自定义获取请求头IP (#486)

* Add custom request header to get IP

* Add custom request header to get IP

* Add dependencies "get-user-ip"

* Add dependencies "get-user-ip"

* Add environment variable description

* fix(eslint): "getIp" space-before-function-paren

* fix(eslint): "getIp" space-before-function-paren

src/server/self-hosted/README.md

@@ -20,3 +20,4 @@ tkserver
 | `TWIKOO_PORT` | 端口号 | `8080` |
 | `TWIKOO_THROTTLE` | IP 请求限流，当同一 IP 短时间内请求次数超过阈值将对该 IP 返回错误 | `250` |
 | `TWIKOO_LOCALHOST_ONLY` | 为`true`时只监听本地请求，使得 nginx 等服务器反代之后不暴露原始端口 | `null` |
+| `TWIKOO_IP_HEADERS` | 在一些特殊情况下使用，如使用了`CloudFlare CDN` 它会将请求 IP 写到请求头的 `cf-connecting-ip` 字段上，为了能够正确的获取请求 IP 你可以写成 `['headers.cf-connecting-ip']` | `[]` |

src/server/self-hosted/index.js

@@ -8,6 +8,7 @@ const { version: VERSION } = require('./package.json')
 const fs = require('fs')
 const path = require('path')
 const Loki = require('lokijs')
+const getUserIP = require('get-user-ip')
 const Lfsa = require('lokijs/src/loki-fs-structured-adapter')
 const { v4: uuidv4 } = require('uuid') // 用户 id 生成
 const {
@@ -894,7 +895,14 @@ async function createCollections () {
 }
 
 function getIp (request) {
-  return request.headers['x-forwarded-for'] || request.socket.remoteAddress || ''
+  try {
+    const { TWIKOO_IP_HEADERS } = process.env
+    const headers = TWIKOO_IP_HEADERS ? JSON.parse(TWIKOO_IP_HEADERS) : []
+    return getUserIP(request, headers)
+  } catch (e) {
+    console.error('获取 IP 错误信息：', e)
+  }
+  return getUserIP(request)
 }
 
 function clearRequestTimes () {

src/server/self-hosted/package.json

@@ -24,6 +24,7 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
+    "get-user-ip": "^1.0.1",
     "lokijs": "^1.5.12",
     "twikoo-func": "1.6.7",
     "uuid": "^8.3.2"

src/server/vercel/api/index.js

@@ -6,6 +6,7 @@
 
 const { version: VERSION } = require('../package.json')
 const MongoClient = require('mongodb').MongoClient
+const getUserIP = require('get-user-ip')
 const { URL } = require('url')
 const { v4: uuidv4 } = require('uuid') // 用户 id 生成
 const {
@@ -59,7 +60,7 @@ const requestTimes = {}
 
 module.exports = async (request, response) => {
   const event = request.body || {}
-  console.log('请求 IP：', request.headers['x-real-ip'])
+  console.log('请求 IP：', getIp(request))
   console.log('请求函数：', event.event)
   console.log('请求参数：', event)
   let res = {}
@@ -624,7 +625,7 @@ async function parse (comment, request) {
     mailMd5: comment.mail ? md5(comment.mail) : '',
     link: comment.link ? comment.link : '',
     ua: comment.ua,
-    ip: request.headers['x-real-ip'],
+    ip: getIp(request),
     master: isBloggerMail,
     url: comment.url,
     href: comment.href,
@@ -652,7 +653,7 @@ async function limitFilter (request) {
     const count = await db
       .collection('comment')
       .countDocuments({
-        ip: request.headers['x-real-ip'],
+        ip: getIp(request),
         created: { $gt: Date.now() - 600000 }
       })
     if (count > limitPerMinute) {
@@ -836,7 +837,7 @@ async function setConfig (event) {
 
 function protect (request) {
   // 防御
-  const ip = request.headers['x-real-ip']
+  const ip = getIp(request)
   requestTimes[ip] = (requestTimes[ip] || 0) + 1
   if (requestTimes[ip] > MAX_REQUEST_TIMES) {
     console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}，已超过最大请求次数`)
@@ -916,3 +917,14 @@ async function createCollections () {
   }
   return res
 }
+
+function getIp (request) {
+  try {
+    const { TWIKOO_IP_HEADERS } = process.env
+    const headers = TWIKOO_IP_HEADERS ? JSON.parse(TWIKOO_IP_HEADERS) : []
+    return getUserIP(request, headers)
+  } catch (e) {
+    console.error('获取 IP 错误信息：', e)
+  }
+  return getUserIP(request)
+}

src/server/vercel/package.json

@@ -11,6 +11,7 @@
   },
   "homepage": "https://twikoo.js.org",
   "dependencies": {
+    "get-user-ip": "^1.0.1",
     "mongodb": "^3.6.3",
     "twikoo-func": "1.6.7",
     "uuid": "^8.3.2"