Skip to content

Add trusted proxy client metadata#225

Draft
durck wants to merge 1 commit into
NHAS:mainfrom
durck:feat/trusted-proxy-client-metadata
Draft

Add trusted proxy client metadata#225
durck wants to merge 1 commit into
NHAS:mainfrom
durck:feat/trusted-proxy-client-metadata

Conversation

@durck

@durck durck commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds trusted reverse proxy support for client metadata and webhook payloads.

Details

  • Adds --trusted-proxy-cidr to trust X-Real-IP and X-Forwarded-For only from configured proxy CIDRs.
  • Accepts repeated or comma-separated CIDR/IP values; plain IP values are normalized to /32 or /128.
  • Carries connection metadata through mux wrappers, WebSocket, and HTTP polling transports.
  • Adds optional client state fields for transport, public key fingerprint, and proxy source IP.

Validation

  • go test ./pkg/mux ./internal/server/observers ./cmd/server
  • go test -vet=off ./cmd/server ./internal/server
  • git diff --check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant