feat: separate real ip header of frontend/agent (#1057)

* test(deps): use self admin-frontend * feat: separate real ip header of frontend/agent * test(ci): test * Revert "test(ci): test" This reverts commit 1634c7e7d7bca2873c13955abb582ea88645844f. * test(ci): test * test(ci): test * test(ci): test * Revert "test(ci): test" This reverts commit 8fce20a07e5a9503f665937337050d4373ca7e78. * Revert "test(ci): test" This reverts commit 3267cccbfb81776a711e8cb34e676536f0852d1c. * Revert "test(ci): test" This reverts commit 566660c0c6a9875864aa46537bcc6788769337eb. * Revert "test(deps): use self admin-frontend" This reverts commit 16a838b374ff040800b2c1c5f8e5ede577645669.
2026-02-04 04:30:05 +00:00 · 2025-04-13 18:41:28 +08:00
parent 6c42fdcf92
commit 6493911d45
5 changed files with 12 additions and 9 deletions
--- a/cmd/dashboard/controller/setting.go
+++ b/cmd/dashboard/controller/setting.go
@@ -101,7 +101,8 @@ func updateConfig(c *gin.Context) (any, error) {
 	singleton.Conf.DNSServers = sf.DNSServers
 	singleton.Conf.CustomCode = sf.CustomCode
 	singleton.Conf.CustomCodeDashboard = sf.CustomCodeDashboard
-	singleton.Conf.RealIPHeader = sf.RealIPHeader
+	singleton.Conf.WebRealIPHeader = sf.WebRealIPHeader
+	singleton.Conf.AgentRealIPHeader = sf.AgentRealIPHeader
 	singleton.Conf.AgentTLS = sf.AgentTLS
 	singleton.Conf.UserTemplate = sf.UserTemplate

--- a/cmd/dashboard/controller/waf/waf.go
+++ b/cmd/dashboard/controller/waf/waf.go
@@ -16,18 +16,18 @@ import (
 var errorPageTemplate string

 func RealIp(c *gin.Context) {
-	if singleton.Conf.RealIPHeader == "" {
+	if singleton.Conf.WebRealIPHeader == "" {
 		c.Next()
 		return
 	}

-	if singleton.Conf.RealIPHeader == model.ConfigUsePeerIP {
+	if singleton.Conf.WebRealIPHeader == model.ConfigUsePeerIP {
 		c.Set(model.CtxKeyRealIPStr, c.RemoteIP())
 		c.Next()
 		return
 	}

-	vals := c.Request.Header.Get(singleton.Conf.RealIPHeader)
+	vals := c.Request.Header.Get(singleton.Conf.WebRealIPHeader)
 	if vals == "" {
 		c.AbortWithStatusJSON(http.StatusOK, model.CommonResponse[any]{Success: false, Error: "real ip header not found"})
 		return
--- a/cmd/dashboard/rpc/rpc.go
+++ b/cmd/dashboard/rpc/rpc.go
@@ -47,16 +47,16 @@ func getRealIp(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler
 	}
 	ctx = context.WithValue(ctx, model.CtxKeyConnectingIP{}, connectingIp)

-	if singleton.Conf.RealIPHeader == "" {
+	if singleton.Conf.AgentRealIPHeader == "" {
 		return handler(ctx, req)
 	}

-	if singleton.Conf.RealIPHeader == model.ConfigUsePeerIP {
+	if singleton.Conf.AgentRealIPHeader == model.ConfigUsePeerIP {
 		if connectingIp == "" {
 			return nil, fmt.Errorf("connecting ip not found")
 		}
 	} else {
-		vals := metadata.ValueFromIncomingContext(ctx, singleton.Conf.RealIPHeader)
+		vals := metadata.ValueFromIncomingContext(ctx, singleton.Conf.AgentRealIPHeader)
 		if len(vals) == 0 {
 			return nil, fmt.Errorf("real ip header not found")
 		}
--- a/model/config.go
+++ b/model/config.go
@@ -32,7 +32,8 @@ type ConfigDashboard struct {
 	InstallHost string `koanf:"install_host" json:"install_host,omitempty"`
 	AgentTLS    bool   `koanf:"tls" json:"tls,omitempty"` // 用于前端判断生成的安装命令是否启用 TLS

-	RealIPHeader  string `koanf:"real_ip_header" json:"real_ip_header,omitempty"` // 真实IP
+	WebRealIPHeader  string `koanf:"web_real_ip_header" json:"web_real_ip_header,omitempty"` // 前端真实IP
+	AgentRealIPHeader  string `koanf:"agent_real_ip_header" json:"agent_real_ip_header,omitempty"` // Agent真实IP
 	UserTemplate  string `koanf:"user_template" json:"user_template,omitempty"`
 	AdminTemplate string `koanf:"admin_template" json:"admin_template,omitempty"`

--- a/model/setting_api.go
+++ b/model/setting_api.go
@@ -10,7 +10,8 @@ type SettingForm struct {
 	InstallHost                 string `json:"install_host,omitempty" validate:"optional"`
 	CustomCode                  string `json:"custom_code,omitempty" validate:"optional"`
 	CustomCodeDashboard         string `json:"custom_code_dashboard,omitempty" validate:"optional"`
-	RealIPHeader                string `json:"real_ip_header,omitempty" validate:"optional"` // 真实IP
+	WebRealIPHeader                string `json:"web_real_ip_header,omitempty" validate:"optional"` // 前端真实IP
+	AgentRealIPHeader                string `json:"agent_real_ip_header,omitempty" validate:"optional"` // Agent真实IP
 	UserTemplate                string `json:"user_template,omitempty" validate:"optional"`

 	AgentTLS                    bool `json:"tls,omitempty" validate:"optional"`