3 files changed, 18 insertions, 0 deletions

diff --git a/internal/config/config.go b/internal/config/config.go
index 6f943d684..68e958995 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -51,6 +51,7 @@ type Config struct {
 	AccountDomain     string             `yaml:"accountDomain"`
 	Protocol          string             `yaml:"protocol"`
 	Port              int                `yaml:"port"`
+	TrustedProxies    []string           `yaml:"trustedProxies"`
 	DBConfig          *DBConfig          `yaml:"db"`
 	TemplateConfig    *TemplateConfig    `yaml:"template"`
 	AccountsConfig    *AccountsConfig    `yaml:"accounts"`
@@ -155,6 +156,10 @@ func (c *Config) ParseCLIFlags(f KeyedFlags, version string) error {
 		c.Port = f.Int(fn.Port)
 	}
 
+	if len(c.TrustedProxies) == 0 || f.IsSet(fn.TrustedProxies) {
+		c.TrustedProxies = f.StringSlice(fn.TrustedProxies)
+	}
+
 	// db flags
 	if c.DBConfig.Type == "" || f.IsSet(fn.DbType) {
 		c.DBConfig.Type = f.String(fn.DbType)
@@ -339,6 +344,7 @@ type Flags struct {
 	AccountDomain   string
 	Protocol        string
 	Port            string
+	TrustedProxies  string
 
 	DbType      string
 	DbAddress   string
@@ -396,6 +402,7 @@ type Defaults struct {
 	AccountDomain   string
 	Protocol        string
 	Port            int
+	TrustedProxies  []string
 	SoftwareVersion string
 
 	DbType      string
@@ -456,6 +463,7 @@ func GetFlagNames() Flags {
 		AccountDomain:   "account-domain",
 		Protocol:        "protocol",
 		Port:            "port",
+		TrustedProxies:  "trusted-proxies",
 
 		DbType:      "db-type",
 		DbAddress:   "db-address",
@@ -516,6 +524,7 @@ func GetEnvNames() Flags {
 		AccountDomain:   "GTS_ACCOUNT_DOMAIN",
 		Protocol:        "GTS_PROTOCOL",
 		Port:            "GTS_PORT",
+		TrustedProxies:  "GTS_TRUSTED_PROXIES",
 
 		DbType:      "GTS_DB_TYPE",
 		DbAddress:   "GTS_DB_ADDRESS",
diff --git a/internal/config/default.go b/internal/config/default.go
index 1e26d6d4a..6fd9e3852 100644
--- a/internal/config/default.go
+++ b/internal/config/default.go
@@ -11,6 +11,7 @@ func TestDefault() *Config {
 		Host:            defaults.Host,
 		Protocol:        defaults.Protocol,
 		Port:            defaults.Port,
+		TrustedProxies:  defaults.TrustedProxies,
 		SoftwareVersion: defaults.SoftwareVersion,
 		DBConfig: &DBConfig{
 			Type:            defaults.DbType,
@@ -77,6 +78,7 @@ func Default() *Config {
 		Host:            defaults.Host,
 		Protocol:        defaults.Protocol,
 		Port:            defaults.Port,
+		TrustedProxies:  defaults.TrustedProxies,
 		SoftwareVersion: defaults.SoftwareVersion,
 		DBConfig: &DBConfig{
 			Type:            defaults.DbType,
@@ -145,6 +147,7 @@ func GetDefaults() Defaults {
 		AccountDomain:   "",
 		Protocol:        "https",
 		Port:            8080,
+		TrustedProxies:  []string{"127.0.0.1/32"}, // localhost
 
 		DbType:      "postgres",
 		DbAddress:   "localhost",
@@ -204,6 +207,7 @@ func GetTestDefaults() Defaults {
 		AccountDomain:   "",
 		Protocol:        "http",
 		Port:            8080,
+		TrustedProxies:  []string{"127.0.0.1/32"},
 
 		DbType:     "postgres",
 		DbAddress:  "localhost",
diff --git a/internal/router/router.go b/internal/router/router.go
index 64d7267be..c5f105448 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -122,6 +122,11 @@ func New(cfg *config.Config, db db.DB, logger *logrus.Logger) (Router, error) {
 	engine := gin.Default()
 	engine.MaxMultipartMemory = 8 << 20 // 8 MiB
 
+	// set up IP forwarding via x-forward-* headers.
+	if err := engine.SetTrustedProxies(cfg.TrustedProxies); err != nil {
+		return nil, err
+	}
+
 	// enable cors on the engine
 	if err := useCors(cfg, engine); err != nil {
 		return nil, err