From beca0a044e4f4d7b20da470b9a3c85aee8774bb0 Mon Sep 17 00:00:00 2001
From: Gani Georgiev <gani.georgiev@gmail.com>
Date: Thu, 27 Apr 2023 20:50:09 +0300
Subject: [PATCH] changed X-Forwarded-For parsing to use the first non-empty
 leftmost-ish ip as it is more close to the 'real ip'

---
 CHANGELOG.md        | 2 ++
 apis/middlewares.go | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 322ec0db..b1b31081 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,8 @@
 
 - New schema fields UI for "tidier" fields list.
 
+- Updated the logs "real" user ip to check for `Fly-Client-IP` header and changed the `X-Forward-For` header to use the first non-empty leftmost-ish IP as it the closes to the "real IP".
+
 
 ## v0.15.2
 
diff --git a/apis/middlewares.go b/apis/middlewares.go
index 5dd74374..3b8d808d 100644
--- a/apis/middlewares.go
+++ b/apis/middlewares.go
@@ -377,10 +377,10 @@ func realUserIp(r *http.Request, fallbackIp string) string {
 	}
 
 	if ipsList := r.Header.Get("X-Forwarded-For"); ipsList != "" {
+		// extract the first non-empty leftmost-ish ip
 		ips := strings.Split(ipsList, ",")
-		// extract the rightmost ip
-		for i := len(ips) - 1; i >= 0; i-- {
-			ip := strings.TrimSpace(ips[i])
+		for _, ip := range ips {
+			ip = strings.TrimSpace(ip)
 			if ip != "" {
 				return ip
 			}