hls: in logs, store both ip and port of incoming requests (#3013)

bluenviron · Feb 12, 2024 · 487f92a · 487f92a
1 parent df3dfea
commit 487f92a
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 15 deletions.
diff --git a/internal/protocols/httpserv/remote_addr.go b/internal/protocols/httpserv/remote_addr.go
@@ -0,0 +1,15 @@
+package httpserv
+
+import (
+	"net"
+
+	"github.com/gin-gonic/gin"
+)
+
+// RemoteAddr returns the remote address of an HTTP client,
+// with the IP replaced by the real IP passed by any proxy in between.
+func RemoteAddr(ctx *gin.Context) string {
+	ip := ctx.ClientIP()
+	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
+	return net.JoinHostPort(ip, port)
+}
diff --git a/internal/servers/hls/http_server.go b/internal/servers/hls/http_server.go
@@ -170,11 +170,7 @@ func (s *httpServer) onRequest(ctx *gin.Context) {
 				return
 			}
 
-			ip := ctx.ClientIP()
-			_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-			remoteAddr := net.JoinHostPort(ip, port)
-
-			s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message)
+			s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message)
 
 			// wait some seconds to mitigate brute force attacks
 			<-time.After(pauseAfterAuthError)

diff --git a/internal/servers/hls/server.go b/internal/servers/hls/server.go
@@ -11,6 +11,7 @@ import (
 	"github.com/bluenviron/mediamtx/internal/conf"
 	"github.com/bluenviron/mediamtx/internal/defs"
 	"github.com/bluenviron/mediamtx/internal/logger"
+	"github.com/bluenviron/mediamtx/internal/protocols/httpserv"
 )
 
 // ErrMuxerNotFound is returned when a muxer is not found.
@@ -153,7 +154,7 @@ outer:
 				r.processRequest(&req)
 
 			default:
-				r := s.createMuxer(req.path, req.ctx.ClientIP())
+				r := s.createMuxer(req.path, httpserv.RemoteAddr(req.ctx))
 				r.processRequest(&req)
 			}
 

diff --git a/internal/servers/webrtc/http_server.go b/internal/servers/webrtc/http_server.go
@@ -107,17 +107,14 @@ func (s *httpServer) close() {
 }
 
 func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publish bool) bool {
-	ip := ctx.ClientIP()
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-	remoteAddr := net.JoinHostPort(ip, port)
 	user, pass, hasCredentials := ctx.Request.BasicAuth()
 
 	res := s.pathManager.FindPathConf(defs.PathFindPathConfReq{
 		AccessRequest: defs.PathAccessRequest{
 			Name:    path,
 			Query:   ctx.Request.URL.RawQuery,
 			Publish: publish,
-			IP:      net.ParseIP(ip),
+			IP:      net.ParseIP(ctx.ClientIP()),
 			User:    user,
 			Pass:    pass,
 			Proto:   defs.AuthProtocolWebRTC,
@@ -132,7 +129,7 @@ func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publ
 				return false
 			}
 
-			s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message)
+			s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message)
 
 			// wait some seconds to mitigate brute force attacks
 			<-time.After(pauseAfterAuthError)
@@ -177,14 +174,11 @@ func (s *httpServer) onWHIPPost(ctx *gin.Context, path string, publish bool) {
 		return
 	}
 
-	ip := ctx.ClientIP()
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-	remoteAddr := net.JoinHostPort(ip, port)
 	user, pass, _ := ctx.Request.BasicAuth()
 
 	res := s.parent.newSession(webRTCNewSessionReq{
 		pathName:   path,
-		remoteAddr: remoteAddr,
+		remoteAddr: httpserv.RemoteAddr(ctx),
 		query:      ctx.Request.URL.RawQuery,
 		user:       user,
 		pass:       pass,