diff --git a/lanshare/src/main.rs b/lanshare/src/main.rs index b2b2afa..bb53c99 100644 --- a/lanshare/src/main.rs +++ b/lanshare/src/main.rs @@ -70,15 +70,6 @@ struct Args { /// connect via ws:// instead. #[arg(long, default_value_t = 8081, value_name = "PORT")] http_port: u16, - - /// Trust proxy headers (X-Forwarded-For, X-Real-IP) for client IPs - /// - /// Enable this when running behind a reverse proxy (e.g. nginx, caddy, - /// traefik). The server will use the IP from proxy headers instead of - /// the direct connection address. Do NOT enable this without a trusted - /// proxy, as clients can spoof these headers. - #[arg(long)] - trust_proxy: bool, } /// Messages sent between peers via the signaling server @@ -164,14 +155,12 @@ struct PeerState { /// Application state shared across all connections struct AppState { peers: DashMap, - trust_proxy: bool, } impl AppState { - fn new(trust_proxy: bool) -> Self { + fn new() -> Self { Self { peers: DashMap::new(), - trust_proxy, } } @@ -213,7 +202,7 @@ async fn main() { ) .init(); - let state = Arc::new(AppState::new(args.trust_proxy)); + let state = Arc::new(AppState::new()); let app = Router::new() .route("/", get(serve_index)) @@ -255,9 +244,6 @@ async fn main() { } } } - if args.trust_proxy { - println!(" \x1b[1;36mProxy mode:\x1b[0m trusting X-Forwarded-For / X-Real-IP headers"); - } println!(); println!(" \x1b[90mOpen this URL in browsers on your local network.\x1b[0m"); println!(" \x1b[90mPress Ctrl+C to stop the server.\x1b[0m"); @@ -304,47 +290,14 @@ async fn serve_index() -> impl IntoResponse { async fn ws_handler( ws: WebSocketUpgrade, ConnectInfo(addr): ConnectInfo, - headers: axum::http::HeaderMap, State(state): State>, ) -> impl IntoResponse { - let peer_ip = if state.trust_proxy { - extract_proxy_ip(&headers).unwrap_or_else(|| addr.ip().to_string()) - } else { - addr.ip().to_string() - }; - ws.on_upgrade(move |socket| handle_socket(socket, state, peer_ip)) + ws.on_upgrade(move |socket| handle_socket(socket, state, addr)) } -/// Extract the client IP from proxy headers. -/// Checks X-Forwarded-For first (uses the leftmost/first IP), then X-Real-IP. -fn extract_proxy_ip(headers: &axum::http::HeaderMap) -> Option { - // X-Forwarded-For: client, proxy1, proxy2 - if let Some(forwarded_for) = headers.get("x-forwarded-for") { - if let Ok(value) = forwarded_for.to_str() { - if let Some(first_ip) = value.split(',').next() { - let trimmed = first_ip.trim(); - if !trimmed.is_empty() { - return Some(trimmed.to_string()); - } - } - } - } - - // X-Real-IP: client - if let Some(real_ip) = headers.get("x-real-ip") { - if let Ok(value) = real_ip.to_str() { - let trimmed = value.trim(); - if !trimmed.is_empty() { - return Some(trimmed.to_string()); - } - } - } - - None -} - -async fn handle_socket(socket: WebSocket, state: Arc, peer_ip: String) { +async fn handle_socket(socket: WebSocket, state: Arc, addr: SocketAddr) { let peer_id = Uuid::new_v4().to_string(); + let peer_ip = addr.ip().to_string(); let (tx, _) = broadcast::channel::(64); // Add peer to state with default name