Announcing https://github.com/outskirtslabs/client-ip, a zero dependency ring middleware for determining a request's "real" client IP address. Getting the IP address of a client making a request to your web application sounds like it should be embarrassingly simple. But it isn't...more at the accompanying blog post: https://casey.link/blog/client-ip-ring-middleware/
Wow this actually could be really really useful for us (where we have largely just resigned ourselves to assuming no IPs are real because of a clownish amount of indirection with cloudflare capping it on top)
I've always found it weird that ring-headers/proxy-headers returns the last IP which is wrong as soon as you have load balancers etc. We have a four-way conditional to deal with CloudFlare and non-CloudFlare environments so, yeah, this is a great addition to our web library ecosystem! Thanks, @ramblurr!
Yup, at least ring's proxy-headers defaults to the last (rightmost) value, and not the leftmost like http-kit does by default. Leftmost is trivial to spoof. Re multiple network paths (CF and non CF): that's what the chain strategy is for! I hope it's useful for the community. It's a boring little library that tries to make one surprisingly complicated task easier. Also I think at least half the issue is communication and education around the topic. So if anyone has questions or feedback regarding the docs, please share. Also would appreciate feedback if you give it spin!
> It's a boring little library that tries to make one surprisingly complicated task easier. this is my favorite kind of library, there's nothing as soul-crushing as starting on a task that sounds simple and it ends up being a lovecraftian nightmare once you start researching
I'm with Samuel... thanks for releasing client-ip! Also, cool projects @ramblurr metal https://casey.link/projects Also, also, hi from another indie dev. who feels quite partial to serving "those at the edge", as you put it. May The Source be with you lightsaber