use proxy headers for client IP address

diff --git a/plack/bookreader.psgi b/plack/bookreader.psgi
index c63001e..2dadb8d 100644 (file)
--- a/plack/bookreader.psgi
+++ b/plack/bookreader.psgi
@@ -10,6 +10,23 @@ use Plack::App::BookReader;
 
 builder {
 
+       # use proxy headers for client IP address
+       enable sub {
+               my ( $app, $env ) = @_;
+               return sub {
+                       my $env = shift;
+                       my $client_ip = $env->{HTTP_X_REAL_IP} || $env->{HTTP_X_FORWARDED_FOR};
+                       if ( $client_ip ) {
+                               my $proxy_ip = $env->{REMOTE_ADDR};
+                               die "request not from authorized proxy $proxy_ip" if $proxy_ip !~ /\Q127.0.0.1\E$/;
+                               warn "# rewrite $proxy_ip -> $client_ip\n";
+                               $env->{REMOTE_ADDR} = $client_ip;
+                       }
+
+                       $app->( $env );
+               }
+       };
+
        enable "Plack::Middleware::ServerStatus::Lite",
                path => '/server-status',
 #              allow => [ '127.0.0.1', '10.60.0.0/16', '193.198.0.0/16', '0.0.0.0/32' ], # FIXME doesn't work for IPv6