[bugfix] Log a warning when clientIP could not be parsed during rate limiting (#4481)

# Description > If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements. > > If this is a documentation change, please briefly describe what you've changed and why. Fixes a panic when clientIP cannot be parsed in the rate limiting middleware, and warn logs the derived clientIP and a hint that reverse proxy may be misconfigured. Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4479 ## Checklist Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]` If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want). - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [x] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [x] I/we have run tests and they pass locally with the changes. - [x] I/we have run `go fmt ./...` and `golangci-lint run`. Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4481 Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-10-28 11:22:25 -05:00 · 2025-10-07 16:02:57 +02:00 · 2025-10-07 16:02:57 +02:00 · b012a81f66
commit b012a81f66
parent c6044d0142
1 changed files with 20 additions and 6 deletions
--- a/internal/middleware/ratelimit.go
+++ b/internal/middleware/ratelimit.go
@ -25,6 +25,7 @@ import (
 	"time"

 	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+	"code.superseriousbusiness.org/gotosocial/internal/log"
 	"code.superseriousbusiness.org/gotosocial/internal/util"
 	"github.com/gin-gonic/gin"
 	"github.com/ulule/limiter/v3"
@ -78,30 +79,43 @@ func RateLimit(limit int, except []netip.Prefix) gin.HandlerFunc {
 		// Use Gin's heuristic for determining
 		// clientIP, which accounts for reverse
 		// proxies and trusted proxies setting.
-		clientIP := netip.MustParseAddr(c.ClientIP())
+		clientIP := c.ClientIP()
+
+		// ClientIP must be parseable.
+		ip, err := netip.ParseAddr(clientIP)
+		if err != nil {
+			log.Warnf(
+				c.Request.Context(),
+				"cannot do rate limiting for this request as client IP %s could not be parsed;"+
+					" your upstream reverse proxy may be misconfigured: %v",
+				err,
+			)
+			c.Next()
+			return
+		}

 		// Check if this IP is exempt from rate
 		// limits and skip further checks if so.
 		for _, prefix := range except {
-			if prefix.Contains(clientIP) {
+			if prefix.Contains(ip) {
 				c.Next()
 				return
 			}
 		}

-		if clientIP.Is6() {
+		if ip.Is6() {
 			// Convert to "net" package IP for mask.
-			asIP := net.IP(clientIP.AsSlice())
+			asIP := net.IP(ip.AsSlice())

 			// Apply coarse IPv6 mask.
 			asIP = asIP.Mask(ipv6Mask)

 			// Convert back to netip.Addr from net.IP.
-			clientIP, _ = netip.AddrFromSlice(asIP)
+			ip, _ = netip.AddrFromSlice(asIP)
 		}

 		// Fetch rate limit info for this (masked) clientIP.
-		context, err := limiter.Get(c, clientIP.String())
+		context, err := limiter.Get(c, ip.String())
 		if err != nil {
 			// Since we use an in-memory cache now,
 			// it's actually impossible for this to