From 227533d01d128433729abbdd1fc48cf45f068178 Mon Sep 17 00:00:00 2001
From: yumoqing <yumoqing@gmail.com>
Date: Fri, 18 Jul 2025 14:04:03 +0800
Subject: [PATCH] bugfix

---
 ahserver/auth_api.py         |  6 +-----
 ahserver/configuredServer.py |  2 ++
 ahserver/real_ip.py          | 24 ++++++++++++++++++++++++
 setup.cfg                    |  1 +
 4 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100644 ahserver/real_ip.py

diff --git a/ahserver/auth_api.py b/ahserver/auth_api.py
index 493bc5d..168c732 100644
--- a/ahserver/auth_api.py
+++ b/ahserver/auth_api.py
@@ -21,11 +21,7 @@ from appPublic.rsawrap import RSA
 from appPublic.log import info, debug, warning, error, critical, exception
 
 def get_client_ip(obj, request):
-	ip = request.headers.get('X-Forwarded-For')
-	if not ip:
-		ip = request.remote
-	request['client_ip'] = ip
-	return ip
+	return request['client_ip']
 
 async def get_session_userinfo(request):
 	d = await auth.get_auth(request)
diff --git a/ahserver/configuredServer.py b/ahserver/configuredServer.py
index 036f5c4..bfabf4f 100644
--- a/ahserver/configuredServer.py
+++ b/ahserver/configuredServer.py
@@ -20,12 +20,14 @@ from .globalEnv import initEnv
 from .serverenv import ServerEnv
 from .filestorage import TmpFileRecord
 from .loadplugins import load_plugins
+from .real_ip import real_ip_middleware
 
 class AHApp(web.Application):
 	def __init__(self, *args, **kw):
 		kw['client_max_size'] = 1024000000
 		super().__init__(*args, **kw)
 		self.user_data = DictObject()
+		self.middlewares.insert(0, real_ip_middleware())
 	
 	def set_data(self, k, v):
 		self.user_data[k] = v
diff --git a/ahserver/real_ip.py b/ahserver/real_ip.py
new file mode 100644
index 0000000..741cc11
--- /dev/null
+++ b/ahserver/real_ip.py
@@ -0,0 +1,24 @@
+
+from appPublic.log import exception, debug, error
+from aiohttp import web
+
+from aiohttp_middlewares.annotations import DictStrStr, Handler, Middleware
+
+def real_ip_middleware() -> Middleware:
+	@web.middleware
+	async def middleware(
+		request: web.Request, handler: Handler
+	) -> web.StreamResponse:
+		match_header_keys = [
+			"X-Forwarded-For",
+			"X-real-ip"
+		]
+		request['client_ip'] = request.remote
+		for k,v in request.headers.items():
+			if k in match_header_keys:
+				v = v.split(',')[-1].strip()
+				request['client_ip'] = v
+				break
+		return await handler(request)
+
+	return middleware
diff --git a/setup.cfg b/setup.cfg
index 8b47cf6..0e85fc9 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -18,6 +18,7 @@ install_requires =
     aiohttp==3.10.10
     aiohttp_session
     aiohttp_auth_autz
+	aiohttp-middlewares
     aiohttp-cors
     aiomysql
     aioredis