api/handler: check if each IP in X-Forwarded-For is *not* in trusted networks before accepting

Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Id54c1584650fcee64de70d1f99e542c16a6a6964
2026-04-15 14:54:00 +00:00 · 2026-03-10 08:54:47 +03:00 · 2026-03-10 08:54:47 +03:00 · ffa2af62be
commit ffa2af62be
parent d1181d38f0
1 changed files with 4 additions and 1 deletions
--- a/internal/api/handler.go
+++ b/internal/api/handler.go
@ -262,7 +262,10 @@ func (h *IngestionHandler) extractIP(r *http.Request) string {
 		for i := len(ips) - 1; i >= 0; i-- {
 			ip := strings.TrimSpace(ips[i])
 			if testIP := net.ParseIP(ip); testIP != nil {
-				return ip
+				// Only accept this IP if it's NOT from a trusted proxy
+				if !h.ipInNetworks(ip, h.trustedNetworks) {
+					return ip
+				}
 			}
 		}
 	}