fix: log accurate IP (#2416)

* update dev docker poetry install * Forward/Report IP through front and backend. * Add fail2ban docs * fix option name and iproute2 in omni entry * Fix entry scripts -> gunicorn setting respected * gunicorn off * xfwd in nuxt proxy and handle multiple IPs
2025-12-24 19:25:13 -05:00 · 2023-06-25 20:22:21 +02:00
parent 5e904d19b4
commit 9557b3f0b6
10 changed files with 39 additions and 22 deletions
--- a/mealie/routes/auth/auth.py
+++ b/mealie/routes/auth/auth.py
@@ -52,15 +52,21 @@ class MealieAuthToken(BaseModel):
 def get_token(request: Request, data: CustomOAuth2Form = Depends(), session: Session = Depends(generate_session)):
    email = data.username
    password = data.password
+    if "x-forwarded-for" in request.headers:
+        ip = request.headers["x-forwarded-for"]
+        if "," in ip:  # if there are multiple IPs, the first one is canonically the true client
+            ip = str(ip.split(",")[0])
+    else:
+        ip = request.client.host

    try:
        user = authenticate_user(session, email, password)  # type: ignore
    except UserLockedOut as e:
-        logger.error(f"User is locked out from {request.client.host}")
+        logger.error(f"User is locked out from {ip}")
        raise HTTPException(status_code=status.HTTP_423_LOCKED, detail="User is locked out") from e

    if not user:
-        logger.error(f"Incorrect username or password from {request.client.host}")
+        logger.error(f"Incorrect username or password from {ip}")
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
        )