From a85ff0dfea6ba6b6866dfd7363e12cdff0a5b41c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Valentin=20Gr=C3=BCnbacher?= <nextra.24@gmail.com>
Date: Fri, 4 Aug 2023 13:03:13 +0200
Subject: [PATCH] Allow request IP candidates to contain ports

---
 http/http.go      |  6 +++++-
 http/http_test.go | 26 ++++++++++++++++----------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/http/http.go b/http/http.go
index d0a1838..db76ac6 100644
--- a/http/http.go
+++ b/http/http.go
@@ -99,7 +99,11 @@ func ipFromRequest(headers []string, r *http.Request, customIP bool) (net.IP, er
 		}
 	}
 	if remoteIP == "" {
-		host, _, err := net.SplitHostPort(r.RemoteAddr)
+		remoteIP = r.RemoteAddr
+	}
+	sep := strings.Index(remoteIP, ":")
+	if sep != -1 {
+		host, _, err := net.SplitHostPort(remoteIP)
 		if err != nil {
 			return nil, err
 		}
diff --git a/http/http_test.go b/http/http_test.go
index 69c9e37..7ac96e1 100644
--- a/http/http_test.go
+++ b/http/http_test.go
@@ -217,16 +217,22 @@ func TestIPFromRequest(t *testing.T) {
 		trustedHeaders []string
 		out            string
 	}{
-		{"127.0.0.1:9999", "", "", nil, "127.0.0.1"},                                                                // No header given
-		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", nil, "127.0.0.1"},                                                // Trusted header is empty
-		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", []string{"X-Foo-Bar"}, "127.0.0.1"},                              // Trusted header does not match
-		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},             // Trusted header matches
-		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},       // Second trusted header matches
-		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7,4.2.4.2", []string{"X-Forwarded-For"}, "1.3.3.7"},            // X-Forwarded-For with multiple entries (commas separator)
-		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7, 4.2.4.2", []string{"X-Forwarded-For"}, "1.3.3.7"},           // X-Forwarded-For with multiple entries (space+comma separator)
-		{"127.0.0.1:9999", "X-Forwarded-For", "", []string{"X-Forwarded-For"}, "127.0.0.1"},                         // Empty header
-		{"127.0.0.1:9999?ip=1.2.3.4", "", "", nil, "1.2.3.4"},                                                       // passed in "ip" parameter
-		{"127.0.0.1:9999?ip=1.2.3.4", "X-Forwarded-For", "1.3.3.7,4.2.4.2", []string{"X-Forwarded-For"}, "1.2.3.4"}, // ip parameter wins over X-Forwarded-For with multiple entries
+		{"127.0.0.1:9999", "", "", nil, "127.0.0.1"},                                                                               // No header given
+		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", nil, "127.0.0.1"},                                                               // Trusted header is empty
+		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", []string{"X-Foo-Bar"}, "127.0.0.1"},                                             // Trusted header does not match
+		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},                            // Trusted header matches
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},                      // Second trusted header matches
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7,4.2.4.2", []string{"X-Forwarded-For"}, "1.3.3.7"},                           // X-Forwarded-For with multiple entries (commas separator)
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7, 4.2.4.2", []string{"X-Forwarded-For"}, "1.3.3.7"},                          // X-Forwarded-For with multiple entries (space+comma separator)
+		{"127.0.0.1:9999", "X-Forwarded-For", "", []string{"X-Forwarded-For"}, "127.0.0.1"},                                        // Empty header
+		{"127.0.0.1:9999", "X-Real-IP", "1.3.3.7:1337", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},                       // Trusted header matches (with port)
+		{"127.0.0.1:9999?ip=1.2.3.4", "", "", nil, "1.2.3.4"},                                                                      // passed in "ip" parameter
+		{"127.0.0.1:9999?ip=1.2.3.4", "X-Forwarded-For", "1.3.3.7,4.2.4.2", []string{"X-Forwarded-For"}, "1.2.3.4"},                // ip parameter wins over X-Forwarded-For with multiple entries
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7:1337", []string{"X-Real-IP", "X-Forwarded-For"}, "1.3.3.7"},                 // Second trusted header matches (with port)
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7:1337,4.2.4.2:4242", []string{"X-Forwarded-For"}, "1.3.3.7"},                 // X-Forwarded-For with multiple entries (commas separator, with port)
+		{"127.0.0.1:9999", "X-Forwarded-For", "1.3.3.7:1337, 4.2.4.2:4242", []string{"X-Forwarded-For"}, "1.3.3.7"},                // X-Forwarded-For with multiple entries (space+comma separator, with port)
+		{"127.0.0.1:9999?ip=1.2.3.4:1234", "", "", nil, "1.2.3.4"},                                                                 // passed in "ip" parameter (with port)
+		{"127.0.0.1:9999?ip=1.2.3.4:1234", "X-Forwarded-For", "1.3.3.7:1337,4.2.4.2:4242", []string{"X-Forwarded-For"}, "1.2.3.4"}, // ip parameter wins over X-Forwarded-For with multiple entries (with port)
 	}
 	for _, tt := range tests {
 		u, err := url.Parse("http://" + tt.remoteAddr)