42 lines
1.2 KiB
Python
42 lines
1.2 KiB
Python
"""Middleware to fetch real IP."""
|
|
from ipaddress import ip_address
|
|
|
|
from aiohttp.hdrs import X_FORWARDED_FOR
|
|
from aiohttp.web import middleware
|
|
|
|
from homeassistant.core import callback
|
|
|
|
from .const import KEY_REAL_IP
|
|
|
|
# mypy: allow-untyped-defs
|
|
|
|
|
|
@callback
|
|
def setup_real_ip(app, use_x_forwarded_for, trusted_proxies):
|
|
"""Create IP Ban middleware for the app."""
|
|
|
|
@middleware
|
|
async def real_ip_middleware(request, handler):
|
|
"""Real IP middleware."""
|
|
connected_ip = ip_address(request.transport.get_extra_info("peername")[0])
|
|
request[KEY_REAL_IP] = connected_ip
|
|
|
|
# Only use the XFF header if enabled, present, and from a trusted proxy
|
|
try:
|
|
if (
|
|
use_x_forwarded_for
|
|
and X_FORWARDED_FOR in request.headers
|
|
and any(
|
|
connected_ip in trusted_proxy for trusted_proxy in trusted_proxies
|
|
)
|
|
):
|
|
request[KEY_REAL_IP] = ip_address(
|
|
request.headers.get(X_FORWARDED_FOR).split(", ")[-1]
|
|
)
|
|
except ValueError:
|
|
pass
|
|
|
|
return await handler(request)
|
|
|
|
app.middlewares.append(real_ip_middleware)
|