real ip headers

app/http/server.go

@@ -1,7 +1,6 @@
 package http
 
 import (
-	"fmt"
 	"github.com/TicketsBot/GoPanel/app/http/endpoints/api"
 	api_autoclose "github.com/TicketsBot/GoPanel/app/http/endpoints/api/autoclose"
 	api_blacklist "github.com/TicketsBot/GoPanel/app/http/endpoints/api/blacklist"
@@ -32,7 +31,7 @@ func StartServer() {
 
 	router := gin.Default()
 
-	router.RemoteIPHeaders = append(router.RemoteIPHeaders, "X-Forwarded-For", "X-Real-IP", "CF-Connecting-IP")
+	router.RemoteIPHeaders = config.Conf.Server.RealIpHeaders
 	if err := router.SetTrustedProxies(config.Conf.Server.TrustedProxies); err != nil {
 		panic(err)
 	}
@@ -48,12 +47,6 @@ func StartServer() {
 
 	router.Use(middleware.Cors(config.Conf))
 
-	router.Use(func(ctx *gin.Context) {
-		fmt.Println(ctx.Request.Header)
-		fmt.Println(ctx.ClientIP())
-		fmt.Println(ctx.RemoteIP())
-	})
-
 	router.GET("/webchat", root.WebChatWs)
 
 	router.POST("/callback", middleware.VerifyXTicketsHeader, root.CallbackHandler)

config/config.go

@@ -28,6 +28,7 @@ type (
 		Ratelimit      Ratelimit
 		Session        Session
 		Secret         string
+		RealIpHeaders  []string
 		TrustedProxies []string
 	}
 
@@ -137,8 +138,9 @@ func fromEnvvar() {
 				Threads: sessionThreads,
 				Secret:  os.Getenv("SESSION_SECRET"),
 			},
-			Secret: os.Getenv("JWT_SECRET"),
+			Secret:         os.Getenv("JWT_SECRET"),
 			TrustedProxies: strings.Split(os.Getenv("TRUSTED_PROXIES"), ","),
+			RealIpHeaders: strings.Split(os.Getenv("REAL_IP_HEADERS"), ","),
 		},
 		Oauth: Oauth{
 			Id:          oauthId,