review

2025-01-21 18:03:50 +03:00 · 2024-10-11 15:57:25 +02:00 · 2024-10-11 15:57:25 +02:00 · 837941c662
commit 837941c662
parent 41ab6af07e
2 changed files with 16 additions and 16 deletions
--- a/pkg/middlewares/forwardedheaders/forwarded_header.go
+++ b/pkg/middlewares/forwardedheaders/forwarded_header.go
@ -43,8 +43,8 @@ var xHeaders = []string{

 type key string

-// PeerSocketAddrKey is the peer socket address which only exists in case of a proxy proto connection.
-const PeerSocketAddrKey key = "peerSocketAddr"
+// PeerSocketAddr is the peer socket address which only exists in case of a proxy proto connection.
+const PeerSocketAddr key = "peerSocketAddr"

 // XForwardedForAddr is the previous hop address (trusted) to be added to the X-Forwarded-For header.
 const XForwardedForAddr key = "xForwardedForAddr"
@ -54,12 +54,12 @@ const XForwardedForAddr key = "xForwardedForAddr"
 // Unless insecure is set,
 // it first removes all the existing values for those headers if the remote address is not one of the trusted ones.
 type XForwarded struct {
-	insecure             bool
-	trustedIPs           []string
-	connectionHeaders    []string
-	ipChecker            *ip.Checker
-	next                 http.Handler
-	hostname             string
+	insecure          bool
+	trustedIPs        []string
+	connectionHeaders []string
+	ipChecker         *ip.Checker
+	next              http.Handler
+	hostname          string
 }

 // NewXForwarded creates a new XForwarded.
@ -79,12 +79,12 @@ func NewXForwarded(insecure bool, trustedIPs []string, connectionHeaders []strin
 	}

 	return &XForwarded{
-		insecure:             insecure,
-		trustedIPs:           trustedIPs,
-		connectionHeaders:    connectionHeaders,
-		ipChecker:            ipChecker,
-		next:                 next,
-		hostname:             hostname,
+		insecure:          insecure,
+		trustedIPs:        trustedIPs,
+		connectionHeaders: connectionHeaders,
+		ipChecker:         ipChecker,
+		next:              next,
+		hostname:          hostname,
 	}, nil
 }

@ -202,7 +202,7 @@ func (x *XForwarded) ServeHTTP(w http.ResponseWriter, r *http.Request) {

 		// In case of a ProxyProtocol connection the http.Request#RemoteAddr is the original one.
 		// To check if Forwarded headers are trusted we have to use the peer socket address.
-	} else if peerSocketAddr, ok := r.Context().Value(PeerSocketAddrKey).(string); ok && x.isTrustedIP(peerSocketAddr) {
+	} else if peerSocketAddr, ok := r.Context().Value(PeerSocketAddr).(string); ok && x.isTrustedIP(peerSocketAddr) {
 		isTrusted = true
 		forwardedForAddr = peerSocketAddr
 	}
--- a/pkg/server/server_entrypoint_tcp.go
+++ b/pkg/server/server_entrypoint_tcp.go
@ -639,7 +639,7 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati
 	prevConnContext := serverHTTP.ConnContext
 	serverHTTP.ConnContext = func(ctx context.Context, c net.Conn) context.Context {
 		if proxyProtoAddr, ok := c.RemoteAddr().(proxyProtoAddr); ok {
-			ctx = context.WithValue(ctx, forwardedheaders.PeerSocketAddrKey, proxyProtoAddr.peerSocketAddr)
+			ctx = context.WithValue(ctx, forwardedheaders.PeerSocketAddr, proxyProtoAddr.peerSocketAddr)
 		}

 		// This adds an empty struct in order to store a RoundTripper in the ConnContext in case of Kerberos or NTLM.