github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 12:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): trim trusted proxy entries before matching

Browse Source
This commit is contained in:
Rain
2026-02-16 21:28:24 +08:00
committed by Peter Steinberger
parent e24e465c00
commit d3698f4eb6
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gateway/net.test.ts
View File

@@ -22,6 +22,10 @@ describe("isTrustedProxyAddress", () => {
true, true,
); );
}); });
it("ignores surrounding whitespace in exact IP entries", () => {
expect(isTrustedProxyAddress("10.0.0.5", [" 10.0.0.5 "])).toBe(true);
});
}); });
describe("CIDR subnet matching", () => { describe("CIDR subnet matching", () => {
@@ -101,6 +105,10 @@ describe("isTrustedProxyAddress", () => {
expect(isTrustedProxyAddress("10.42.0.59", ["10.42.0.0/-1"])).toBe(false); // negative prefix expect(isTrustedProxyAddress("10.42.0.59", ["10.42.0.0/-1"])).toBe(false); // negative prefix
expect(isTrustedProxyAddress("10.42.0.59", ["invalid/24"])).toBe(false); // invalid IP expect(isTrustedProxyAddress("10.42.0.59", ["invalid/24"])).toBe(false); // invalid IP
}); });
it("ignores surrounding whitespace in CIDR entries", () => {
expect(isTrustedProxyAddress("10.42.0.59", [" 10.42.0.0/24 "])).toBe(true);
});
}); });
}); });

10
src/gateway/net.ts
View File

@@ -210,12 +210,16 @@ export function isTrustedProxyAddress(ip: string | undefined, trustedProxies?: s
} }
return trustedProxies.some((proxy) => { return trustedProxies.some((proxy) => {
const candidate = proxy.trim();
if (!candidate) {
return false;
}
// Handle CIDR notation // Handle CIDR notation
if (proxy.includes("/")) { if (candidate.includes("/")) {
return ipMatchesCIDR(normalized, proxy); return ipMatchesCIDR(normalized, candidate);
} }
// Exact IP match // Exact IP match
return normalizeIp(proxy) === normalized; return normalizeIp(candidate) === normalized;
}); });
} }