backend/libs/services/proxy.go

package services

import (
	"context"
	"net"
	"net/http"
	"strings"
)

type clientIPContextKey struct{}

func WithClientIP(r *http.Request, ip string) *http.Request {
	return r.WithContext(context.WithValue(r.Context(), clientIPContextKey{}, ip))
}

func ClientIPFromContext(r *http.Request) (string, bool) {
	ip, ok := r.Context().Value(clientIPContextKey{}).(string)
	return ip, ok && ip != ""
}

// ClientIP resolves the effective client IP. When trustedProxies is empty,
// forwarded headers are trusted for easy reverse-proxy/container defaults.
func ClientIP(remoteAddr, forwardedFor, realIP string, trustedProxies []string) string {
	remoteIP := IPOnly(remoteAddr)
	if len(trustedProxies) == 0 || remoteTrusted(remoteIP, trustedProxies) {
		if ip := firstForwardedIP(forwardedFor); ip != "" {
			return IPOnly(ip)
		}
		if ip := strings.TrimSpace(realIP); ip != "" {
			return IPOnly(ip)
		}
	}
	return remoteIP
}

func IPOnly(remoteAddr string) string {
	host := strings.TrimSpace(remoteAddr)
	if splitHost, _, err := net.SplitHostPort(remoteAddr); err == nil {
		host = splitHost
	}
	return strings.Trim(host, "[]")
}

func IsProtectedProxyIP(ip string, trustedProxies []string) bool {
	parsed := net.ParseIP(IPOnly(ip))
	if parsed == nil {
		return false
	}
	if parsed.IsLoopback() {
		return true
	}
	return remoteTrusted(parsed.String(), trustedProxies)
}

func ProtectedBanTarget(target string, trustedProxies []string) bool {
	normalized, err := NormalizeBanTarget(target)
	if err != nil {
		return false
	}
	if !strings.Contains(normalized, "/") {
		return IsProtectedProxyIP(normalized, trustedProxies)
	}
	_, targetNet, err := net.ParseCIDR(normalized)
	if err != nil {
		return false
	}
	if targetNet.Contains(net.ParseIP("127.0.0.1")) || targetNet.Contains(net.ParseIP("::1")) {
		return true
	}
	for _, trusted := range trustedProxies {
		trusted = strings.TrimSpace(trusted)
		if trusted == "" {
			continue
		}
		if strings.Contains(trusted, "/") {
			if _, trustedNet, err := net.ParseCIDR(trusted); err == nil && networksOverlap(targetNet, trustedNet) {
				return true
			}
			continue
		}
		if ip := net.ParseIP(IPOnly(trusted)); ip != nil && targetNet.Contains(ip) {
			return true
		}
	}
	return false
}

func firstForwardedIP(forwardedFor string) string {
	var fallback string
	for _, part := range strings.Split(forwardedFor, ",") {
		ip := IPOnly(part)
		if net.ParseIP(ip) == nil {
			continue
		}
		if fallback == "" {
			fallback = ip
		}
		if isExternalIP(ip) {
			return ip
		}
	}
	return fallback
}

func remoteTrusted(remoteIP string, trustedProxies []string) bool {
	parsed := net.ParseIP(remoteIP)
	if parsed == nil {
		return false
	}
	for _, trusted := range trustedProxies {
		trusted = strings.TrimSpace(trusted)
		if trusted == "" {
			continue
		}
		if strings.Contains(trusted, "/") {
			if _, network, err := net.ParseCIDR(trusted); err == nil && network.Contains(parsed) {
				return true
			}
			continue
		}
		if ip := net.ParseIP(trusted); ip != nil && ip.Equal(parsed) {
			return true
		}
	}
	return false
}

func isExternalIP(ip string) bool {
	parsed := net.ParseIP(IPOnly(ip))
	return parsed != nil &&
		!parsed.IsLoopback() &&
		!parsed.IsPrivate() &&
		!parsed.IsLinkLocalUnicast() &&
		!parsed.IsLinkLocalMulticast() &&
		!parsed.IsUnspecified()
}

func networksOverlap(a, b *net.IPNet) bool {
	return a.Contains(b.IP) || b.Contains(a.IP)
}
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`package services`

			`import (`
			`"context"`
			`"net"`
			`"net/http"`
			`"strings"`
			`)`

			`type clientIPContextKey struct{}`

			`func WithClientIP(r http.Request, ip string) http.Request {`
			`return r.WithContext(context.WithValue(r.Context(), clientIPContextKey{}, ip))`
			`}`

