hls: in logs, store both ip and port of incoming requests (#3013)

2024-02-12 22:44:44 +01:00 · 2024-02-12 22:44:44 +01:00 · 487f92ac55
commit 487f92ac55
parent df3dfea132
4 changed files with 21 additions and 15 deletions
--- a/internal/protocols/httpserv/remote_addr.go
+++ b/internal/protocols/httpserv/remote_addr.go
@ -0,0 +1,15 @@
+package httpserv
+
+import (
+	"net"
+
+	"github.com/gin-gonic/gin"
+)
+
+// RemoteAddr returns the remote address of an HTTP client,
+// with the IP replaced by the real IP passed by any proxy in between.
+func RemoteAddr(ctx *gin.Context) string {
+	ip := ctx.ClientIP()
+	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
+	return net.JoinHostPort(ip, port)
+}
--- a/internal/servers/hls/http_server.go
+++ b/internal/servers/hls/http_server.go
@ -170,11 +170,7 @@ func (s *httpServer) onRequest(ctx *gin.Context) {
 				return
 			}

-			ip := ctx.ClientIP()
-			_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-			remoteAddr := net.JoinHostPort(ip, port)
-
-			s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message)
+			s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message)

 			// wait some seconds to mitigate brute force attacks
 			<-time.After(pauseAfterAuthError)
--- a/internal/servers/hls/server.go
+++ b/internal/servers/hls/server.go
@ -11,6 +11,7 @@ import (
 	"github.com/bluenviron/mediamtx/internal/conf"
 	"github.com/bluenviron/mediamtx/internal/defs"
 	"github.com/bluenviron/mediamtx/internal/logger"
+	"github.com/bluenviron/mediamtx/internal/protocols/httpserv"
 )

 // ErrMuxerNotFound is returned when a muxer is not found.
@ -153,7 +154,7 @@ outer:
 				r.processRequest(&req)

 			default:
-				r := s.createMuxer(req.path, req.ctx.ClientIP())
+				r := s.createMuxer(req.path, httpserv.RemoteAddr(req.ctx))
 				r.processRequest(&req)
 			}

--- a/internal/servers/webrtc/http_server.go
+++ b/internal/servers/webrtc/http_server.go
@ -107,9 +107,6 @@ func (s *httpServer) close() {
 }

 func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publish bool) bool {
-	ip := ctx.ClientIP()
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-	remoteAddr := net.JoinHostPort(ip, port)
 	user, pass, hasCredentials := ctx.Request.BasicAuth()

 	res := s.pathManager.FindPathConf(defs.PathFindPathConfReq{
@ -117,7 +114,7 @@ func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publ
 			Name:    path,
 			Query:   ctx.Request.URL.RawQuery,
 			Publish: publish,
-			IP:      net.ParseIP(ip),
+			IP:      net.ParseIP(ctx.ClientIP()),
 			User:    user,
 			Pass:    pass,
 			Proto:   defs.AuthProtocolWebRTC,
@ -132,7 +129,7 @@ func (s *httpServer) checkAuthOutsideSession(ctx *gin.Context, path string, publ
 				return false
 			}

-			s.Log(logger.Info, "connection %v failed to authenticate: %v", remoteAddr, terr.Message)
+			s.Log(logger.Info, "connection %v failed to authenticate: %v", httpserv.RemoteAddr(ctx), terr.Message)

 			// wait some seconds to mitigate brute force attacks
 			<-time.After(pauseAfterAuthError)
@ -177,14 +174,11 @@ func (s *httpServer) onWHIPPost(ctx *gin.Context, path string, publish bool) {
 		return
 	}

-	ip := ctx.ClientIP()
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
-	remoteAddr := net.JoinHostPort(ip, port)
 	user, pass, _ := ctx.Request.BasicAuth()

 	res := s.parent.newSession(webRTCNewSessionReq{
 		pathName:   path,
-		remoteAddr: remoteAddr,
+		remoteAddr: httpserv.RemoteAddr(ctx),
 		query:      ctx.Request.URL.RawQuery,
 		user:       user,
 		pass:       pass,