fix(honeypot/naive): implement better IP parsing logic

Xe · Xe · commit 40afc13d7f69 · 2025-12-16T04:32:45.000-05:00
Signed-off-by: Xe Iaso &lt;me@xeiaso.net&gt;
diff --git a/internal/headers.go b/internal/headers.go
@@ -100,6 +100,9 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler {
 			ip := xff.Parse(xffHeader)
 			slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader)
 			r.Header.Set("X-Real-Ip", ip)
+			if addr, err := netip.ParseAddr(ip); err == nil {
+				r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr))
+			}
 		}
 
 		next.ServeHTTP(w, r)
diff --git a/internal/honeypot/naive/naive.go b/internal/honeypot/naive/naive.go
@@ -6,7 +6,9 @@ import (
 	"fmt"
 	"log/slog"
 	"math/rand/v2"
+	"net"
 	"net/http"
+	"net/netip"
 	"time"
 
 	"github.com/TecharoHQ/anubis/internal"
@@ -152,9 +154,8 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	realIP, _ := internal.RealIP(r)
 	if !realIP.IsValid() {
-		lg.Error("the real IP is somehow invalid, bad middleware stack?")
-		http.Error(w, "The cake is a lie", http.StatusTeapot)
-		return
+		host, _, _ := net.SplitHostPort(r.RemoteAddr)
+		realIP = netip.MustParseAddr(host)
 	}
 
 	network, ok := internal.ClampIP(realIP)

Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,9 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler {`
`100`	`100`	`ip := xff.Parse(xffHeader)`
`101`	`101`	`slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader)`
`102`	`102`	`r.Header.Set("X-Real-Ip", ip)`
	`103`	`+ if addr, err := netip.ParseAddr(ip); err == nil {`
	`104`	`+ r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr))`
	`105`	`+ }`
`103`	`106`	`}`
`104`	`107`
`105`	`108`	`next.ServeHTTP(w, r)`