sneak/upaas
1
0
Fork 0
Code Issues 6 Pull Requests 6 Actions Packages Projects Releases 1 Wiki Activity

fix: address review findings for observability PR
All checks were successful
Check / check (pull_request) Successful in 1m42s
Details

Browse Source 
1. Security: Replace insecure extractRemoteIP() in audit service with
   middleware.RealIP() which validates trusted proxies before trusting
   X-Real-IP/X-Forwarded-For headers. Export RealIP from middleware.
   Update audit tests to verify anti-spoofing behavior.

2. Audit coverage: Add audit instrumentation to all 9 handlers that
   had dead action constants: HandleEnvVarSave, HandleLabelAdd,
   HandleLabelEdit, HandleLabelDelete, HandleVolumeAdd, HandleVolumeEdit,
   HandleVolumeDelete, HandlePortAdd, HandlePortDelete.

3. README: Fix API path from /api/audit to /api/v1/audit.

4. README: Fix duplicate numbering in DI order section (items 10-11
   were listed twice, now correctly numbered 10-16).
This commit is contained in:
clawbot
2026-03-17 02:52:34 -07:00
parent f558e2cdd8
commit ef109b9513
6 changed files with 79 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/middleware/middleware.go
View File

@@ -105,7 +105,7 @@ func (m *Middleware) Logging() func(http.Handler) http.Handler {
"request_id", reqID,
"referer", request.Referer(),
"proto", request.Proto,
"remoteIP", realIP(request),
"remoteIP", RealIP(request),
"status", lrw.statusCode,
"bytes", lrw.bytesWritten,
"latency_ms", latency.Milliseconds(),
@@ -170,11 +170,11 @@ func isTrustedProxy(ip net.IP) bool {
return false
}
// realIP extracts the client's real IP address from the request.
// RealIP extracts the client's real IP address from the request.
// Proxy headers (X-Real-IP, X-Forwarded-For) are only trusted when the
// direct connection originates from an RFC1918/loopback address.
// Otherwise, headers are ignored and RemoteAddr is used (fail closed).
func realIP(r *http.Request) string {
func RealIP(r *http.Request) string {
addr := ipFromHostPort(r.RemoteAddr)
remoteIP := net.ParseIP(addr)
@@ -365,7 +365,7 @@ func (m *Middleware) LoginRateLimit() func(http.Handler) http.Handler {
writer http.ResponseWriter,
request *http.Request,
) {
ip := realIP(request)
ip := RealIP(request)
limiter := loginLimiter.getLimiter(ip)
if !limiter.Allow() {

6
internal/middleware/realip_test.go
View File

@@ -1,4 +1,4 @@
package middleware //nolint:testpackage // tests unexported realIP function
package middleware //nolint:testpackage // tests RealIP via internal package access
import (
"context"
@@ -126,9 +126,9 @@ func TestRealIP(t *testing.T) { //nolint:funlen // table-driven test
req.Header.Set("X-Forwarded-For", tt.xff)
}
got := realIP(req)
got := RealIP(req)
if got != tt.want {
t.Errorf("realIP() = %q, want %q", got, tt.want)
t.Errorf("RealIP() = %q, want %q", got, tt.want)
}
})
}