github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 16:21:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): trim trusted proxy entries before matching

Browse Source
This commit is contained in:
Rain
2026-02-16 21:28:24 +08:00
committed by Peter Steinberger
parent e24e465c00
commit d3698f4eb6
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gateway/net.test.ts
View File

@@ -22,6 +22,10 @@ describe("isTrustedProxyAddress", () => {
true,
);
});
it("ignores surrounding whitespace in exact IP entries", () => {
expect(isTrustedProxyAddress("10.0.0.5", [" 10.0.0.5 "])).toBe(true);
});
});
describe("CIDR subnet matching", () => {
@@ -101,6 +105,10 @@ describe("isTrustedProxyAddress", () => {
expect(isTrustedProxyAddress("10.42.0.59", ["10.42.0.0/-1"])).toBe(false); // negative prefix
expect(isTrustedProxyAddress("10.42.0.59", ["invalid/24"])).toBe(false); // invalid IP
});
it("ignores surrounding whitespace in CIDR entries", () => {
expect(isTrustedProxyAddress("10.42.0.59", [" 10.42.0.0/24 "])).toBe(true);
});
});
});

10
src/gateway/net.ts
View File

@@ -210,12 +210,16 @@ export function isTrustedProxyAddress(ip: string | undefined, trustedProxies?: s
}
return trustedProxies.some((proxy) => {
const candidate = proxy.trim();
if (!candidate) {
return false;
}
// Handle CIDR notation
if (proxy.includes("/")) {
return ipMatchesCIDR(normalized, proxy);
if (candidate.includes("/")) {
return ipMatchesCIDR(normalized, candidate);
}
// Exact IP match
return normalizeIp(proxy) === normalized;
return normalizeIp(candidate) === normalized;
});
}