From 821ed3433bd398240a1743a7539417346c53f20d Mon Sep 17 00:00:00 2001
From: Todd E Johnson <todd@toddejohnson.net>
Date: Fri, 24 Nov 2023 00:11:04 -0600
Subject: [PATCH] Add Proxy IP check for header security

---
 services/get-user.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/get-user.js b/services/get-user.js
index 61c85624..b9c9e457 100644
--- a/services/get-user.js
+++ b/services/get-user.js
@@ -2,8 +2,12 @@ module.exports = (config, req) => {
   try {
     if ( config.appConfig.auth.enableHeaderAuth ) {
       const userHeader = config.appConfig.auth.headerAuth.userHeader;
-      return { "success": true, "user": req.headers[userHeader.toLowerCase()] };
+      const proxyWhitelist = config.appConfig.auth.headerAuth.proxyWhitelist;
+      if ( proxyWhitelist.includes(req.socket.remoteAddress) ) {
+        return { "success": true, "user": req.headers[userHeader.toLowerCase()] };
+      }
     }
+    return {};
   } catch (e) {
     console.warn("Error get-user: ", e);
     return { 'success': false };