v0.7.31 - Fixed production crash by replacing in-memory subscription iteration with database queries in monitoring system

2025-10-18 18:09:13 -04:00
parent 838ce5b45a
commit 53f7608872
7 changed files with 165 additions and 98 deletions
--- a/src/websockets.c
+++ b/src/websockets.c
@@ -247,7 +247,57 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso

            // Get real client IP address
            char client_ip[CLIENT_IP_MAX_LENGTH];
-            lws_get_peer_simple(wsi, client_ip, sizeof(client_ip));
+            memset(client_ip, 0, sizeof(client_ip));
+            
+            // Check if we should trust proxy headers
+            int trust_proxy = get_config_bool("trust_proxy_headers", 0);
+            
+            if (trust_proxy) {
+                // Try to get IP from X-Forwarded-For header first
+                char x_forwarded_for[CLIENT_IP_MAX_LENGTH];
+                int header_len = lws_hdr_copy(wsi, x_forwarded_for, sizeof(x_forwarded_for) - 1, WSI_TOKEN_X_FORWARDED_FOR);
+                
+                if (header_len > 0) {
+                    x_forwarded_for[header_len] = '\0';
+                    // X-Forwarded-For can contain multiple IPs (client, proxy1, proxy2, ...)
+                    // We want the first (leftmost) IP which is the original client
+                    char* comma = strchr(x_forwarded_for, ',');
+                    if (comma) {
+                        *comma = '\0'; // Truncate at first comma
+                    }
+                    // Trim leading/trailing whitespace
+                    char* ip_start = x_forwarded_for;
+                    while (*ip_start == ' ' || *ip_start == '\t') ip_start++;
+                    size_t ip_len = strlen(ip_start);
+                    while (ip_len > 0 && (ip_start[ip_len-1] == ' ' || ip_start[ip_len-1] == '\t')) {
+                        ip_start[--ip_len] = '\0';
+                    }
+                    if (ip_len > 0 && ip_len < CLIENT_IP_MAX_LENGTH) {
+                        strncpy(client_ip, ip_start, CLIENT_IP_MAX_LENGTH - 1);
+                        client_ip[CLIENT_IP_MAX_LENGTH - 1] = '\0';
+                        DEBUG_TRACE("Using X-Forwarded-For IP: %s", client_ip);
+                    }
+                }
+                
+                // If X-Forwarded-For didn't work, try X-Real-IP
+                if (client_ip[0] == '\0') {
+                    char x_real_ip[CLIENT_IP_MAX_LENGTH];
+                    header_len = lws_hdr_copy(wsi, x_real_ip, sizeof(x_real_ip) - 1, WSI_TOKEN_HTTP_X_REAL_IP);
+                    
+                    if (header_len > 0) {
+                        x_real_ip[header_len] = '\0';
+                        strncpy(client_ip, x_real_ip, CLIENT_IP_MAX_LENGTH - 1);
+                        client_ip[CLIENT_IP_MAX_LENGTH - 1] = '\0';
+                        DEBUG_TRACE("Using X-Real-IP: %s", client_ip);
+                    }
+                }
+            }
+            
+            // Fall back to direct connection IP if proxy headers not available or not trusted
+            if (client_ip[0] == '\0') {
+                lws_get_peer_simple(wsi, client_ip, sizeof(client_ip));
+                DEBUG_TRACE("Using direct connection IP: %s", client_ip);
+            }

            // Ensure client_ip is null-terminated and copy safely
            client_ip[CLIENT_IP_MAX_LENGTH - 1] = '\0';