Z",
"updated_at": "2019-05-02T13:57:59Z",
"invited_by_id": null,
"invited_at": null,
"invites_remaining": 0,
"invite_reward_claimed": false,
"is_email_enabled": true,
"manual_approval_user_id": 837139,
"reward_status_change_trigger": "manual",
"primary_email": "andrey@lbry.com",
"has_verified_email": true,
"is_identity_verified": false,
"is_reward_approved": true,
"groups": []
}
}`)
w.Write(response)
}),
}
log.Fatal(s.ListenAndServe())
func launchDummyServer(lastReq **http.Request) *httptest.Server {
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
*lastReq = &*r
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(http.StatusOK)
response := []byte(`{
"success": true,
"error": null,
"data": {
"id": 751365,
"language": "en",
"given_name": null,
"family_name": null,
"created_at": "2019-01-17T12:13:06Z",
"updated_at": "2019-05-02T13:57:59Z",
"invited_by_id": null,
"invited_at": null,
"invites_remaining": 0,
"invite_reward_claimed": false,
"is_email_enabled": true,
"manual_approval_user_id": 837139,
"reward_status_change_trigger": "manual",
"primary_email": "andrey@lbry.com",
"has_verified_email": true,
"is_identity_verified": false,
"is_reward_approved": true,
"groups": []
}
}`)
w.Write(response)
}))
}
func TestUserMe(t *testing.T) {
go launchDummyServer()
c := NewClient("realToken")
c.ServerAddress = dummyServerURL
var req *http.Request
ts := launchDummyServer(&req)
defer ts.Close()
c := NewClient("realToken", &ClientOpts{ServerAddress: ts.URL})
r, err := c.UserMe()
assert.Nil(t, err)
assert.Equal(t, r["primary_email"], "andrey@lbry.com")
}
func TestRemoteIP(t *testing.T) {
var req *http.Request
ts := launchDummyServer(&req)
defer ts.Close()
c := NewClient("realToken", &ClientOpts{ServerAddress: ts.URL, RemoteIP: "8.8.8.8"})
_, err := c.UserMe()
assert.Nil(t, err)
assert.Equal(t, []string{"8.8.8.8"}, req.Header["X-Forwarded-For"])
}