From b012a81f6685bfdc26faa717dac0b5533612f328 Mon Sep 17 00:00:00 2001 From: tobi Date: Tue, 7 Oct 2025 16:02:57 +0200 Subject: [bugfix] Log a warning when clientIP could not be parsed during rate limiting (#4481) # Description > If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements. > > If this is a documentation change, please briefly describe what you've changed and why. Fixes a panic when clientIP cannot be parsed in the rate limiting middleware, and warn logs the derived clientIP and a hint that reverse proxy may be misconfigured. Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4479 ## Checklist Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]` If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want). - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [x] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4481 Co-authored-by: tobi Co-committed-by: tobi --- internal/middleware/ratelimit.go | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'internal/middleware/ratelimit.go') diff --git a/internal/middleware/ratelimit.go b/internal/middleware/ratelimit.go index 6d39721ec..48c54636b 100644 --- a/internal/middleware/ratelimit.go +++ b/internal/middleware/ratelimit.go @@ -25,6 +25,7 @@ import ( "time" "code.superseriousbusiness.org/gotosocial/internal/gtserror" + "code.superseriousbusiness.org/gotosocial/internal/log" "code.superseriousbusiness.org/gotosocial/internal/util" "github.com/gin-gonic/gin" "github.com/ulule/limiter/v3" @@ -78,30 +79,43 @@ func RateLimit(limit int, except []netip.Prefix) gin.HandlerFunc { // Use Gin's heuristic for determining // clientIP, which accounts for reverse // proxies and trusted proxies setting. - clientIP := netip.MustParseAddr(c.ClientIP()) + clientIP := c.ClientIP() + + // ClientIP must be parseable. + ip, err := netip.ParseAddr(clientIP) + if err != nil { + log.Warnf( + c.Request.Context(), + "cannot do rate limiting for this request as client IP %s could not be parsed;"+ + " your upstream reverse proxy may be misconfigured: %v", + err, + ) + c.Next() + return + } // Check if this IP is exempt from rate // limits and skip further checks if so. for _, prefix := range except { - if prefix.Contains(clientIP) { + if prefix.Contains(ip) { c.Next() return } } - if clientIP.Is6() { + if ip.Is6() { // Convert to "net" package IP for mask. - asIP := net.IP(clientIP.AsSlice()) + asIP := net.IP(ip.AsSlice()) // Apply coarse IPv6 mask. asIP = asIP.Mask(ipv6Mask) // Convert back to netip.Addr from net.IP. - clientIP, _ = netip.AddrFromSlice(asIP) + ip, _ = netip.AddrFromSlice(asIP) } // Fetch rate limit info for this (masked) clientIP. - context, err := limiter.Get(c, clientIP.String()) + context, err := limiter.Get(c, ip.String()) if err != nil { // Since we use an in-memory cache now, // it's actually impossible for this to -- cgit v1.2.3