From 2a466811473e22d132736506c716e649caf76371 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sun, 26 Jan 2025 12:21:57 +0100
Subject: [chore] Allow suppressing trusted-proxies warning by disabling rate
 limiting (#3686)

---
 internal/api/util/template.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'internal/api/util')

diff --git a/internal/api/util/template.go b/internal/api/util/template.go
index fcfd80956..f58563660 100644
--- a/internal/api/util/template.go
+++ b/internal/api/util/template.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 )
 
 // WebPage encapsulates variables for
@@ -96,6 +97,17 @@ func injectTrustedProxiesRec(
 	c *gin.Context,
 	obj map[string]any,
 ) {
+	if config.GetAdvancedRateLimitRequests() <= 0 {
+		// If rate limiting is disabled entirely
+		// there's no point in giving a trusted
+		// proxies rec, as proper clientIP is
+		// basically only used for rate limiting.
+		return
+	}
+
+	// clientIP = the client IP that gin
+	// derives based on x-forwarded-for
+	// and current trusted proxies.
 	clientIP := c.ClientIP()
 	if clientIP == "127.0.0.1" {
 		// Suggest precise 127.0.0.1/32.
@@ -119,7 +131,9 @@ func injectTrustedProxiesRec(
 
 	if !hasRemoteIPHeader {
 		// Upstream hasn't set a
-		// remote IP header, bail.
+		// remote IP header so we're
+		// probably not in a reverse
+		// proxy setup, bail.
 		return
 	}
 
-- 
cgit v1.2.3