Skip to content

fix: Split host and port before storing IP #2594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 26, 2022
Merged

fix: Split host and port before storing IP #2594

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7de5475
fix: Split host and port before storing IP
kylecarbs Jun 22, 2022
c703d14
Merge branch 'main' into splitipport
kylecarbs Jun 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: Split host and port before storing IP 
The IP was always nil prior, and this fixes the test to
check for that as well!
  • Loading branch information
@kylecarbs
kylecarbs committed Jun 22, 2022
commit 7de5475e15377deb4ec5ad9dfecb436d3301bae2
3 changes: 2 additions & 1 deletion coderd/httpmw/apikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,8 @@ func ExtractAPIKey(db database.Store, oauth *OAuth2Configs) func(http.Handler) h
// Only update LastUsed once an hour to prevent database spam.
if now.Sub(key.LastUsed) > time.Hour {
key.LastUsed = now
remoteIP := net.ParseIP(r.RemoteAddr)
host, _, _ := net.SplitHostPort(r.RemoteAddr)
remoteIP := net.ParseIP(host)
if remoteIP == nil {
remoteIP = net.IPv4(0, 0, 0, 0)
}
Expand Down
7 changes: 4 additions & 3 deletions coderd/httpmw/apikey_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"crypto/sha256"
"fmt"
"net"
"net/http"
"net/http/httptest"
"testing"
Expand Down Expand Up @@ -413,13 +414,13 @@ func TestAPIKey(t *testing.T) {
rw = httptest.NewRecorder()
user = createUser(r.Context(), t, db)
)
r.RemoteAddr = "1.1.1.1"
r.RemoteAddr = "1.1.1.1:3555"
r.AddCookie(&http.Cookie{
Name: httpmw.SessionTokenKey,
Value: fmt.Sprintf("%s-%s", id, secret),
})

sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
ID: id,
HashedSecret: hashed[:],
LastUsed: database.Now().AddDate(0, 0, -1),
Expand All @@ -435,7 +436,7 @@ func TestAPIKey(t *testing.T) {
gotAPIKey, err := db.GetAPIKeyByID(r.Context(), id)
require.NoError(t, err)

require.NotEqual(t, sentAPIKey.IPAddress, gotAPIKey.IPAddress)
require.Equal(t, net.ParseIP("1.1.1.1"), gotAPIKey.IPAddress.IPNet.IP)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

noob question: I see you added :3555 on L417 but then here on L439, you're passing in "1.1.1.1. So why add the :3555 if we're not testing it here? (or are we??)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're testing that it gets stripped correctly!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh! I misread - that makes sense! thanks Colin!

})
}

Expand Down
3 changes: 2 additions & 1 deletion coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -800,7 +800,8 @@ func (api *API) createAPIKey(rw http.ResponseWriter, r *http.Request, params dat
}
}

ip := net.ParseIP(r.RemoteAddr)
host, _, _ := net.SplitHostPort(r.RemoteAddr)
ip := net.ParseIP(host)
if ip == nil {
ip = net.IPv4(0, 0, 0, 0)
}
Expand Down