From 2c71f995b73774d5b910d49a024e51c4ac902f3a Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Sat, 22 Mar 2025 20:55:25 +0800
Subject: [PATCH] Support X-Forwarded-For for reverse proxies

---
 config.go      |  1 +
 forge.scfg     |  9 ++++++++-
 http_server.go | 13 ++++++++++++-

diff --git a/config.go b/config.go
index 3721fd60c5ad5d10c7f2d1a1a57632eb3d2c7954..28e90e8332f1d2e3831717b1dae5a961fd50430d 100644
--- a/config.go
+++ b/config.go
@@ -24,6 +24,7 @@ 		Root         string `scfg:"root"`
 		ReadTimeout  uint   `scfg:"read_timeout"`
 		WriteTimeout uint   `scfg:"write_timeout"`
 		IdleTimeout  uint   `scfg:"idle_timeout"`
+		ReverseProxy bool   `scfg:"reverse_proxy"`
 	} `scfg:"http"`
 	Hooks struct {
 		Socket string `scfg:"socket"`
diff --git a/forge.scfg b/forge.scfg
index e2b703ec382406b409bf20d30f2e163c860381d7..5003b759d47016eae606b4dd263c30e802e7db3b 100644
--- a/forge.scfg
+++ b/forge.scfg
@@ -14,9 +14,16 @@
 	# What is the canonical URL of the web root?
 	root https://forge.example.org
 
+	# General HTTP server context timeout settings. It's recommended to
+	# set them slightly higher than usual as Git operations over large
+	# repos may take a long time.
 	read_timeout 120
-	write_timeout 120
+	write_timeout 1800
 	idle_timeout 120
+
+	# Are we running behind a reverse proxy? If so, we will trust
+	# X-Forwarded-For headers.
+	reverse_proxy true
 }
 
 irc {
diff --git a/http_server.go b/http_server.go
index c86dae62f5c8de09b77321822d9942f03dc042c7..6531748f44e067ee93c4a747cfd4428e672b1d6e 100644
--- a/http_server.go
+++ b/http_server.go
@@ -16,7 +16,18 @@
 type forgeHTTPRouter struct{}
 
 func (router *forgeHTTPRouter) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
-	clog.Info("Incoming HTTP: " + request.RemoteAddr + " " + request.Method + " " + request.RequestURI)
+	var remoteAddr string
+	if config.HTTP.ReverseProxy {
+		remoteAddrs, ok := request.Header["X-Forwarded-For"]
+		if ok && len(remoteAddrs) == 1 {
+			remoteAddr = remoteAddrs[0]
+		} else {
+			remoteAddr = request.RemoteAddr
+		}
+	} else {
+		remoteAddr = request.RemoteAddr
+	}
+	clog.Info("Incoming HTTP: " + remoteAddr + " " + request.Method + " " + request.RequestURI)
 
 	var segments []string
 	var err error

-- 
2.48.1