diff --git a/packages/pds/src/index.ts b/packages/pds/src/index.ts index 32abb30056d..dc7e36b8d62 100644 --- a/packages/pds/src/index.ts +++ b/packages/pds/src/index.ts @@ -137,6 +137,7 @@ export class PDS { ) const app = express() + app.set('trust proxy', true) app.use(cors()) app.use(loggerMiddleware) app.use(compression()) diff --git a/packages/xrpc-server/src/index.ts b/packages/xrpc-server/src/index.ts index 6bc4147cb44..1458d2ba070 100644 --- a/packages/xrpc-server/src/index.ts +++ b/packages/xrpc-server/src/index.ts @@ -5,4 +5,4 @@ export * from './stream' export * from './rate-limiter' export type { ServerTiming } from './util' -export { getReqIp, serverTimingHeader, ServerTimer } from './util' +export { serverTimingHeader, ServerTimer } from './util' diff --git a/packages/xrpc-server/src/rate-limiter.ts b/packages/xrpc-server/src/rate-limiter.ts index e650ec599ba..82719101674 100644 --- a/packages/xrpc-server/src/rate-limiter.ts +++ b/packages/xrpc-server/src/rate-limiter.ts @@ -14,7 +14,6 @@ import { RateLimiterStatus, XRPCReqContext, } from './types' -import { getReqIp } from './util' export type RateLimiterOpts = { keyPrefix: string @@ -155,5 +154,7 @@ export const getTightestLimit = ( return lowest } -const defaultKey: CalcKeyFn = (ctx: XRPCReqContext) => getReqIp(ctx.req) +// when using a proxy, ensure headers are getting forwarded correctly: `app.set('trust proxy', true)` +// https://expressjs.com/en/guide/behind-proxies.html +const defaultKey: CalcKeyFn = (ctx: XRPCReqContext) => ctx.req.ip const defaultPoints: CalcPointsFn = () => 1 diff --git a/packages/xrpc-server/src/util.ts b/packages/xrpc-server/src/util.ts index 813587382ba..730db950fbd 100644 --- a/packages/xrpc-server/src/util.ts +++ b/packages/xrpc-server/src/util.ts @@ -268,10 +268,6 @@ function decodeBodyStream( return stream } -export const getReqIp = (req: express.Request): string => { - return req.ips.at(-1) ?? req.ip -} - export function serverTimingHeader(timings: ServerTiming[]) { return timings .map((timing) => {