diff --git a/src/app/channel/channelManager.js b/src/app/channel/channelManager.js
index d0d4eb6..7a7ef6b 100644
--- a/src/app/channel/channelManager.js
+++ b/src/app/channel/channelManager.js
@@ -14,6 +14,9 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .*/
+//Config
+const config = require('../../../config.json');
+
//Local Imports
const channelModel = require('../../schemas/channel/channelSchema');
const emoteModel = require('../../schemas/emoteSchema');
@@ -90,8 +93,11 @@ module.exports = class{
}
async validateSocket(socket){
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? socket.handshake.headers['x-forwarded-for'] : socket.handshake.address;
+
//Look for ban by IP
- const ipBanDB = await userBanModel.checkBanByIP(socket.handshake.address);
+ const ipBanDB = await userBanModel.checkBanByIP(ip);
//If this ip is randy bobandy
if(ipBanDB != null){
diff --git a/src/app/channel/connectedUser.js b/src/app/channel/connectedUser.js
index 12edd34..cebc454 100644
--- a/src/app/channel/connectedUser.js
+++ b/src/app/channel/connectedUser.js
@@ -15,6 +15,7 @@ You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .*/
//local imports
+const config = require('../../../config.json');
const channelModel = require('../../schemas/channel/channelSchema');
const permissionModel = require('../../schemas/permissionSchema');
const flairModel = require('../../schemas/flairSchema');
@@ -58,8 +59,14 @@ module.exports = class{
//Send out the currently playing item
this.channel.queue.sendMedia(socket);
- //Tattoo hashed IP address to user account for seven days
- await userDB.tattooIPRecord(socket.handshake.address);
+ //If we're proxied
+ if(config.proxied){
+ //Tattoo hashed IP address from reverse proxy to user account for seven days
+ await userDB.tattooIPRecord(socket.handshake.headers['x-forwarded-for']);
+ }else{
+ //Tattoo hashed IP address to user account for seven days
+ await userDB.tattooIPRecord(socket.handshake.address);
+ }
}
socketCrawl(cb){
diff --git a/src/controllers/api/account/emailChangeRequestController.js b/src/controllers/api/account/emailChangeRequestController.js
index 83fc654..1b82d74 100644
--- a/src/controllers/api/account/emailChangeRequestController.js
+++ b/src/controllers/api/account/emailChangeRequestController.js
@@ -38,6 +38,9 @@ module.exports.post = async function(req, res){
//Get sanatized/validated data
const {email, pass} = matchedData(req);
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;
+
//Check to make sure the user is logged in
if(req.session.user == null){
errorHandler(res, "Invalid user!");
@@ -56,7 +59,7 @@ module.exports.post = async function(req, res){
}
//Generate the password reset link
- const requestDB = await emailChangeModel.create({user: userDB._id, newEmail: email, ipHash: req.ip});
+ const requestDB = await emailChangeModel.create({user: userDB._id, newEmail: email, ipHash: ip});
//Don't wait on mailer to get back to the browser
res.sendStatus(200);
diff --git a/src/controllers/api/account/passwordResetRequestController.js b/src/controllers/api/account/passwordResetRequestController.js
index e36fb60..899cbe3 100644
--- a/src/controllers/api/account/passwordResetRequestController.js
+++ b/src/controllers/api/account/passwordResetRequestController.js
@@ -40,6 +40,9 @@ module.exports.post = async function(req, res){
//Verify Altcha Payload
const verified = await altchaUtils.verify(req.body.verification);
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;
+
//If altcha verification failed
if(!verified){
return errorHandler(res, 'Altcha verification failed, Please refresh the page!', 'unauthorized');
@@ -63,7 +66,7 @@ module.exports.post = async function(req, res){
}
//Generate the password reset link
- const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});
+ const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: ip});
//Send the reset url via email
const mailInfo = await mailUtils.mailem(
diff --git a/src/controllers/api/account/registerController.js b/src/controllers/api/account/registerController.js
index 3fe962b..43ba037 100644
--- a/src/controllers/api/account/registerController.js
+++ b/src/controllers/api/account/registerController.js
@@ -43,6 +43,10 @@ module.exports.post = async function(req, res){
return errorHandler(res, 'Altcha verification failed, Please refresh the page!', 'unauthorized');
}
+
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;
+
//Would prefer to stick this in userModel.statics.register() but we end up with circular dependencies >:(
const nukedBans = await userBanModel.checkProcessedBans(user.user);
@@ -53,7 +57,7 @@ module.exports.post = async function(req, res){
}
//Look for ban by IP
- const ipBanDB = await userBanModel.checkBanByIP(req.ip);
+ const ipBanDB = await userBanModel.checkBanByIP(ip);
//If this ip is randy bobandy
if(ipBanDB != null){
@@ -68,7 +72,9 @@ module.exports.post = async function(req, res){
return errorHandler(res, banMsg.join('
'), 'unauthorized');
}
- await userModel.register(user, req.ip);
+ //Register off of given IP
+ await userModel.register(user, ip);
+
return res.sendStatus(200);
}else{
res.status(400);
diff --git a/src/controllers/api/admin/passwordResetController.js b/src/controllers/api/admin/passwordResetController.js
index 7b5fdba..deff3a3 100644
--- a/src/controllers/api/admin/passwordResetController.js
+++ b/src/controllers/api/admin/passwordResetController.js
@@ -34,6 +34,9 @@ module.exports.post = async function(req, res){
//Find user from input
const userDB = await userModel.findOne({user});
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;
+
//If there is no user
if(userDB == null){
//Scream
@@ -41,7 +44,7 @@ module.exports.post = async function(req, res){
}
//Generate the password reset link
- const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});
+ const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: ip});
//send URL
res.status(200);
diff --git a/src/utils/sessionUtils.js b/src/utils/sessionUtils.js
index 7395f5a..16fcb3e 100644
--- a/src/utils/sessionUtils.js
+++ b/src/utils/sessionUtils.js
@@ -15,6 +15,7 @@ You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .*/
//Local Imports
+const config = require('../../config.json');
const {userModel} = require('../schemas/user/userSchema');
const userBanModel = require('../schemas/user/userBanSchema')
const altchaUtils = require('../utils/altchaUtils');
@@ -32,8 +33,11 @@ module.exports.authenticateSession = async function(user, pass, req){
//Grab previous attempts
const attempt = failedAttempts.get(user);
+ //If we're proxied use passthrough IP
+ const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;
+
//Look for ban by IP
- const ipBanDB = await userBanModel.checkBanByIP(req.ip);
+ const ipBanDB = await userBanModel.checkBanByIP(ip);
//If this ip is randy bobandy
if(ipBanDB != null){
@@ -89,7 +93,7 @@ module.exports.authenticateSession = async function(user, pass, req){
}
//Tattoo hashed IP address to user account for seven days
- userDB.tattooIPRecord(req.ip);
+ userDB.tattooIPRecord(ip);
//If we got to here then the log-in was successful. We should clear-out any failed attempts.
failedAttempts.delete(user);