Use upstream remote_ip package

2026-05-13 20:04:12 +04:00 · 2026-05-13 20:04:12 +04:00 · c92d233233
commit c92d233233
parent 2db3a9c04d
7 changed files with 85 additions and 10 deletions
--- a/lib/pleroma/web/plugs/remote_ip.ex
+++ b/lib/pleroma/web/plugs/remote_ip.ex
@ -4,7 +4,7 @@

 defmodule Pleroma.Web.Plugs.RemoteIp do
  @moduledoc """
-  This is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
+  This is a shim to call [`RemoteIp`](https://hex.pm/packages/remote_ip) but with runtime configuration.
  """

  alias Pleroma.Config
@ -17,15 +17,29 @@ defmodule Pleroma.Web.Plugs.RemoteIp do

  def call(%{remote_ip: original_remote_ip} = conn, _) do
    if Config.get([__MODULE__, :enabled]) do
-      %{remote_ip: new_remote_ip} = conn = RemoteIp.call(conn, remote_ip_opts())
+      new_remote_ip = remote_ip(conn) || original_remote_ip
+
+      conn = %{conn | remote_ip: new_remote_ip}
      assign(conn, :remote_ip_found, original_remote_ip != new_remote_ip)
    else
      conn
    end
  end

+  defp remote_ip(conn) do
+    opts = remote_ip_opts()
+
+    # Do not use RemoteIp.from/2 here: upstream remote_ip always applies its
+    # built-in reserved ranges. Pleroma keeps :reserved configurable, so reuse
+    # only the header parsing and apply Pleroma's own block classification.
+    conn.req_headers
+    |> RemoteIp.Headers.take(opts[:headers])
+    |> RemoteIp.Headers.parse()
+    |> Enum.reverse()
+    |> Enum.find(&client?(&1, opts))
+  end
+
  defp remote_ip_opts do
-    headers = Config.get([__MODULE__, :headers], []) |> MapSet.new()
    reserved = Config.get([__MODULE__, :reserved], [])

    proxies =
@ -33,6 +47,26 @@ defmodule Pleroma.Web.Plugs.RemoteIp do
      |> Enum.concat(reserved)
      |> Enum.map(&InetHelper.parse_cidr/1)

-    {headers, proxies}
+    clients =
+      Config.get([__MODULE__, :clients], [])
+      |> Enum.map(&InetHelper.parse_cidr/1)
+
+    [
+      headers: Config.get([__MODULE__, :headers], []),
+      clients: clients,
+      proxies: proxies
+    ]
+  end
+
+  defp client?(ip, opts) do
+    client_ip?(ip, opts[:clients]) || !proxy_ip?(ip, opts[:proxies])
+  end
+
+  defp client_ip?(ip, clients) do
+    Enum.any?(clients, &InetCidr.contains?(&1, ip))
+  end
+
+  defp proxy_ip?(ip, proxies) do
+    Enum.any?(proxies, &InetCidr.contains?(&1, ip))
  end
 end