Forward real IP in internal-api client calls

extras/lbryinc/client.go

@@ -15,9 +15,18 @@ import (
 
 // Client stores data about internal-apis call it is about to make.
 type Client struct {
-	ServerAddress string
 	AuthToken     string
 	Logger        *log.Logger
+	serverAddress string
+	extraHeaders  map[string]string
+}
+
+// ClientOpts allow to provide extra parameters to NewClient:
+// - ServerAddress
+// - RemoteIP — to forward the IP of a frontend client making the request
+type ClientOpts struct {
+	ServerAddress string
+	RemoteIP      string
 }
 
 // APIResponse reflects internal-apis JSON response format.
@@ -31,23 +40,35 @@ type APIResponse struct {
 type ResponseData map[string]interface{}
 
 const (
-	defaultAPIHost = "https://api.lbry.com"
+	defaultServerAddress = "https://api.lbry.com"
-	timeout        = 5 * time.Second
+	timeout              = 5 * time.Second
-	userObjectPath = "user"
+	userObjectPath       = "user"
+	headerForwardedFor   = "X-Forwarded-For"
 )
 
 // NewClient returns a client instance for internal-apis. It requires authToken to be provided
 // for authentication.
-func NewClient(authToken string) Client {
+func NewClient(authToken string, opts *ClientOpts) Client {
-	return Client{
+	c := Client{
-		ServerAddress: defaultAPIHost,
+		serverAddress: defaultServerAddress,
+		extraHeaders:  make(map[string]string),
 		AuthToken:     authToken,
 		Logger:        log.StandardLogger(),
 	}
+	if opts != nil {
+		if opts.ServerAddress != "" {
+			c.serverAddress = opts.ServerAddress
+		}
+		if opts.RemoteIP != "" {
+			c.extraHeaders[headerForwardedFor] = opts.RemoteIP
+		}
+	}
+
+	return c
 }
 
 func (c Client) getEndpointURL(object, method string) string {
-	return fmt.Sprintf("%s/%s/%s", c.ServerAddress, object, method)
+	return fmt.Sprintf("%s/%s/%s", c.serverAddress, object, method)
 }
 
 func (c Client) prepareParams(params map[string]interface{}) (string, error) {
@@ -69,9 +90,14 @@ func (c Client) doCall(url string, payload string) ([]byte, error) {
 	if err != nil {
 		return body, err
 	}
+
 	req.Header.Add("Accept", "application/json")
 	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 
+	for k, v := range c.extraHeaders {
+		req.Header.Set(k, v)
+	}
+
 	client := &http.Client{Timeout: timeout}
 	r, err := client.Do(req)
 	if err != nil {

extras/lbryinc/client_test.go

@@ -1,8 +1,8 @@
 package lbryinc
 
 import (
-	"log"
 	"net/http"
+	"net/http/httptest"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -10,56 +10,64 @@ import (
 )
 
 func TestUserMeWrongToken(t *testing.T) {
-	c := NewClient("abc")
+	c := NewClient("abc", nil)
 	r, err := c.UserMe()
 	require.NotNil(t, err)
 	assert.Equal(t, "could not authenticate user", err.Error())
 	assert.Nil(t, r)
 }
 
-const dummyServerURL = "http://127.0.0.1:59999"
+func launchDummyServer(lastReq **http.Request) *httptest.Server {
-
+	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-func launchDummyServer() {
+		*lastReq = &*r
-	s := &http.Server{
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
-		Addr: "127.0.0.1:59999",
+		w.WriteHeader(http.StatusOK)
-		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		response := []byte(`{
-			w.Header().Set("Content-Type", "application/json; charset=utf-8")
+			"success": true,
-			w.WriteHeader(http.StatusOK)
+			"error": null,
-			response := []byte(`{
+			"data": {
-				"success": true,
+				"id": 751365,
-				"error": null,
+				"language": "en",
-				"data": {
+				"given_name": null,
-				  "id": 751365,
+				"family_name": null,
-				  "language": "en",
+				"created_at": "2019-01-17T12:13:06Z",
-				  "given_name": null,
+				"updated_at": "2019-05-02T13:57:59Z",
-				  "family_name": null,
+				"invited_by_id": null,
-				  "created_at": "2019-01-17T12:13:06Z",
+				"invited_at": null,
-				  "updated_at": "2019-05-02T13:57:59Z",
+				"invites_remaining": 0,
-				  "invited_by_id": null,
+				"invite_reward_claimed": false,
-				  "invited_at": null,
+				"is_email_enabled": true,
-				  "invites_remaining": 0,
+				"manual_approval_user_id": 837139,
-				  "invite_reward_claimed": false,
+				"reward_status_change_trigger": "manual",
-				  "is_email_enabled": true,
+				"primary_email": "andrey@lbry.com",
-				  "manual_approval_user_id": 837139,
+				"has_verified_email": true,
-				  "reward_status_change_trigger": "manual",
+				"is_identity_verified": false,
-				  "primary_email": "andrey@lbry.com",
+				"is_reward_approved": true,
-				  "has_verified_email": true,
+				"groups": []
-				  "is_identity_verified": false,
+			}
-				  "is_reward_approved": true,
+			}`)
-				  "groups": []
+		w.Write(response)
-				}
+	}))
-			  }`)
-			w.Write(response)
-		}),
-	}
-	log.Fatal(s.ListenAndServe())
 }
 
 func TestUserMe(t *testing.T) {
-	go launchDummyServer()
+	var req *http.Request
-	c := NewClient("realToken")
+	ts := launchDummyServer(&req)
-	c.ServerAddress = dummyServerURL
+	defer ts.Close()
+
+	c := NewClient("realToken", &ClientOpts{ServerAddress: ts.URL})
 	r, err := c.UserMe()
 	assert.Nil(t, err)
 	assert.Equal(t, r["primary_email"], "andrey@lbry.com")
 }
+
+func TestRemoteIP(t *testing.T) {
+	var req *http.Request
+	ts := launchDummyServer(&req)
+	defer ts.Close()
+
+	c := NewClient("realToken", &ClientOpts{ServerAddress: ts.URL, RemoteIP: "8.8.8.8"})
+	_, err := c.UserMe()
+	assert.Nil(t, err)
+	assert.Equal(t, []string{"8.8.8.8"}, req.Header["X-Forwarded-For"])
+}