			`func ClientIPFromContext(r *http.Request) (string, bool) {`
			`ip, ok := r.Context().Value(clientIPContextKey{}).(string)`
			`return ip, ok && ip != ""`
			`}`

			`// ClientIP resolves the effective client IP. When trustedProxies is empty,`
			`// forwarded headers are trusted for easy reverse-proxy/container defaults.`
			`func ClientIP(remoteAddr, forwardedFor, realIP string, trustedProxies []string) string {`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`remoteIP := IPOnly(remoteAddr)`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`if len(trustedProxies) == 0 \|\| remoteTrusted(remoteIP, trustedProxies) {`
			`if ip := firstForwardedIP(forwardedFor); ip != "" {`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`return IPOnly(ip)`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`}`
			`if ip := strings.TrimSpace(realIP); ip != "" {`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`return IPOnly(ip)`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`}`
			`}`
			`return remoteIP`
			`}`

feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`func IPOnly(remoteAddr string) string {`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`host := strings.TrimSpace(remoteAddr)`
			`if splitHost, _, err := net.SplitHostPort(remoteAddr); err == nil {`
			`host = splitHost`
			`}`
			`return strings.Trim(host, "[]")`
			`}`

feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`func IsProtectedProxyIP(ip string, trustedProxies []string) bool {`
			`parsed := net.ParseIP(IPOnly(ip))`
			`if parsed == nil {`
			`return false`
			`}`
			`if parsed.IsLoopback() {`
			`return true`
			`}`
			`return remoteTrusted(parsed.String(), trustedProxies)`
			`}`

			`func ProtectedBanTarget(target string, trustedProxies []string) bool {`
			`normalized, err := NormalizeBanTarget(target)`
			`if err != nil {`
			`return false`
			`}`
			`if !strings.Contains(normalized, "/") {`
			`return IsProtectedProxyIP(normalized, trustedProxies)`
			`}`
			`_, targetNet, err := net.ParseCIDR(normalized)`
			`if err != nil {`
			`return false`
			`}`
			`if targetNet.Contains(net.ParseIP("127.0.0.1")) \|\| targetNet.Contains(net.ParseIP("::1")) {`
			`return true`
			`}`
			`for _, trusted := range trustedProxies {`
			`trusted = strings.TrimSpace(trusted)`
			`if trusted == "" {`
			`continue`
			`}`
			`if strings.Contains(trusted, "/") {`
			`if _, trustedNet, err := net.ParseCIDR(trusted); err == nil && networksOverlap(targetNet, trustedNet) {`
			`return true`
			`}`
			`continue`
			`}`
			`if ip := net.ParseIP(IPOnly(trusted)); ip != nil && targetNet.Contains(ip) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`func firstForwardedIP(forwardedFor string) string {`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`var fallback string`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`for _, part := range strings.Split(forwardedFor, ",") {`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`ip := IPOnly(part)`
			`if net.ParseIP(ip) == nil {`
			`continue`
			`}`
			`if fallback == "" {`
			`fallback = ip`
			`}`
			`if isExternalIP(ip) {`
			`return ip`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`}`
			`}`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00			`return fallback`
feat(security): add trusted proxies and abuse event cleanup - Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide. 2026-05-31 21:52:56 +03:00			`}`

			`func remoteTrusted(remoteIP string, trustedProxies []string) bool {`
			`parsed := net.ParseIP(remoteIP)`
			`if parsed == nil {`
			`return false`
			`}`
			`for _, trusted := range trustedProxies {`
			`trusted = strings.TrimSpace(trusted)`
			`if trusted == "" {`
			`continue`
			`}`
			`if strings.Contains(trusted, "/") {`
			`if _, network, err := net.ParseCIDR(trusted); err == nil && network.Contains(parsed) {`
			`return true`
			`}`
			`continue`
			`}`
			`if ip := net.ParseIP(trusted); ip != nil && ip.Equal(parsed) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`
feat(storage): support deleting backends and improve admin UI - Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed. - Add unit tests covering the delete action and its cleanup side effects. - Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names. - Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans. 2026-06-01 02:24:51 +03:00
			`func isExternalIP(ip string) bool {`
			`parsed := net.ParseIP(IPOnly(ip))`
			`return parsed != nil &&`
			`!parsed.IsLoopback() &&`
			`!parsed.IsPrivate() &&`
			`!parsed.IsLinkLocalUnicast() &&`
			`!parsed.IsLinkLocalMulticast() &&`
			`!parsed.IsUnspecified()`
			`}`

			`func networksOverlap(a, b *net.IPNet) bool {`
			`return a.Contains(b.IP) \|\| b.Contains(a.IP)`
			`}`