From 9f403a71ededd6d9f9e290a150a9b39c31dc34f4 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 20 Sep 2020 13:36:23 +0200
Subject: [PATCH] root: fix IP detection when using multiple reverse proxies

---
 passbook/lib/utils/http.py | 2 +-
 passbook/root/asgi.py      | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/passbook/lib/utils/http.py b/passbook/lib/utils/http.py
index 4c688fc05..4039b94c6 100644
--- a/passbook/lib/utils/http.py
+++ b/passbook/lib/utils/http.py
@@ -14,7 +14,7 @@ def _get_client_ip_from_meta(meta: Dict[str, Any]) -> Optional[str]:
     )
     for _header in headers:
         if _header in meta:
-            return meta.get(_header)
+            return meta.get(_header).split(", ")[0]
     return None
 
 
diff --git a/passbook/root/asgi.py b/passbook/root/asgi.py
index 136e4975e..fc5347d9c 100644
--- a/passbook/root/asgi.py
+++ b/passbook/root/asgi.py
@@ -102,11 +102,14 @@ class ASGILogger:
         await self.app(scope, receive, send_hooked)
 
     def _get_ip(self) -> str:
+        client_ip = None
         for header in ASGI_IP_HEADERS:
             if header in self.headers:
-                return self.headers[header].decode()
-        client_ip, _ = self.scope.get("client", ("", 0))
-        return client_ip
+                client_ip = self.headers[header].decode()
+        if not client_ip:
+            client_ip, _ = self.scope.get("client", ("", 0))
+        # Check if header has multiple values, and use the first one
+        return client_ip.split(", ")[0]
 
     def log(self, runtime: float):
         """Outpot access logs in a structured format"""