From 3a6dbf859526f04161aa81f4cd97c617030b9372 Mon Sep 17 00:00:00 2001
From: Paul Pan <i@0x7f.app>
Date: Fri, 5 Jan 2024 00:38:28 +0800
Subject: [PATCH] feat: allow to override ClientIP logic in gin

---
 config.docker.yaml            |  1 +
 docker-entrypoint.sh          |  1 +
 internal/model/config.go      |  1 +
 internal/web/router/router.go | 16 ++++++++++++----
 internal/web/web.go           |  1 -
 5 files changed, 15 insertions(+), 5 deletions(-)
 delete mode 100644 internal/web/web.go

diff --git a/config.docker.yaml b/config.docker.yaml
index 73ca4bc..0d97c24 100644
--- a/config.docker.yaml
+++ b/config.docker.yaml
@@ -2,6 +2,7 @@ WebServer:
   Address: ${WEB_SERVER_ADDRESS}
   Port: ${WEB_SERVER_PORT}
   PublicBase: ${WEB_SERVER_PUBLIC_BASE}
+  TrustedPlatform: ${WEB_SERVER_TRUSTED_PLATFORM}
   JwtSigningKey: ${WEB_SERVER_JWT_SIGNING_KEY}
   JwtExpireHour: ${WEB_SERVER_JWT_EXPIRE_HOUR}
   OAuthDomain: ${WEB_SERVER_OAUTH_DOMAIN}
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 1062688..e05bb12 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -37,6 +37,7 @@ function check_env() {
 check_env "WEB_SERVER_ADDRESS" "0.0.0.0" true
 check_env "WEB_SERVER_PORT" 8000 false
 check_env "WEB_SERVER_PUBLIC_BASE" "http://127.0.0.1:8000" true
+check_env "WEB_SERVER_TRUSTED_PLATFORM" "" true
 check_env "WEB_SERVER_JWT_SIGNING_KEY" "$(head -n 10 /dev/urandom | md5sum | cut -c 1-32)" true
 check_env "WEB_SERVER_JWT_EXPIRE_HOUR" 12 false
 check_env "WEB_SERVER_OAUTH_DOMAIN" "" true
diff --git a/internal/model/config.go b/internal/model/config.go
index 2bc574a..71d09cd 100644
--- a/internal/model/config.go
+++ b/internal/model/config.go
@@ -4,6 +4,7 @@ type ConfigWebServer struct {
 	Address           string `yaml:"Address"`
 	Port              int    `yaml:"Port"`
 	PublicBase        string `yaml:"PublicBase"`
+	TrustedPlatform   string `yaml:"TrustedPlatform"`
 	JwtSigningKey     string `yaml:"JwtSigningKey"`
 	JwtExpireHour     int    `yaml:"JwtExpireHour"`
 	OAuthDomain       string `yaml:"OAuthDomain"`
diff --git a/internal/web/router/router.go b/internal/web/router/router.go
index db3825e..2badd5a 100644
--- a/internal/web/router/router.go
+++ b/internal/web/router/router.go
@@ -64,15 +64,20 @@ func (s *service) initRouters(conf *model.Config, injector *do.Injector) *gin.En
 	gin.SetMode(utils.If[string](conf.Development, gin.DebugMode, gin.ReleaseMode))
 
 	r := gin.New()
-	r.MaxMultipartMemory = 8 << 20 // 8MB
+
+	// +--------------+
+	// |Configurations|
+	// +--------------+
+
+	if conf.WebServer.TrustedPlatform != "" {
+		// Extract Origin IP
+		r.TrustedPlatform = conf.WebServer.TrustedPlatform
+	}
 
 	// +-----------+
 	// |Middlewares|
 	// +-----------+
 
-	// static files - must before sentry
-	r.Use(static.Serve("/", static.LocalFile("./resource/frontend", true)))
-
 	// Sentry middleware
 	r.Use(sentrygin.New(sentrygin.Options{Repanic: true}))
 
@@ -141,6 +146,9 @@ func (s *service) initRouters(conf *model.Config, injector *do.Injector) *gin.En
 		r.GET(s.oauth.GetCallbackPath(), s.oauth.CallbackHandler())
 	}
 
+	// static files
+	r.Use(static.Serve("/", static.LocalFile("./resource/frontend", true)))
+
 	// fallback to frontend
 	r.NoRoute(func(c *gin.Context) {
 		c.File("./resource/frontend/index.html")
diff --git a/internal/web/web.go b/internal/web/web.go
deleted file mode 100644
index efb3895..0000000
--- a/internal/web/web.go
+++ /dev/null
@@ -1 +0,0 @@
-package web