Remove workaround to detect trusted proxies automatically

2026-02-28 04:03:12 +08:00 · 2025-11-08 10:30:06 +01:00
parent 359129f586
commit 63bea36c05
4 changed files with 3 additions and 124 deletions
--- a/module/Core/src/Middleware/ReverseForwardedAddressesMiddlewareDecorator.php
+++ b/module/Core/src/Middleware/ReverseForwardedAddressesMiddlewareDecorator.php
@@ -1,51 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Shlinkio\Shlink\Core\Middleware;
-
-use Psr\Http\Message\ResponseInterface;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\MiddlewareInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-
-use function array_reverse;
-use function explode;
-use function implode;
-
-/**
- * Decorates a middleware to make sure it gets called with a list of reversed addresses in `X-Forwarded-For`.
- *
- * This is a workaround for a change in behavior introduced in akrabat/ip-address-middleware 2.5, which now
- * takes the first non-trusted-proxy address in that header, starting from the right, instead of the first
- * address starting from the left.
- * That change breaks Shlink's visitor IP resolution when more than one proxy is used, and trusted proxies
- * are not explicitly set for akrabat/ip-address-middleware (which Shlink does not do).
- *
- * A proper solution would require allowing trusted proxies to be configurable, and apply this logic conditionally, only
- * if trusted proxies are not set.
- *
- * @see https://github.com/akrabat/ip-address-middleware/pull/51
- * @deprecated Remove in future major version, and enforce users with multiple reverse proxies to provide the list via
- *             TRUSTED_PROXIES
- */
-readonly class ReverseForwardedAddressesMiddlewareDecorator implements MiddlewareInterface
-{
-    public const string FORWARDED_FOR_HEADER = 'X-Forwarded-For';
-
-    public function __construct(private MiddlewareInterface $wrappedMiddleware)
-    {
-    }
-
-    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
-    {
-        if ($request->hasHeader(self::FORWARDED_FOR_HEADER)) {
-            $request = $request->withHeader(
-                self::FORWARDED_FOR_HEADER,
-                implode(',', array_reverse(explode(',', $request->getHeaderLine(self::FORWARDED_FOR_HEADER)))),
-            );
-        }
-
-        return $this->wrappedMiddleware->process($request, $handler);
-    }
-}
--- a/module/Core/test/Middleware/ReverseForwardedAddressesMiddlewareDecoratorTest.php
+++ b/module/Core/test/Middleware/ReverseForwardedAddressesMiddlewareDecoratorTest.php
@@ -1,59 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace ShlinkioTest\Shlink\Core\Middleware;
-
-use Laminas\Diactoros\Response;
-use Laminas\Diactoros\ServerRequestFactory;
-use PHPUnit\Framework\Attributes\Test;
-use PHPUnit\Framework\MockObject\MockObject;
-use PHPUnit\Framework\TestCase;
-use Psr\Http\Message\ServerRequestInterface;
-use Psr\Http\Server\MiddlewareInterface;
-use Psr\Http\Server\RequestHandlerInterface;
-use Shlinkio\Shlink\Core\Middleware\ReverseForwardedAddressesMiddlewareDecorator;
-
-class ReverseForwardedAddressesMiddlewareDecoratorTest extends TestCase
-{
-    private ReverseForwardedAddressesMiddlewareDecorator $middleware;
-    private MockObject & MiddlewareInterface $decoratedMiddleware;
-    private MockObject & RequestHandlerInterface $requestHandler;
-
-    protected function setUp(): void
-    {
-        $this->decoratedMiddleware = $this->createMock(MiddlewareInterface::class);
-        $this->requestHandler = $this->createMock(RequestHandlerInterface::class);
-        $this->middleware = new ReverseForwardedAddressesMiddlewareDecorator($this->decoratedMiddleware);
-    }
-
-    #[Test]
-    public function processesRequestAsIsWhenHeadersIsNotFound(): void
-    {
-        $request = ServerRequestFactory::fromGlobals();
-        $this->decoratedMiddleware->expects($this->once())->method('process')->with(
-            $request,
-            $this->requestHandler,
-        )->willReturn(new Response());
-
-        $this->middleware->process($request, $this->requestHandler);
-    }
-
-    #[Test]
-    public function revertsListOfAddressesWhenHeaderIsFound(): void
-    {
-        $request = ServerRequestFactory::fromGlobals()->withHeader(
-            ReverseForwardedAddressesMiddlewareDecorator::FORWARDED_FOR_HEADER,
-            '1.2.3.4,5.6.7.8,9.10.11.12',
-        );
-
-        $this->decoratedMiddleware->expects($this->once())->method('process')->with(
-            $this->callback(fn (ServerRequestInterface $req): bool => $req->getHeaderLine(
-                ReverseForwardedAddressesMiddlewareDecorator::FORWARDED_FOR_HEADER,
-            ) === '9.10.11.12,5.6.7.8,1.2.3.4'),
-            $this->requestHandler,
-        )->willReturn(new Response());
-
-        $this->middleware->process($request, $this->requestHandler);
-    }
-}