From 487f92ac557461f45a46c6823f8e4d13a806b62d Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Mon, 12 Feb 2024 22:44:44 +0100 Subject: [PATCH] hls: in logs, store both ip and port of incoming requests (#3013) --- internal/protocols/httpserv/remote_addr.go | 15 +++++++++++++++ internal/servers/hls/http_server.go | 6 +----- internal/servers/hls/server.go | 3 ++- internal/servers/webrtc/http_server.go | 12 +++--------- 4 files changed, 21 insertions(+), 15 deletions(-) create mode 100644 internal/protocols/httpserv/remote_addr.go diff --git a/internal/protocols/httpserv/remote_addr.go b/internal/protocols/httpserv/remote_addr.go new file mode 100644 index 00000000000..cbee6a6dedb --- /dev/null +++ b/internal/protocols/httpserv/remote_addr.go @@ -0,0 +1,15 @@ +package httpserv + +import ( + "net" + + "github.com/gin-gonic/gin" +) + +// RemoteAddr returns the remote address of an HTTP client, +// with the IP replaced by the real IP passed by any proxy in between. +func RemoteAddr(ctx *gin.Context) string { + ip := ctx.ClientIP() + _, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr) + return net.JoinHostPort(ip, port) +} diff --git a/internal/servers/hls/http_server.go b/internal/servers/hls/http_server.go index 6d9c01dd05d..94de2366940 100644 --- a/internal/servers/hls/http_server.go +++ b/internal/servers/hls/http_server.go @@ -170,11 +170,7 @@ func (s *httpServer) onRequest(ctx *gin.Context) { return } - ip := ctx.ClientIP() - _, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr) - remoteAddr := net.JoinHostPort(ip, port) - - s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message) + s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message) // wait some seconds to mitigate brute force attacks <-time.After(pauseAfterAuthError) diff --git a/internal/servers/hls/server.go b/internal/servers/hls/server.go index 0abb3564b20..2a7553c5b2d 100644 --- a/internal/servers/hls/server.go +++ b/internal/servers/hls/server.go @@ -11,6 +11,7 @@ import ( "github.com/bluenviron/mediamtx/internal/conf" "github.com/bluenviron/mediamtx/internal/defs" "github.com/bluenviron/mediamtx/internal/logger" + "github.com/bluenviron/mediamtx/internal/protocols/httpserv" ) // ErrMuxerNotFound is returned when a muxer is not found. @@ -153,7 +154,7 @@ outer: r.processRequest(&req) default: - r := s.createMuxer(req.path, req.ctx.ClientIP()) + r := s.createMuxer(req.path, httpserv.RemoteAddr(req.ctx)) r.processRequest(&req) } diff --git a/internal/servers/webrtc/http_server.go b/internal/servers/webrtc/http_server.go index 10c78bc26e6..afd6f84ddc6 100644 --- a/internal/servers/webrtc/http_server.go +++ b/internal/servers/webrtc/http_server.go @@ -107,9 +107,6 @@ func (s *httpServer) close() { } func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publish bool) bool { - ip := ctx.ClientIP() - _, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr) - remoteAddr := net.JoinHostPort(ip, port) user, pass, hasCredentials := ctx.Request.BasicAuth() res := s.pathManager.FindPathConf(defs.PathFindPathConfReq{ @@ -117,7 +114,7 @@ func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publ Name: path, Query: ctx.Request.URL.RawQuery, Publish: publish, - IP: net.ParseIP(ip), + IP: net.ParseIP(ctx.ClientIP()), User: user, Pass: pass, Proto: defs.AuthProtocolWebRTC, @@ -132,7 +129,7 @@ func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publ return false } - s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message) + s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message) // wait some seconds to mitigate brute force attacks <-time.After(pauseAfterAuthError) @@ -177,14 +174,11 @@ func (s *httpServer) onWHIPPost(ctx *gin.Context, path string, publish bool) { return } - ip := ctx.ClientIP() - _, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr) - remoteAddr := net.JoinHostPort(ip, port) user, pass, _ := ctx.Request.BasicAuth() res := s.parent.newSession(webRTCNewSessionReq{ pathName: path, - remoteAddr: remoteAddr, + remoteAddr: httpserv.RemoteAddr(ctx), query: ctx.Request.URL.RawQuery, user: user, pass: pass,