From cf72f8f2538e1d712e5b6e12cd2cadbcaf96c8e2 Mon Sep 17 00:00:00 2001
From: John Donaldson <donaldson8@llnl.gov>
Date: Thu, 5 Mar 2020 02:19:46 +0000
Subject: [PATCH 1/2] Extract and use X-Forwarded-For headers in mothd logging

---
 CHANGELOG.md    |  1 +
 src/handlers.go | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c6c04b2..79da341 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Include basic metadata in mothballs
 - add_script_stream convenience function allows easy script addition to puzzle
 - Autobuild Docker images to test buildability
+- Extract and use X-Forwarded-For headers in mothd logging
 ### Fixed
 - Handle cases where non-legacy puzzles don't have an `author` attribute
 - Handle YAML-formatted file and script lists as expected
diff --git a/src/handlers.go b/src/handlers.go
index a0ceded..9c4256e 100644
--- a/src/handlers.go
+++ b/src/handlers.go
@@ -339,10 +339,18 @@ func (ctx *Instance) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		w:          wOrig,
 		statusCode: new(int),
 	}
+
+	clientIP := r.Header.Get("X-Forwarded-For")
+	clientIP = strings.Split(clientIP, ", ")[0]
+
+	if clientIP == "" {
+		clientIP = r.RemoteAddr
+	}
+
 	ctx.mux.ServeHTTP(w, r)
 	log.Printf(
 		"%s %s %s %d\n",
-		r.RemoteAddr,
+		clientIP,
 		r.Method,
 		r.URL,
 		*w.statusCode,

From d9277ad423b1e006db5e3ccfbb00536ddacd3ea9 Mon Sep 17 00:00:00 2001
From: John Donaldson <donaldson8@llnl.gov>
Date: Thu, 5 Mar 2020 03:22:34 +0000
Subject: [PATCH 2/2] Make X-Forwarded-For handling an optional flag

---
 src/handlers.go | 12 ++++++++----
 src/instance.go |  1 +
 src/mothd.go    |  6 ++++++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/handlers.go b/src/handlers.go
index 9c4256e..7b2d6d2 100644
--- a/src/handlers.go
+++ b/src/handlers.go
@@ -340,11 +340,15 @@ func (ctx *Instance) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		statusCode: new(int),
 	}
 
-	clientIP := r.Header.Get("X-Forwarded-For")
-	clientIP = strings.Split(clientIP, ", ")[0]
+	clientIP := r.RemoteAddr
 
-	if clientIP == "" {
-		clientIP = r.RemoteAddr
+	if (ctx.UseXForwarded) {
+		forwardedIP := r.Header.Get("X-Forwarded-For")
+		forwardedIP = strings.Split(forwardedIP, ", ")[0]
+
+		if forwardedIP != "" {
+			clientIP = forwardedIP
+		}
 	}
 
 	ctx.mux.ServeHTTP(w, r)
diff --git a/src/instance.go b/src/instance.go
index 0ec5d8e..f446439 100644
--- a/src/instance.go
+++ b/src/instance.go
@@ -25,6 +25,7 @@ type Instance struct {
 	StateDir        string
 	ThemeDir        string
 	AttemptInterval time.Duration
+	UseXForwarded	bool
 
 	Runtime RuntimeConfig
 
diff --git a/src/mothd.go b/src/mothd.go
index abf02cb..a61666e 100644
--- a/src/mothd.go
+++ b/src/mothd.go
@@ -52,6 +52,12 @@ func main() {
 		20*time.Second,
 		"Time between maintenance tasks",
 	)
+	flag.BoolVar(
+		&ctx.UseXForwarded,
+		"x-forwarded-for",
+		false,
+		"Emit IPs from the X-Forwarded-For header in logs, when available, instead of the source IP. Use this when running behind a load-balancer or proxy",
+	)
 	listen := flag.String(
 		"listen",
 		":8080",