From fef8ca84f45d9a5cb619279995f8313ff1985a3d Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Sun, 3 Apr 2022 18:10:33 +0200
Subject: [PATCH] simplify functions

---
 src/controllers/login_controller.rs | 11 ++-------
 src/utils/network_utils.rs          | 35 ++++++++++++++++++++---------
 2 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/src/controllers/login_controller.rs b/src/controllers/login_controller.rs
index 71bf22e..3355a9b 100644
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@@ -10,7 +10,7 @@ use crate::constants::{APP_NAME, MAX_FAILED_LOGIN_ATTEMPTS, MIN_PASS_LEN};
 use crate::controllers::base_controller::{FatalErrorPage, redirect_user};
 use crate::data::app_config::AppConfig;
 use crate::data::session_identity::{SessionIdentity, SessionStatus};
-use crate::utils::network_utils::{get_remote_ip, parse_ip};
+use crate::utils::network_utils::get_remote_ip;
 
 #[derive(Template)]
 #[template(path = "base_login_page.html")]
@@ -62,14 +62,7 @@ pub async fn login_route(
     let mut success = String::new();
     let mut login = String::new();
 
-    let remote_ip = match parse_ip(&get_remote_ip(&http_req, config.proxy_ip.as_deref())) {
-        None => return HttpResponse::InternalServerError().body(
-            FatalErrorPage {
-                message: "Failed to determine remote ip address!"
-            }.render().unwrap()
-        ),
-        Some(i) => i,
-    };
+    let remote_ip = get_remote_ip(&http_req, config.proxy_ip.as_deref());
 
     let failed_attempts = bruteforce.send(bruteforce_actor::CountFailedAttempt { ip: remote_ip })
         .await.unwrap();
diff --git a/src/utils/network_utils.rs b/src/utils/network_utils.rs
index 0d46e90..4a4838b 100644
--- a/src/utils/network_utils.rs
+++ b/src/utils/network_utils.rs
@@ -18,19 +18,23 @@ pub fn match_ip(pattern: &str, ip: &str) -> bool {
 
 
 /// Get the remote IP address
-pub fn get_remote_ip(req: &HttpRequest, proxy_ip: Option<&str>) -> String {
-    let mut ip = req.peer_addr().unwrap().ip().to_string();
+pub fn get_remote_ip(req: &HttpRequest, proxy_ip: Option<&str>) -> IpAddr {
+    let mut ip = req.peer_addr().unwrap().ip();
 
     // We check if the request comes from a trusted reverse proxy
     if let Some(proxy) = proxy_ip.as_ref() {
-        if match_ip(proxy, &ip) {
+        if match_ip(proxy, &ip.to_string()) {
             if let Some(header) = req.headers().get("X-Forwarded-For") {
                 let header = header.to_str().unwrap();
 
-                if let Some((upstream_ip, _)) = header.split_once(',') {
-                    ip = upstream_ip.to_string();
+                let remote_ip = if let Some((upstream_ip, _)) = header.split_once(',') {
+                    upstream_ip
                 } else {
-                    ip = header.to_string();
+                    header
+                };
+
+                if let Some(upstream_ip) = parse_ip(remote_ip) {
+                    ip = upstream_ip;
                 }
             }
         }
@@ -74,7 +78,7 @@ mod test {
         let req = TestRequest::default()
             .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
             .to_http_request();
-        assert_eq!(get_remote_ip(&req, None), "192.168.1.1");
+        assert_eq!(get_remote_ip(&req, None), "192.168.1.1".parse::<IpAddr>().unwrap());
     }
 
     #[test]
@@ -83,7 +87,7 @@ mod test {
             .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
             .insert_header(("X-Forwarded-For", "1.1.1.1"))
             .to_http_request();
-        assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1");
+        assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1".parse::<IpAddr>().unwrap());
     }
 
     #[test]
@@ -92,7 +96,16 @@ mod test {
             .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
             .insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
             .to_http_request();
-        assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1");
+        assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1".parse::<IpAddr>().unwrap());
+    }
+
+    #[test]
+    fn test_get_remote_ip_from_proxy_ipv6() {
+        let req = TestRequest::default()
+            .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
+            .insert_header(("X-Forwarded-For", "10::1, 1.2.2.2"))
+            .to_http_request();
+        assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "10::".parse::<IpAddr>().unwrap());
     }
 
     #[test]
@@ -101,7 +114,7 @@ mod test {
             .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
             .insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
             .to_http_request();
-        assert_eq!(get_remote_ip(&req, None), "192.168.1.1");
+        assert_eq!(get_remote_ip(&req, None), "192.168.1.1".parse::<IpAddr>().unwrap());
     }
 
     #[test]
@@ -110,7 +123,7 @@ mod test {
             .peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
             .insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
             .to_http_request();
-        assert_eq!(get_remote_ip(&req, Some("192.168.1.2")), "192.168.1.1");
+        assert_eq!(get_remote_ip(&req, Some("192.168.1.2")), "192.168.1.1".parse::<IpAddr>().unwrap());
     }
 
     #[test]