[bugfix] Log a warning when clientIP could not be parsed during rate limiting (#4481)

# Description

> If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.
>
> If this is a documentation change, please briefly describe what you've changed and why.

Fixes a panic when clientIP cannot be parsed in the rate limiting middleware, and warn logs the derived clientIP and a hint that reverse proxy may be misconfigured.

Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4479

## Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [ ] I/we have made any necessary changes to documentation.
- [ ] I/we have added tests that cover new code.
- [x] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4481
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>

1 files changed, 20 insertions, 6 deletions

diff --git a/internal/middleware/ratelimit.go b/internal/middleware/ratelimit.go
index 6d39721ec..48c54636b 100644
--- a/internal/middleware/ratelimit.go
+++ b/internal/middleware/ratelimit.go
@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+	"code.superseriousbusiness.org/gotosocial/internal/log"
 	"code.superseriousbusiness.org/gotosocial/internal/util"
 	"github.com/gin-gonic/gin"
 	"github.com/ulule/limiter/v3"
@@ -78,30 +79,43 @@ func RateLimit(limit int, except []netip.Prefix) gin.HandlerFunc {
 		// Use Gin's heuristic for determining
 		// clientIP, which accounts for reverse
 		// proxies and trusted proxies setting.
-		clientIP := netip.MustParseAddr(c.ClientIP())
+		clientIP := c.ClientIP()
+
+		// ClientIP must be parseable.
+		ip, err := netip.ParseAddr(clientIP)
+		if err != nil {
+			log.Warnf(
+				c.Request.Context(),
+				"cannot do rate limiting for this request as client IP %s could not be parsed;"+
+					" your upstream reverse proxy may be misconfigured: %v",
+				err,
+			)
+			c.Next()
+			return
+		}
 
 		// Check if this IP is exempt from rate
 		// limits and skip further checks if so.
 		for _, prefix := range except {
-			if prefix.Contains(clientIP) {
+			if prefix.Contains(ip) {
 				c.Next()
 				return
 			}
 		}
 
-		if clientIP.Is6() {
+		if ip.Is6() {
 			// Convert to "net" package IP for mask.
-			asIP := net.IP(clientIP.AsSlice())
+			asIP := net.IP(ip.AsSlice())
 
 			// Apply coarse IPv6 mask.
 			asIP = asIP.Mask(ipv6Mask)
 
 			// Convert back to netip.Addr from net.IP.
-			clientIP, _ = netip.AddrFromSlice(asIP)
+			ip, _ = netip.AddrFromSlice(asIP)
 		}
 
 		// Fetch rate limit info for this (masked) clientIP.
-		context, err := limiter.Get(c, clientIP.String())
+		context, err := limiter.Get(c, ip.String())
 		if err != nil {
 			// Since we use an in-memory cache now,
 			// it's actually impossible for this to