UNPKG

dd-trace

Version:

Datadog APM tracing client for JavaScript

github.com/DataDog/dd-trace-js

DataDog/dd-trace-js

137 lines (105 loc) 3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
'use strict' const { BlockList } = require('net') const net = require('net') const FORWARED_HEADER_NAME = 'forwarded' const ipHeaderList = [ 'x-forwarded-for', 'x-real-ip', 'true-client-ip', 'x-client-ip', FORWARED_HEADER_NAME, 'forwarded-for', 'x-cluster-client-ip', 'fastly-client-ip', 'cf-connecting-ip', 'cf-connecting-ipv6' ] const privateCIDRs = [ '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', '169.254.0.0/16', '100.65.0.0/10', '::1/128', 'fec0::/10', 'fe80::/10', 'fc00::/7', 'fd00::/8' ] const privateIPMatcher = new BlockList() for (const cidr of privateCIDRs) { const [address, prefix] = cidr.split('/') privateIPMatcher.addSubnet(address, Number.parseInt(prefix), net.isIPv6(address) ? 'ipv6' : 'ipv4') } function extractIp (config, req) { const headers = req.headers if (config.clientIpHeader) { if (!headers) return const ip = findFirstIp(headers[config.clientIpHeader]) return ip.public || ip.private } let firstPrivateIp if (headers) { for (const ipHeaderName of ipHeaderList) { const header = headers[ipHeaderName] const firstIp = ipHeaderName === FORWARED_HEADER_NAME ? findFirstIpForwardedFormat(header) : findFirstIp(header) if (firstIp.public) { return firstIp.public } else if (!firstPrivateIp && firstIp.private) { firstPrivateIp = firstIp.private } } } return firstPrivateIp || req.socket?.remoteAddress } function isPublicIp (ip, type) { return !privateIPMatcher.check(ip, type === 6 ? 'ipv6' : 'ipv4') } function findFirstIp (str) { const result = {} if (!str) return result const splitted = str.split(',') for (const part of splitted) { const chunk = part.trim() // TODO: strip port and interface data ? const type = net.isIP(chunk) if (!type) continue if (isPublicIp(chunk, type)) { // it's public, return it immediately result.public = chunk return result } // it's private, only save the first one found if (!result.private) result.private = chunk } return result } const forwardedForRegexp = /for="?\[?(([0-9]+\.)+[0-9]+|[0-9a-f:]*:[0-9a-f]*)/i const forwardedByRegexp = /by="?\[?(([0-9]+\.)+[0-9]+|[0-9a-f:]*:[0-9a-f]*)/i const forwardedRegexps = [forwardedForRegexp, forwardedByRegexp] function findFirstIpForwardedFormat (str) { const result = {} if (!str) return result const splitted = str.split(',') for (const part of splitted) { const chunk = part.trim() for (const regex of forwardedRegexps) { const ip = regex.exec(chunk)?.[1] const type = net.isIP(ip) if (!type) continue if (isPublicIp(ip, type)) { // it's public, return it immediately result.public = ip return result } // it's private, only save the first one found if (!result.private) result.private = ip } } return result } module.exports = { extractIp, ipHeaderList }