[pocketbase#282] added the "real" user ip to the logs

apis/logs.go

@@ -28,7 +28,7 @@ type logsApi struct {
 var requestFilterFields = []string{
 	"rowid", "id", "created", "updated",
 	"url", "method", "status", "auth",
-	"ip", "referer", "userAgent",
+	"remoteIp", "userIp", "referer", "userAgent",
 }
 
 func (api *logsApi) requestsList(c echo.Context) error {

apis/middlewares.go

@@ -252,7 +252,8 @@ func ActivityLogger(app core.App) echo.MiddlewareFunc {
 				Method:    strings.ToLower(httpRequest.Method),
 				Status:    status,
 				Auth:      requestAuth,
-				Ip:        httpRequest.RemoteAddr,
+				UserIp:    realUserIp(httpRequest),
+				RemoteIp:  httpRequest.RemoteAddr,
 				Referer:   httpRequest.Referer(),
 				UserAgent: httpRequest.UserAgent(),
 				Meta:      meta,
@@ -297,3 +298,23 @@ func ActivityLogger(app core.App) echo.MiddlewareFunc {
 		}
 	}
 }
+
+// Returns the "real" user IP from common proxy headers
+// (fallback to [r.RemoteAddr]).
+//
+// The returned IP shouldn't be trusted if not behind a trusted reverse proxy!
+func realUserIp(r *http.Request) string {
+	ipHeaders := []string{
+		"CF-Connecting-IP",
+		"X-Forwarded-For",
+		"X-Real-Ip",
+	}
+
+	for _, header := range ipHeaders {
+		if ip := r.Header.Get(header); ip != "" {
+			return ip
+		}
+	}
+
+	return r.RemoteAddr
+}

migrations/logs/1660821103_add_user_ip_column.go

@@ -0,0 +1,57 @@
+package logs
+
+import (
+	"github.com/pocketbase/dbx"
+)
+
+func init() {
+	LogsMigrations.Register(func(db dbx.Builder) error {
+		// delete old index (don't check for error because of backward compatability with old installations)
+		db.DropIndex("_requests", "_request_ip_idx").Execute()
+
+		// rename ip -> remoteIp
+		if _, err := db.RenameColumn("_requests", "ip", "remoteIp").Execute(); err != nil {
+			return err
+		}
+
+		// add new userIp column
+		if _, err := db.AddColumn("_requests", "userIp", `TEXT DEFAULT "127.0.0.1" NOT NULL`).Execute(); err != nil {
+			return err
+		}
+
+		// add new indexes
+		if _, err := db.CreateIndex("_requests", "_request_remote_ip_idx", "remoteIp").Execute(); err != nil {
+			return err
+		}
+		if _, err := db.CreateIndex("_requests", "_request_user_ip_idx", "userIp").Execute(); err != nil {
+			return err
+		}
+
+		return nil
+	}, func(db dbx.Builder) error {
+		// delete new indexes
+		if _, err := db.DropIndex("_requests", "_request_remote_ip_idx").Execute(); err != nil {
+			return err
+		}
+		if _, err := db.DropIndex("_requests", "_request_user_ip_idx").Execute(); err != nil {
+			return err
+		}
+
+		// drop userIp column
+		if _, err := db.DropColumn("_requests", "userIp").Execute(); err != nil {
+			return err
+		}
+
+		// restore original remoteIp column name
+		if _, err := db.RenameColumn("_requests", "remoteIp", "ip").Execute(); err != nil {
+			return err
+		}
+
+		// restore original index
+		if _, err := db.CreateIndex("_requests", "_request_ip_idx", "ip").Execute(); err != nil {
+			return err
+		}
+
+		return nil
+	})
+}

models/request.go

@@ -18,7 +18,8 @@ type Request struct {
 	Method    string        `db:"method" json:"method"`
 	Status    int           `db:"status" json:"status"`
 	Auth      string        `db:"auth" json:"auth"`
-	Ip        string        `db:"ip" json:"ip"`
+	UserIp    string        `db:"userIp" json:"userIp"`
+	RemoteIp  string        `db:"remoteIp" json:"remoteIp"`
 	Referer   string        `db:"referer" json:"referer"`
 	UserAgent string        `db:"userAgent" json:"userAgent"`
 	Meta      types.JsonMap `db:"meta" json:"meta"`

tests/logs.go

@@ -10,7 +10,8 @@ func MockRequestLogsData(app *TestApp) error {
 			[[method]],
 			[[status]],
 			[[auth]],
-			[[ip]],
+			[[userIp]],
+			[[remoteIp]],
 			[[referer]],
 			[[userAgent]],
 			[[meta]],
@@ -25,6 +26,7 @@ func MockRequestLogsData(app *TestApp) error {
 			200,
 			"guest",
 			"127.0.0.1",
+			"127.0.0.1",
 			"",
 			"",
 			"{}",
@@ -38,6 +40,7 @@ func MockRequestLogsData(app *TestApp) error {
 			400,
 			"admin",
 			"127.0.0.1",
+			"127.0.0.1",
 			"",
 			"",
 			'{"errorDetails":"error_details..."}',