feat(proxyd): Add X-Forwarded-For header

go/proxyd/backend.go

@@ -7,16 +7,18 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/ethereum/go-ethereum/log"
-	"github.com/gorilla/websocket"
-	"github.com/prometheus/client_golang/prometheus"
 	"io"
 	"io/ioutil"
 	"math"
 	"math/rand"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"
+
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/gorilla/websocket"
+	"github.com/prometheus/client_golang/prometheus"
 )
 
 const (
@@ -84,6 +86,7 @@ type Backend struct {
 	maxRPS               int
 	maxWSConns           int
 	outOfServiceInterval time.Duration
+	stripTrailingXFF     bool
 }
 
 type BackendOpt func(b *Backend)
@@ -140,6 +143,12 @@ func WithTLSConfig(tlsConfig *tls.Config) BackendOpt {
 	}
 }
 
+func WithStrippedTrailingXFF() BackendOpt {
+	return func(b *Backend) {
+		b.stripTrailingXFF = true
+	}
+}
+
 func NewBackend(
 	name string,
 	rpcURL string,
@@ -316,7 +325,16 @@ func (b *Backend) doForward(ctx context.Context, rpcReq *RPCReq) (*RPCRes, error
 		httpReq.SetBasicAuth(b.authUsername, b.authPassword)
 	}
 
+	xForwardedFor := GetXForwardedFor(ctx)
+	if b.stripTrailingXFF {
+		ipList := strings.Split(xForwardedFor, ",")
+		if len(ipList) > 0 {
+			xForwardedFor = ipList[0]
+		}
+	}
+
 	httpReq.Header.Set("content-type", "application/json")
+	httpReq.Header.Set("X-Forwarded-For", xForwardedFor)
 
 	httpRes, err := b.client.Do(httpReq)
 	if err != nil {

go/proxyd/config.go

@@ -41,6 +41,7 @@ type BackendConfig struct {
 	CAFile           string `toml:"ca_file"`
 	ClientCertFile   string `toml:"client_cert_file"`
 	ClientKeyFile    string `toml:"client_key_file"`
+	StripTrailingXFF bool   `toml:"strip_trailing_xff"`
 }
 
 type BackendsConfig map[string]*BackendConfig

go/proxyd/proxyd.go

@@ -96,6 +96,9 @@ func Start(config *Config) error {
 			log.Info("using custom TLS config for backend", "name", name)
 			opts = append(opts, WithTLSConfig(tlsConfig))
 		}
+		if cfg.StripTrailingXFF {
+			opts = append(opts, WithStrippedTrailingXFF())
+		}
 		back := NewBackend(name, rpcURL, wsURL, lim, opts...)
 		backendNames = append(backendNames, name)
 		backendsByName[name] = back

go/proxyd/server.go

@@ -5,20 +5,23 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/rs/cors"
-	"io"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 const (
 	ContextKeyAuth          = "authorization"
 	ContextKeyReqID         = "req_id"
+	ContextKeyXForwardedFor = "x_forwarded_for"
 )
 
 type Server struct {
@@ -214,7 +217,16 @@ func (s *Server) populateContext(w http.ResponseWriter, r *http.Request) context
 		return nil
 	}
 
+	xff := r.Header.Get("X-Forwarded-For")
+	if xff == "" {
+		ipPort := strings.Split(r.RemoteAddr, ":")
+		if len(ipPort) == 2 {
+			xff = ipPort[0]
+		}
+	}
+
 	ctx := context.WithValue(r.Context(), ContextKeyAuth, s.authenticatedPaths[authorization])
+	ctx = context.WithValue(ctx, ContextKeyXForwardedFor, xff)
 	return context.WithValue(
 		ctx,
 		ContextKeyReqID,
@@ -271,3 +283,11 @@ func GetReqID(ctx context.Context) string {
 	}
 	return reqId
 }
+
+func GetXForwardedFor(ctx context.Context) string {
+	xff, ok := ctx.Value(ContextKeyXForwardedFor).(string)
+	if !ok {
+		return ""
+	}
+	return xff
+}