From 2f45f50d370afc8de4bf3cc2be61c7161e66790c Mon Sep 17 00:00:00 2001
From: Cohee <18619528+Cohee1207@users.noreply.github.com>
Date: Mon, 22 Apr 2024 15:52:59 +0300
Subject: [PATCH] Add config value for forwarded IPs whitelisting

---
 default/config.yaml         | 2 ++
 src/middleware/whitelist.js | 9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/default/config.yaml b/default/config.yaml
index 8966447d0..355573d96 100644
--- a/default/config.yaml
+++ b/default/config.yaml
@@ -9,6 +9,8 @@ port: 8000
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
+# Whitelist will also verify IP in X-Forwarded-For / X-Real-IP headers
+enableForwardedWhitelist: true
 # Whitelist of allowed IP addresses
 whitelist:
   - 127.0.0.1
diff --git a/src/middleware/whitelist.js b/src/middleware/whitelist.js
index def408650..24c1af8e5 100644
--- a/src/middleware/whitelist.js
+++ b/src/middleware/whitelist.js
@@ -6,6 +6,7 @@ const { getIpFromRequest } = require('../express-common');
 const { color, getConfigValue } = require('../util');
 
 const whitelistPath = path.join(process.cwd(), './whitelist.txt');
+const enableForwardedWhitelist = getConfigValue('enableForwardedWhitelist', false);
 let whitelist = getConfigValue('whitelist', []);
 let knownIPs = new Set();
 
@@ -24,14 +25,18 @@ if (fs.existsSync(whitelistPath)) {
  * @returns {string|undefined} The client IP address
  */
 function getForwardedIp(req) {
+    if (!enableForwardedWhitelist) {
+        return undefined;
+    }
+
     // Check if X-Real-IP is available
     if (req.headers['x-real-ip']) {
-        return req.headers['x-real-ip'];
+        return req.headers['x-real-ip'].toString();
     }
 
     // Check for X-Forwarded-For and parse if available
     if (req.headers['x-forwarded-for']) {
-        const ipList = req.headers['x-forwarded-for'].split(',').map(ip => ip.trim());
+        const ipList = req.headers['x-forwarded-for'].toString().split(',').map(ip => ip.trim());
         return ipList[0];
     }