Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clientAddress returns invalid IP #5348

Closed
ollyde opened this issue Jul 3, 2022 · 5 comments
Closed

clientAddress returns invalid IP #5348

ollyde opened this issue Jul 3, 2022 · 5 comments
Labels
awaiting submitter

Comments

@ollyde
Copy link

ollyde commented Jul 3, 2022
edited
Loading

Describe the bug

We deploy both express and svelte kit to the same servers to test.

Sveltekit post endpoints are returning the same IP address for all users "169.254.1.1" which is a router login IP..

Express returns the correct IP.

We need the IP to filter specific countries (legally) and stop spam.

Reproduction

export async function post(data) {
	const { request } = data;

	// data.clientAddress is wrong.. always returns 169.254.1.1 no matter the location or machine
        // Poor-mans spam list blocker
	// if (spamList[data.clientAddress]) {
	// 	if (spamList[data.clientAddress].attempts > 5) {
	// 		throw 'too-many-attempts';
	// 	}
	// 	spamList[data.clientAddress].attempts = spamList[data.clientAddress].attempts + 1;
	// } else {
	// 	spamList[data.clientAddress] = { attempts: 1, createdIso: new Date().toISOString() };
	// }
}

Logs

No response

System Info

System:
    OS: macOS 12.4
    CPU: (10) arm64 Apple M1 Max
    Memory: 16.68 GB / 64.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 16.15.1 - ~/.nvm/versions/node/v16.15.1/bin/node
    npm: 8.11.0 - ~/.nvm/versions/node/v16.15.1/bin/npm
  Browsers:
    Chrome: 103.0.5060.53
    Firefox: 101.0.1
    Safari: 15.5

Severity

blocking all usage of SvelteKit

Additional Information

No response
@benmccann
Copy link
Member

The reproduction is lacking enough info for us to reproduce this. What adapter are you using, where are you hosting your application, what load balancers / proxies are in front of your app?

@Conduitry
Copy link
Member

As noted, this is not a proper reproduction, and you don't say what versions of anything you're using.

If you're using the Node adapter, you need to use /~https://github.com/sveltejs/kit/tree/master/packages/adapter-node#address_header-and-xff_depth to tell SvelteKit where it should read the client address from - otherwise you'll get the client address of whatever proxy is sitting in front of the server.

@ollyde
Copy link
Author

ollyde commented Jul 4, 2022

Using the node adaptor, sitting on Google cloud run. The docs don’t really make it clear tbh and why is my express service getting the correct IP with no extra fuss?

Why do we have multiple adapters? Surely these other services just run node 🤓 makes it very confusing for people learning the platform.

@Rich-Harris
Copy link
Member

You still haven't provided a reproduction, so we have no idea what configuration you're using with adapter-node or your Express app.

The configuration is required to keep your users safe: https://adam-p.ca/blog/2022/03/x-forwarded-for/

Surely these other services just run node

Lambda runs on Node, but you're not running a server, you're providing a function. It's a completely different interface. Other platforms (Cloudflare Workers, Deno, etc) are very much not Node.

@Rich-Harris
Copy link
Member

Closing as there's no repro and no indication that things aren't working as expected — feel free to open a new issue with a repro if that's not the case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting submitter
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benmccann @Rich-Harris @ollyde @Conduitry