fix x-forwarded-for header (#4111)

test/e2e/v1/features/real_ip.go

@@ -2,6 +2,7 @@ package features
 
 import (
 	"bufio"
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -9,6 +10,7 @@ import (
 	"github.com/onsi/ginkgo/v2"
 	pp "github.com/pires/go-proxyproto"
 
+	"github.com/fatedier/frp/pkg/transport"
 	"github.com/fatedier/frp/pkg/util/log"
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
@@ -21,23 +23,24 @@ import (
 var _ = ginkgo.Describe("[Feature: Real IP]", func() {
 	f := framework.NewDefaultFramework()
 
-	ginkgo.It("HTTP X-Forwarded-For", func() {
-		vhostHTTPPort := f.AllocPort()
-		serverConf := consts.DefaultServerConfig + fmt.Sprintf(`
+	ginkgo.Describe("HTTP X-forwarded-For", func() {
+		ginkgo.It("Client Without Header", func() {
+			vhostHTTPPort := f.AllocPort()
+			serverConf := consts.DefaultServerConfig + fmt.Sprintf(`
 		vhostHTTPPort = %d
 		`, vhostHTTPPort)
 
-		localPort := f.AllocPort()
-		localServer := httpserver.New(
-			httpserver.WithBindPort(localPort),
-			httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-				_, _ = w.Write([]byte(req.Header.Get("X-Forwarded-For")))
-			})),
-		)
-		f.RunServer("", localServer)
+			localPort := f.AllocPort()
+			localServer := httpserver.New(
+				httpserver.WithBindPort(localPort),
+				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+					_, _ = w.Write([]byte(req.Header.Get("X-Forwarded-For")))
+				})),
+			)
+			f.RunServer("", localServer)
 
-		clientConf := consts.DefaultClientConfig
-		clientConf += fmt.Sprintf(`
+			clientConf := consts.DefaultClientConfig
+			clientConf += fmt.Sprintf(`
 		[[proxies]]
 		name = "test"
 		type = "http"
@@ -45,14 +48,131 @@ var _ = ginkgo.Describe("[Feature: Real IP]", func() {
 		customDomains = ["normal.example.com"]
 		`, localPort)
 
-		f.RunProcesses([]string{serverConf}, []string{clientConf})
+			f.RunProcesses([]string{serverConf}, []string{clientConf})
 
-		framework.NewRequestExpect(f).Port(vhostHTTPPort).
-			RequestModify(func(r *request.Request) {
-				r.HTTP().HTTPHost("normal.example.com")
-			}).
-			ExpectResp([]byte("127.0.0.1")).
-			Ensure()
+			framework.NewRequestExpect(f).Port(vhostHTTPPort).
+				RequestModify(func(r *request.Request) {
+					r.HTTP().HTTPHost("normal.example.com")
+				}).
+				ExpectResp([]byte("127.0.0.1")).
+				Ensure()
+		})
+
+		ginkgo.It("Client With Header", func() {
+			vhostHTTPPort := f.AllocPort()
+			serverConf := consts.DefaultServerConfig + fmt.Sprintf(`
+		vhostHTTPPort = %d
+		`, vhostHTTPPort)
+
+			localPort := f.AllocPort()
+			localServer := httpserver.New(
+				httpserver.WithBindPort(localPort),
+				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+					_, _ = w.Write([]byte(req.Header.Get("X-Forwarded-For")))
+				})),
+			)
+			f.RunServer("", localServer)
+
+			clientConf := consts.DefaultClientConfig
+			clientConf += fmt.Sprintf(`
+		[[proxies]]
+		name = "test"
+		type = "http"
+		localPort = %d
+		customDomains = ["normal.example.com"]
+		`, localPort)
+
+			f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+			framework.NewRequestExpect(f).Port(vhostHTTPPort).
+				RequestModify(func(r *request.Request) {
+					r.HTTP().HTTPHost("normal.example.com")
+					r.HTTP().HTTPHeaders(map[string]string{"x-forwarded-for": "2.2.2.2"})
+				}).
+				ExpectResp([]byte("2.2.2.2, 127.0.0.1")).
+				Ensure()
+		})
+
+		ginkgo.It("http2https plugin", func() {
+			vhostHTTPPort := f.AllocPort()
+			serverConf := consts.DefaultServerConfig + fmt.Sprintf(`
+		vhostHTTPPort = %d
+		`, vhostHTTPPort)
+
+			localPort := f.AllocPort()
+
+			clientConf := consts.DefaultClientConfig
+			clientConf += fmt.Sprintf(`
+		[[proxies]]
+		name = "test"
+		type = "http"
+		customDomains = ["normal.example.com"]
+		[proxies.plugin]
+		type = "http2https"
+		localAddr = "127.0.0.1:%d"
+		`, localPort)
+
+			f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+			tlsConfig, err := transport.NewServerTLSConfig("", "", "")
+			framework.ExpectNoError(err)
+
+			localServer := httpserver.New(
+				httpserver.WithBindPort(localPort),
+				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+					_, _ = w.Write([]byte(req.Header.Get("X-Forwarded-For")))
+				})),
+				httpserver.WithTLSConfig(tlsConfig),
+			)
+			f.RunServer("", localServer)
+
+			framework.NewRequestExpect(f).Port(vhostHTTPPort).
+				RequestModify(func(r *request.Request) {
+					r.HTTP().HTTPHost("normal.example.com")
+					r.HTTP().HTTPHeaders(map[string]string{"x-forwarded-for": "2.2.2.2, 3.3.3.3"})
+				}).
+				ExpectResp([]byte("2.2.2.2, 3.3.3.3, 127.0.0.1")).
+				Ensure()
+		})
+
+		ginkgo.It("https2http plugin", func() {
+			vhostHTTPSPort := f.AllocPort()
+			serverConf := consts.DefaultServerConfig + fmt.Sprintf(`
+		vhostHTTPSPort = %d
+		`, vhostHTTPSPort)
+
+			localPort := f.AllocPort()
+
+			clientConf := consts.DefaultClientConfig
+			clientConf += fmt.Sprintf(`
+		[[proxies]]
+		name = "test"
+		type = "https"
+		customDomains = ["normal.example.com"]
+		[proxies.plugin]
+		type = "https2http"
+		localAddr = "127.0.0.1:%d"
+		`, localPort)
+
+			f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+			localServer := httpserver.New(
+				httpserver.WithBindPort(localPort),
+				httpserver.WithHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+					_, _ = w.Write([]byte(req.Header.Get("X-Forwarded-For")))
+				})),
+			)
+			f.RunServer("", localServer)
+
+			framework.NewRequestExpect(f).Port(vhostHTTPSPort).
+				RequestModify(func(r *request.Request) {
+					r.HTTPS().HTTPHost("normal.example.com").
+						HTTPHeaders(map[string]string{"x-forwarded-for": "2.2.2.2"}).
+						TLSConfig(&tls.Config{ServerName: "normal.example.com", InsecureSkipVerify: true})
+				}).
+				ExpectResp([]byte("2.2.2.2, 127.0.0.1")).
+				Ensure()
+		})
 	})
 
 	ginkgo.Describe("Proxy Protocol", func() {