From 91763e97a14e61419689d6c4f4eef12447a0aaa2 Mon Sep 17 00:00:00 2001
From: Clement Michaud <clement.michaud34@gmail.com>
Date: Tue, 28 Aug 2018 22:05:59 +0200
Subject: [PATCH] Get IP of the original client when querying /verify.

---
 example/compose/nginx/portal/nginx.conf | 5 +++++
 server/src/lib/logging/RequestLogger.ts | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/example/compose/nginx/portal/nginx.conf b/example/compose/nginx/portal/nginx.conf
index 7a9ce3b9b..06d29d9cb 100644
--- a/example/compose/nginx/portal/nginx.conf
+++ b/example/compose/nginx/portal/nginx.conf
@@ -80,6 +80,7 @@ http {
             proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
             proxy_set_header            X-Real-IP $remote_addr;
             proxy_set_header            X-Forwarded-Proto $scheme;
+            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
 
             proxy_pass_request_body     off;
             proxy_set_header            Content-Length "";
@@ -147,6 +148,7 @@ http {
             proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
             proxy_set_header            X-Real-IP $remote_addr;
             proxy_set_header            X-Forwarded-Proto $scheme;
+            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
 
             proxy_pass_request_body     off;
             proxy_set_header            Content-Length "";
@@ -197,6 +199,7 @@ http {
             proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
             proxy_set_header            X-Real-IP $remote_addr;
             proxy_set_header            X-Forwarded-Proto $scheme;
+            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
 
             proxy_pass_request_body     off;
             proxy_set_header            Content-Length "";
@@ -247,6 +250,7 @@ http {
             proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
             proxy_set_header            X-Real-IP $remote_addr;
             proxy_set_header            X-Forwarded-Proto $scheme;
+            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
 
             proxy_pass_request_body     off;
             proxy_set_header            Content-Length "";
@@ -298,6 +302,7 @@ http {
             proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
             proxy_set_header            X-Real-IP $remote_addr;
             proxy_set_header            X-Forwarded-Proto $scheme;
+            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
 
             # This header is required for basic authentication.
             proxy_set_header            Proxy-Authorization $http_authorization;
diff --git a/server/src/lib/logging/RequestLogger.ts b/server/src/lib/logging/RequestLogger.ts
index e73ab1c7e..c45c66018 100644
--- a/server/src/lib/logging/RequestLogger.ts
+++ b/server/src/lib/logging/RequestLogger.ts
@@ -17,9 +17,9 @@ export class RequestLogger implements IRequestLogger {
   }
 
   private formatHeader(req: Express.Request) {
-    const ip = req.headers["x-forwarded-for"] || req.connection.remoteAddress;
+    const clientIP = req.ip; // The IP of the original client going through the proxy chain.
     return Util.format("date='%s' method='%s', path='%s' requestId='%s' sessionId='%s' ip='%s'",
-      new Date(), req.method, req.path, req.id, req.sessionID, ip);
+      new Date(), req.method, req.path, req.id, req.sessionID, clientIP);
   }
 
   private formatBody(message: string) {