From 0348d63e69c180e32b3afe34e5b91197768d4d4f Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Tue, 22 Apr 2025 08:18:49 -0700 Subject: [PATCH] All nginx connections are local, so use forwarding header to get client IP and listen explicitly on localhost. --- src/bin/server.ts | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/bin/server.ts b/src/bin/server.ts index 633d9ba..59b46a6 100755 --- a/src/bin/server.ts +++ b/src/bin/server.ts @@ -134,16 +134,20 @@ async function respond (res: http.ServerResponse, data: Buffer[]): Promise // Create server const server = http.createServer((req, res): void => { - if (req.socket.remoteAddress == null) { + const xff = req.headers['x-forwarded-for'] + const ip = (typeof xff === 'string') + ? xff.split(',')[0].trim().replace(/^::ffff:/, '') + : req.socket.remoteAddress + if (ip == null) { res.writeHead(401).end('Unauthorized') return } - const client = requests.get(req.socket.remoteAddress) - if (process.send != null || req.socket.remoteAddress === '::1' || client == null || client.time < Date.now() - MAX_REQUEST_TIME) { - requests.set(req.socket.remoteAddress, { tokens: MAX_REQUEST_COUNT, time: Date.now() }) + const client = requests.get(ip) + if (ip === '127.0.0.1' || process.send != null || client == null || client.time < Date.now() - MAX_REQUEST_TIME) { + requests.set(ip, { tokens: MAX_REQUEST_COUNT, time: Date.now() }) } else { if (--client.tokens <= 0) { - log(`${req.socket.remoteAddress} potential abuse`) + log(`${ip} potential abuse`) res.writeHead(429).end('Too Many Requests') return } @@ -273,7 +277,7 @@ await page.waitForFunction(async (): Promise => { log('Puppeteer initialized') // Listen on configured port -server.listen(CONFIG.PORT, async (): Promise => { +server.listen(CONFIG.PORT, '127.0.0.1', async (): Promise => { const { port } = server.address() as AddressInfo CONFIG.PORT = port log(`Server listening on port ${port}`) -- 2.34.1