From 40b356ecdf167ed2b9227ac617a257061104b19c Mon Sep 17 00:00:00 2001
From: "Emma [it/its]@Rory&" <root@rory.gay>
Date: Wed, 30 Oct 2024 16:28:57 +0100
Subject: [PATCH] Add express trustedProxy support

---
 src/api/Server.ts                              | 4 ++++
 src/util/config/types/SecurityConfiguration.ts | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/src/api/Server.ts b/src/api/Server.ts
index bea75d7e2..27adc0bd2 100644
--- a/src/api/Server.ts
+++ b/src/api/Server.ts
@@ -99,6 +99,10 @@ export class SpacebarServer extends Server {
 
 		this.app.set("json replacer", JSONReplacer);
 
+		const trustedProxies = Config.get().security.trustedProxies;
+		if(trustedProxies)
+			this.app.set("trust proxy", trustedProxies);
+
 		this.app.use(CORS);
 		this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
 
diff --git a/src/util/config/types/SecurityConfiguration.ts b/src/util/config/types/SecurityConfiguration.ts
index 357766422..38aab6f8e 100644
--- a/src/util/config/types/SecurityConfiguration.ts
+++ b/src/util/config/types/SecurityConfiguration.ts
@@ -29,6 +29,9 @@ export class SecurityConfiguration {
 	// X-Forwarded-For for nginx/reverse proxies
 	// CF-Connecting-IP for cloudflare
 	forwardedFor: string | null = null;
+	// trusted proxies to get the real user ip address
+	// requires a reverse proxy to overwrite X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Proto
+	trustedProxies: string | boolean | null = null;
 	ipdataApiKey: string | null =
 		"eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9";
 	mfaBackupCodeCount: number = 10;