feat: support new trusted proxy flags

Signed-off-by: Liam Stanley <[email protected]>

Author: lrstanley

USAGE.md

@@ -11,7 +11,7 @@
 | Environment vars | Flags | Type | Description |
 | --- | --- | --- | --- |
 | `HTTP_BIND_ADDR` | `--http.bind-addr` | string | ip:port pair to bind to [**required**] [**default: :8080**] |
-| `HTTP_TRUSTED_PROXIES` | `--http.trusted-proxies` | []string | CIDR ranges that we trust the X-Forwarded-For header from |
+| `HTTP_TRUSTED_PROXIES` | `--http.trusted-proxies` | []string | CIDR ranges that we trust the X-Forwarded-For header from (addl opts: local, *, cloudflare, and/or custom header to use) |
 | `HTTP_MAX_CONCURRENT` | `--http.max-concurrent` | int | limit total max concurrent requests across all connections (0 for no limit) |
 | `HTTP_LIMIT` | `--http.limit` | int | number of requests/ip/hour [**default: 2000**] |
 | `HTTP_HSTS` | `--http.hsts` | bool | enable HTTP Strict Transport Security |

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/bluele/gcache v0.0.2
 	github.com/go-chi/chi/v5 v5.0.7
 	github.com/go-chi/cors v1.2.1
-	github.com/lrstanley/chix v0.0.0-20220903205755-022e8ac017bb
+	github.com/lrstanley/chix v0.0.0-20220905152744-9e3b5cbca59c
 	github.com/lrstanley/clix v0.0.0-20220829163403-8f716406f9d5
 	github.com/lrstanley/go-bogon v0.0.0-20220507183221-362a880cf97b
 	github.com/lrstanley/go-sempool v0.0.0-20220507183223-1b08ce19f0b9

go.sum

@@ -180,8 +180,8 @@ github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++
 github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
 github.com/lestrrat-go/jwx v1.2.21/go.mod h1:9cfxnOH7G1gN75CaJP2hKGcxFEx5sPh1abRIA/ZJVh4=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/lrstanley/chix v0.0.0-20220903205755-022e8ac017bb h1:wxbYVMu1mg/4zlWJMhonvUf9I0CbbOtsFCWMad2D9Vc=
-github.com/lrstanley/chix v0.0.0-20220903205755-022e8ac017bb/go.mod h1:UxmCvkoFWQP+3c3bVEGmAwHz9d7MHBX1IwfQK3i9e7U=
+github.com/lrstanley/chix v0.0.0-20220905152744-9e3b5cbca59c h1:K0iKLicfYGAgcgtlvMabd5+lGWyUkTNJ+08OJz0H2qM=
+github.com/lrstanley/chix v0.0.0-20220905152744-9e3b5cbca59c/go.mod h1:UxmCvkoFWQP+3c3bVEGmAwHz9d7MHBX1IwfQK3i9e7U=
 github.com/lrstanley/clix v0.0.0-20220829163403-8f716406f9d5 h1:NFIBt6Wer+HmAw836W6NsKoef0pqw0YdBXm+rXSy7AA=
 github.com/lrstanley/clix v0.0.0-20220829163403-8f716406f9d5/go.mod h1:5srbSsLpTj3J7cjhs43rQ+PNDxPulrhjYuJh4uaJFp4=
 github.com/lrstanley/go-bogon v0.0.0-20220507183221-362a880cf97b h1:jFRbU7IgKGjXlo1ERztns+QOlVRExiP0syyVIsP1TqU=

http.go

@@ -32,7 +32,7 @@ func httpServer(ctx context.Context) *http.Server {
 	limiter := httpware.NewLimiter(cli.Flags.HTTP, 1*time.Hour)
 
 	if len(cli.Flags.HTTP.TrustedProxies) > 0 {
-		r.Use(chix.UseRealIP(cli.Flags.HTTP.TrustedProxies, chix.OptUseXForwardedFor))
+		r.Use(chix.UseRealIPCLIOpts(cli.Flags.HTTP.TrustedProxies))
 	}
 
 	// Core middeware.

internal/models/flags.go

@@ -14,7 +14,7 @@ type Flags struct {
 
 type ConfigHTTP struct {
 	BindAddr       string   `env:"BIND_ADDR"       long:"bind-addr"       default:":8080" required:"true" description:"ip:port pair to bind to"`
-	TrustedProxies []string `env:"TRUSTED_PROXIES" long:"trusted-proxies" description:"CIDR ranges that we trust the X-Forwarded-For header from"`
+	TrustedProxies []string `env:"TRUSTED_PROXIES" long:"trusted-proxies" description:"CIDR ranges that we trust the X-Forwarded-For header from (addl opts: local, *, cloudflare, and/or custom header to use)"`
 	MaxConcurrent  int      `env:"MAX_CONCURRENT"  long:"max-concurrent"  description:"limit total max concurrent requests across all connections (0 for no limit)"`
 	Limit          int      `env:"LIMIT"           long:"limit"           description:"number of requests/ip/hour" default:"2000"`
 	HSTS           bool     `env:"HSTS"            long:"hsts"            description:"enable HTTP Strict Transport Security"`