fix: use correct client ip header

2025-11-13 23:58:23 +01:00
parent c1801adaa2
commit 8fbe944df0
20 changed files with 255 additions and 61 deletions
--- a/apps/api/src/controllers/event.controller.ts
+++ b/apps/api/src/controllers/event.controller.ts
@@ -1,4 +1,3 @@
-import { getClientIp } from '@/utils/get-client-ip';
 import type { FastifyReply, FastifyRequest } from 'fastify';

 import { generateDeviceId, parseUserAgent } from '@openpanel/common/server';
@@ -21,7 +20,7 @@ export async function postEvent(
    request.timestamp,
    request.body,
  );
-  const ip = getClientIp(request)!;
+  const ip = request.clientIp;
  const ua = request.headers['user-agent']!;
  const projectId = request.client?.projectId;
  const headers = getStringHeaders(request.headers);
--- a/apps/api/src/controllers/misc.controller.ts
+++ b/apps/api/src/controllers/misc.controller.ts
@@ -4,9 +4,12 @@ import { parseUrlMeta } from '@/utils/parseUrlMeta';
 import type { FastifyReply, FastifyRequest } from 'fastify';
 import sharp from 'sharp';

-import { getClientIp } from '@/utils/get-client-ip';
+import {
+  DEFAULT_HEADER_ORDER,
+  getClientIpFromHeaders,
+} from '@openpanel/common/server/get-client-ip';
 import { TABLE_NAMES, ch, chQuery, formatClickhouseDate } from '@openpanel/db';
-import { getGeoLocation } from '@openpanel/geo';
+import { type GeoLocation, getGeoLocation } from '@openpanel/geo';
 import { getCache, getRedisCache } from '@openpanel/redis';

 interface GetFaviconParams {
@@ -394,12 +397,35 @@ export async function stats(request: FastifyRequest, reply: FastifyReply) {
 }

 export async function getGeo(request: FastifyRequest, reply: FastifyReply) {
-  const ip = getClientIp(request);
+  const ip = getClientIpFromHeaders(request.headers);
+  const others = await Promise.all(
+    DEFAULT_HEADER_ORDER.map(async (header) => {
+      const ip = getClientIpFromHeaders(request.headers, header);
+      return {
+        header,
+        ip,
+        geo: await getGeoLocation(ip),
+      };
+    }),
+  );
+
  if (!ip) {
    return reply.status(400).send('Bad Request');
  }
  const geo = await getGeoLocation(ip);
-  return reply.status(200).send(geo);
+  return reply.status(200).send({
+    selected: {
+      geo,
+      ip,
+    },
+    ...others.reduce(
+      (acc, other) => {
+        acc[other.header] = other;
+        return acc;
+      },
+      {} as Record<string, { ip: string; geo: GeoLocation }>,
+    ),
+  });
 }

 export async function getOgImage(
--- a/apps/api/src/controllers/profile.controller.ts
+++ b/apps/api/src/controllers/profile.controller.ts
@@ -1,4 +1,3 @@
-import { getClientIp } from '@/utils/get-client-ip';
 import type { FastifyReply, FastifyRequest } from 'fastify';
 import { assocPath, pathOr } from 'ramda';

@@ -22,7 +21,7 @@ export async function updateProfile(
  if (!projectId) {
    return reply.status(400).send('No projectId');
  }
-  const ip = getClientIp(request)!;
+  const ip = request.clientIp;
  const ua = request.headers['user-agent']!;
  const uaInfo = parseUserAgent(ua, properties);
  const geo = await getGeoLocation(ip);
--- a/apps/api/src/controllers/track.controller.ts
+++ b/apps/api/src/controllers/track.controller.ts
@@ -1,4 +1,3 @@
-import { getClientIp } from '@/utils/get-client-ip';
 import type { FastifyReply, FastifyRequest } from 'fastify';
 import { path, assocPath, pathOr, pick } from 'ramda';

@@ -91,7 +90,7 @@ export async function handler(
  const timestamp = getTimestamp(request.timestamp, request.body.payload);
  const ip =
    path<string>(['properties', '__ip'], request.body.payload) ||
-    getClientIp(request)!;
+    request.clientIp;
  const ua = request.headers['user-agent']!;
  const projectId = request.client?.projectId;

--- a/apps/api/src/hooks/ip.hook.ts
+++ b/apps/api/src/hooks/ip.hook.ts
@@ -1,13 +1,12 @@
-import { getClientIp } from '@/utils/get-client-ip';
-import type {
-  FastifyReply,
-  FastifyRequest,
-  HookHandlerDoneFunction,
-} from 'fastify';
+import { getClientIpFromHeaders } from '@openpanel/common/server/get-client-ip';
+import type { FastifyRequest } from 'fastify';

 export async function ipHook(request: FastifyRequest) {
-  const ip = getClientIp(request);
+  const ip = getClientIpFromHeaders(request.headers);
+
  if (ip) {
    request.clientIp = ip;
+  } else {
+    request.clientIp = '';
  }
 }
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -55,7 +55,7 @@ process.env.TZ = 'UTC';
 declare module 'fastify' {
  interface FastifyRequest {
    client: IServiceClientWithProject | null;
-    clientIp?: string;
+    clientIp: string;
    timestamp?: number;
    session: SessionValidationResult;
  }
--- a/apps/api/src/utils/get-client-ip.ts
+++ b/apps/api/src/utils/get-client-ip.ts
@@ -1,8 +0,0 @@
-import type { FastifyRequest } from 'fastify';
-import requestIp from 'request-ip';
-
-const ignore = ['127.0.0.1', '::1'];
-
-export function getClientIp(req: FastifyRequest) {
-  return requestIp.getClientIp(req);
-}