feat: Proxy support (#2490)

Add client IP resolving support in case when there is a proxy in front of Clio.
2026-04-29 15:37:53 +00:00 · 2025-09-03 15:22:47 +01:00
parent 0a2930d861
commit 3a667f558c
39 changed files with 1042 additions and 125 deletions
--- a/src/app/ClioApplication.cpp
+++ b/src/app/ClioApplication.cpp
@@ -178,7 +178,9 @@ ClioApplication::run(bool const useNgWebServer)
        }
        auto const adminVerifier = std::move(expectedAdminVerifier).value();

-        auto httpServer = web::ng::makeServer(config_, OnConnectCheck{dosGuard}, DisconnectHook{dosGuard}, ioc);
+        auto httpServer = web::ng::makeServer(
+            config_, OnConnectCheck{dosGuard}, IpChangeHook{dosGuard}, DisconnectHook{dosGuard}, ioc
+        );

        if (not httpServer.has_value()) {
            LOG(util::LogService::error()) << "Error creating web server: " << httpServer.error();
--- a/src/app/WebHandlers.cpp
+++ b/src/app/WebHandlers.cpp
@@ -33,6 +33,7 @@

 #include <memory>
 #include <optional>
+#include <string>
 #include <utility>

 namespace app {
@@ -54,6 +55,17 @@ OnConnectCheck::operator()(web::ng::Connection const& connection)
    return {};
 }

+IpChangeHook::IpChangeHook(web::dosguard::DOSGuardInterface& dosguard) : dosguard_(dosguard)
+{
+}
+
+void
+IpChangeHook::operator()(std::string const& oldIp, std::string const& newIp)
+{
+    dosguard_.get().decrement(oldIp);
+    dosguard_.get().increment(newIp);
+}
+
 DisconnectHook::DisconnectHook(web::dosguard::DOSGuardInterface& dosguard) : dosguard_{dosguard}
 {
 }
--- a/src/app/WebHandlers.hpp
+++ b/src/app/WebHandlers.hpp
@@ -36,6 +36,7 @@
 #include <exception>
 #include <functional>
 #include <memory>
+#include <string>
 #include <utility>

 namespace app {
@@ -64,6 +65,31 @@ public:
    operator()(web::ng::Connection const& connection);
 };

+/**
+ * @brief A function object that is called when the IP of a connection changes (usually if proxy detected).
+ * This is used to update the DOS guard.
+ */
+class IpChangeHook {
+    std::reference_wrapper<web::dosguard::DOSGuardInterface> dosguard_;
+
+public:
+    /**
+     * @brief Construct a new IpChangeHook object.
+     *
+     * @param dosguard The DOS guard to use.
+     */
+    IpChangeHook(web::dosguard::DOSGuardInterface& dosguard);
+
+    /**
+     * @brief The call of the function object.
+     *
+     * @param oldIp The old IP of the connection.
+     * @param newIp The new IP of the connection.
+     */
+    void
+    operator()(std::string const& oldIp, std::string const& newIp);
+};
+
 /**
 * @brief A function object to be called when a connection is disconnected.
 */