Make original IP header configurable

453279ec · Simon Künzel · b90dcc1d · 453279ec · 453279ec
Commit 453279ec authored 1 month ago by Simon Künzel
--- a/api/config/api_example_config.py
+++ b/api/config/api_example_config.py
@@ -161,6 +161,8 @@ LDAP_GROUPS = ["fachschaft"]

 #  RWTH_API_KEY = ""

+ORIGINAL_IP_HEADER_NAME = "X-Forwarded-For"
+
 RWTH_IP_RANGES = ["134.130.0.0/16", "137.226.0.0/16", "134.61.0.0/16", "192.35.229.0/24", "2a00:8a60::/32"]
 FSMPI_IP_RANGES = ["137.226.35.192/29", "137.226.75.0/27", "137.226.127.32/27", "137.226.231.192/26", "134.130.102.0/26", "127.0.0.1/32"]
 INTERNAL_IP_RANGES = ["127.0.0.0/8", "192.168.155.0/24", "fd78:4d90:6fe4::/48"]

--- a/api/src/api/authentication.py
+++ b/api/src/api/authentication.py
@@ -18,6 +18,7 @@ from api.database import *
 import api

 _BASE_URL = api.config["API_BASE_URL"]
+_ORIGINAL_IP_HEADER_NAME = api.config["ORIGINAL_IP_HEADER_NAME"]


 def api_moderator_route(require_csrf_token: bool = False):
@@ -110,7 +111,7 @@ def are_view_permissions_fulfilled(perm: ViewPermissions):
    if isinstance(perm, ViewPermissionsAuthentication):
        if perm.rwth_authentication and (
                api_session.is_rwth_authenticated
-                or ("X-Real-IP" in request.headers and is_rwth_ip(request.headers["X-Real-IP"]))
+                or (_ORIGINAL_IP_HEADER_NAME in request.headers and is_rwth_ip(request.headers[_ORIGINAL_IP_HEADER_NAME]))
        ):
            return True