Skip to content

fix: trusted-proxies config for X-Forwarded-For rate limiting (L-2)#74

Merged
jkyberneees merged 1 commit into
mainfrom
fix/l2-trusted-proxies
Jul 18, 2026
Merged

fix: trusted-proxies config for X-Forwarded-For rate limiting (L-2)#74
jkyberneees merged 1 commit into
mainfrom
fix/l2-trusted-proxies

Conversation

@jkyberneees

Copy link
Copy Markdown
Contributor

Closes L-2.

Changes:

  • Add TrustedProxies config field (file: trusted_proxies, env: ODEK_TRUSTED_PROXIES, CLI: --trusted-proxies).
  • Update clientIP in cmd/odek/serve.go to only honor X-Forwarded-For / X-Real-Ip when the direct remote address is in the trusted list.
  • Add isTrustedProxy helper supporting exact IPs and CIDR ranges.
  • Wire trusted proxies through wsHandshakeWithLimits and handleSessionByID.
  • Update test helpers and existing tests to pass the new parameter.
  • Add regression tests for clientIP behavior and config loading from env/CLI/file.
  • Update AGENTS.md and docs/SECURITY.md.

Tested with go test ./... -count=1.

@jkyberneees
jkyberneees merged commit f7637f7 into main Jul 18, 2026
5 of 7 checks passed
@jkyberneees
jkyberneees deleted the fix/l2-trusted-proxies branch July 18, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant