diff --git a/apis/admin.go b/apis/admin.go index 3ce305f7e..1273a1478 100644 --- a/apis/admin.go +++ b/apis/admin.go @@ -66,7 +66,7 @@ func (api *adminApi) refresh(c echo.Context) error { func (api *adminApi) emailAuth(c echo.Context) error { form := forms.NewAdminLogin(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } admin, submitErr := form.Submit() @@ -80,7 +80,7 @@ func (api *adminApi) emailAuth(c echo.Context) error { func (api *adminApi) requestPasswordReset(c echo.Context) error { form := forms.NewAdminPasswordResetRequest(api.app) if err := c.Bind(form); err != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", err) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", err) } if err := form.Validate(); err != nil { @@ -101,7 +101,7 @@ func (api *adminApi) requestPasswordReset(c echo.Context) error { func (api *adminApi) confirmPasswordReset(c echo.Context) error { form := forms.NewAdminPasswordResetConfirm(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } admin, submitErr := form.Submit() diff --git a/apis/middlewares.go b/apis/middlewares.go index 1bf3b4ed9..fcd097d63 100644 --- a/apis/middlewares.go +++ b/apis/middlewares.go @@ -304,22 +304,24 @@ func ActivityLogger(app core.App) echo.MiddlewareFunc { // Returns the "real" user IP from common proxy headers (or fallbackIp if none is found). // -// The returned IP shouldn't be trusted if not behind a trusted reverse proxy! +// The returned IP value shouldn't be trusted if not behind a trusted reverse proxy! func realUserIp(r *http.Request, fallbackIp string) string { if ip := r.Header.Get("CF-Connecting-IP"); ip != "" { return ip } - if ip := r.Header.Get("X-Forwarded-For"); ip != "" { - // extract only the last IP - if i := strings.IndexAny(ip, ","); i > 0 { - return strings.TrimSpace(ip[:i]) - } + if ip := r.Header.Get("X-Real-IP"); ip != "" { return ip } - if ip := r.Header.Get("X-Forwarded-For"); ip != "" { - return ip + if ipsList := r.Header.Get("X-Forwarded-For"); ipsList != "" { + ips := strings.Split(ipsList, ",") + // extract the rightmost ip + for _, ip := range ips { + if trimmedIp := strings.TrimSpace(ip); trimmedIp != "" { + return trimmedIp + } + } } return fallbackIp diff --git a/apis/user.go b/apis/user.go index 43abb8088..77297737f 100644 --- a/apis/user.go +++ b/apis/user.go @@ -152,7 +152,7 @@ func (api *userApi) authMethods(c echo.Context) error { func (api *userApi) oauth2Auth(c echo.Context) error { form := forms.NewUserOauth2Login(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } user, authData, submitErr := form.Submit() @@ -170,7 +170,7 @@ func (api *userApi) emailAuth(c echo.Context) error { form := forms.NewUserEmailLogin(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } user, submitErr := form.Submit() @@ -184,7 +184,7 @@ func (api *userApi) emailAuth(c echo.Context) error { func (api *userApi) requestPasswordReset(c echo.Context) error { form := forms.NewUserPasswordResetRequest(api.app) if err := c.Bind(form); err != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", err) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", err) } if err := form.Validate(); err != nil { @@ -205,7 +205,7 @@ func (api *userApi) requestPasswordReset(c echo.Context) error { func (api *userApi) confirmPasswordReset(c echo.Context) error { form := forms.NewUserPasswordResetConfirm(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } user, submitErr := form.Submit() @@ -224,7 +224,7 @@ func (api *userApi) requestEmailChange(c echo.Context) error { form := forms.NewUserEmailChangeRequest(api.app, loggedUser) if err := c.Bind(form); err != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", err) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", err) } if err := form.Submit(); err != nil { @@ -237,7 +237,7 @@ func (api *userApi) requestEmailChange(c echo.Context) error { func (api *userApi) confirmEmailChange(c echo.Context) error { form := forms.NewUserEmailChangeConfirm(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } user, submitErr := form.Submit() @@ -251,7 +251,7 @@ func (api *userApi) confirmEmailChange(c echo.Context) error { func (api *userApi) requestVerification(c echo.Context) error { form := forms.NewUserVerificationRequest(api.app) if err := c.Bind(form); err != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", err) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", err) } if err := form.Validate(); err != nil { @@ -272,7 +272,7 @@ func (api *userApi) requestVerification(c echo.Context) error { func (api *userApi) confirmVerification(c echo.Context) error { form := forms.NewUserVerificationConfirm(api.app) if readErr := c.Bind(form); readErr != nil { - return rest.NewBadRequestError("An error occurred while reading the submitted data.", readErr) + return rest.NewBadRequestError("An error occurred while loading the submitted data.", readErr) } user, submitErr := form.Submit()