feat: Proxy support (#2490)

Add client IP resolving support in case when there is a proxy in front
of Clio.

src/util/CMakeLists.txt

@@ -24,6 +24,7 @@ target_sources(
           requests/WsConnection.cpp
           requests/impl/SslContext.cpp
           ResponseExpirationCache.cpp
+          Shasum.cpp
           SignalsHandler.cpp
           StopHelper.cpp
           StringHash.cpp

src/util/Shasum.cpp

@@ -0,0 +1,48 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of clio: https://github.com/XRPLF/clio
+    Copyright (c) 2025, the clio developers.
+
+    Permission to use, copy, modify, and distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL,  DIRECT,  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#include "util/Shasum.hpp"
+
+#include <xrpl/basics/base_uint.h>
+#include <xrpl/protocol/digest.h>
+
+#include <cstring>
+#include <string>
+#include <string_view>
+
+namespace util {
+
+ripple::uint256
+sha256sum(std::string_view s)
+{
+    ripple::sha256_hasher hasher;
+    hasher(s.data(), s.size());
+    auto const hashData = static_cast<ripple::sha256_hasher::result_type>(hasher);
+    ripple::uint256 sha256;
+    std::memcpy(sha256.data(), hashData.data(), hashData.size());
+    return sha256;
+}
+
+std::string
+sha256sumString(std::string_view s)
+{
+    return ripple::to_string(sha256sum(s));
+}
+
+}  // namespace util

src/util/Shasum.hpp

@@ -0,0 +1,46 @@
+//------------------------------------------------------------------------------
+/*
+    This file is part of clio: https://github.com/XRPLF/clio
+    Copyright (c) 2025, the clio developers.
+
+    Permission to use, copy, modify, and distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE  SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH  REGARD  TO  THIS  SOFTWARE  INCLUDING  ALL  IMPLIED  WARRANTIES  OF
+    MERCHANTABILITY  AND  FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY  SPECIAL,  DIRECT,  INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER  RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION  OF  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+//==============================================================================
+
+#pragma once
+
+#include <xrpl/basics/base_uint.h>
+
+#include <string>
+#include <string_view>
+
+namespace util {
+/**
+ * @brief Calculates the SHA256 sum of a string.
+ *
+ * @param s The string to hash.
+ * @return The SHA256 sum as a ripple::uint256.
+ */
+ripple::uint256
+sha256sum(std::string_view s);
+
+/**
+ * @brief Calculates the SHA256 sum of a string and returns it as a hex string.
+ *
+ * @param s The string to hash.
+ * @return The SHA256 sum as a hex string.
+ */
+std::string
+sha256sumString(std::string_view s);
+
+}  // namespace util

src/util/config/ConfigDefinition.cpp

@@ -337,6 +337,8 @@ getClioConfig()
          {"server.ws_max_sending_queue_size",
           ConfigValue{ConfigType::Integer}.defaultValue(1500).withConstraint(gValidateUint32)},
          {"server.__ng_web_server", ConfigValue{ConfigType::Boolean}.defaultValue(false)},
+         {"server.proxy.ips.[]", Array{ConfigValue{ConfigType::String}}},
+         {"server.proxy.tokens.[]", Array{ConfigValue{ConfigType::String}}},
 
          {"prometheus.enabled", ConfigValue{ConfigType::Boolean}.defaultValue(true)},
          {"prometheus.compress_reply", ConfigValue{ConfigType::Boolean}.defaultValue(true)},

src/util/config/ConfigDescription.hpp

@@ -236,6 +236,16 @@ This document provides a list of all available Clio configuration properties in
         KV{.key = "server.ws_max_sending_queue_size",
            .value = "Maximum queue size for sending subscription data to clients. This queue buffers data when a "
                     "client is slow to receive it, ensuring delivery once the client is ready."},
+        KV{.key = "server.proxy.ips.[]",
+           .value = "List of proxy ip addresses. When Clio receives a request from proxy it will use "
+                    "`Forwarded` value (if any) as client ip. When this option is used together with "
+                    "`server.proxy.tokens` Clio will identify proxy by ip or by token."},
+        KV{.key = "server.proxy.tokens.[]",
+           .value = "List of tokens in identifying request as a request from proxy. Token should be provided in "
+                    "`X-Proxy-Token` header, e.g. "
+                    "`X-Proxy-Token: <very_secret_token>'. When Clio receives a request from proxy "
+                    "it will use 'Forwarded` value (if any) to get client ip. When this option is used together with "
+                    "'server.proxy.ips' Clio will identify proxy by ip or by token."},
         KV{.key = "prometheus.enabled", .value = "Enables or disables Prometheus metrics."},
         KV{.key = "prometheus.compress_reply", .value = "Enables or disables compression of Prometheus responses."},
         KV{.key = "io_threads",