Received: from mail.netlandish.com (mail.netlandish.com [174.136.98.166])
	by code.netlandish.com (Postfix) with ESMTP id 9384427B
	for <~netlandish/links-dev@lists.code.netlandish.com>; Mon, 28 Apr 2025 20:53:18 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.48; helo=mail-ua1-f48.google.com; envelope-from=peter@netlandish.com; receiver=<UNKNOWN> 
Authentication-Results: mail.netlandish.com;
	dkim=pass (1024-bit key; unprotected) header.d=netlandish.com header.i=@netlandish.com header.b=IrDXtpcw
Received: from mail-ua1-f48.google.com (mail-ua1-f48.google.com [209.85.222.48])
	by mail.netlandish.com (Postfix) with ESMTP id A2D831D6421
	for <~netlandish/links-dev@lists.code.netlandish.com>; Mon, 28 Apr 2025 20:53:30 +0000 (UTC)
Received: by mail-ua1-f48.google.com with SMTP id a1e0cc1a2514c-877b9328604so3345834241.2
        for <~netlandish/links-dev@lists.code.netlandish.com>; Mon, 28 Apr 2025 13:53:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=netlandish.com; s=google; t=1745873609; x=1746478409; darn=lists.code.netlandish.com;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=VlDggR3eTAaFEfaNdxRYQf8LXajVD/M/TVGvDYwdPvk=;
        b=IrDXtpcwyBK64NuZX6XwIRYPNvWuQt2fhZYK2phac3dr8OVKsU6fVJyX0t0Zx55Xox
         yAiTYIKvT5XwcJ3DMk068CQMTa/nAXCJWGoCnr4M4tAW6C6PA+/C+JQgZFyIr9NGD4jB
         Z/WTniog0jvQ5iB8slmjaCNTeOboP2yN2YKXA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745873609; x=1746478409;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VlDggR3eTAaFEfaNdxRYQf8LXajVD/M/TVGvDYwdPvk=;
        b=cOO3JWQj+IKh1BNnxPYAtcFmqu705v7knmxbrudYJxeko8E1+9sft+GAA4tIdmqiu+
         H9bZMQ2GAyKT4aryjGPni8S2KARc56djPlFCVZHH9ldFRhAhCbZeGM+aHEAXfCURFK39
         5mNybuIquRXp+M53JMOYnku6xD/LWQiAsrHc6LmXV/y6lid6ARrm8dDKYfaGLEJT0UFr
         zTa0m1RyOINJ14JFTYbgC0nNeUKQLTiGgbTFEl+lK4EHH83RIH3XEOm18WYntbGAlNSk
         mRB5JjvHEi6Z+Ovebwwh2XdHzpW4T/qRBrJHxj141migDJ76Od4gjR8ZOf6Jt6CpK9ef
         p81Q==
X-Gm-Message-State: AOJu0Yw92QsV00Xd07nHwCYD0wJdPAQGbOdci8oeNipN6cj6Y/JmN3a7
	RmVa/rfaLPHZLKSTYZYenTD41R5Y7rR5AvVYrPEn50QDjCAMK+tPDP12V4j/srpPah6PSH8Peby
	hLOw=
X-Gm-Gg: ASbGncvGii8SYTOcLtlupT9MziSR0hGofOshak7Mr6k619dMY3NFIIbb1CsjVTNNkIY
	/oMw+r+PCrU3oEUphcmdgBOF4sv7uZqb0fEDttM0fAkBbTsqoOjK080l+QKO+2FYX5HB6wNbejl
	SRRPaj8q1pR/tllMu/lqScIa2+nwHtGI+NKM1IneClF2mAQyatw5+ZBDhg0TZnxM06H1+RBjc06
	DxydCo0RsLgy2QZ7C0FzZZvAugXv/YXmdVTTuQLYJsmhF3TVwB9g91o3f7S//0H35TZXCnAMzoX
	vM9lUOon0l7UZJy4p8iaVw9YT1Uz+MNZdiUAzowgAJwZ0H7V1CIz
X-Google-Smtp-Source: AGHT+IE4rnJDgIudkjqEIq2djVfqREPIallZowIBVaZmd+Wh8WI6Vuw9FdOOwkId2hnaSlHOyfL8og==
X-Received: by 2002:a05:6102:1515:b0:4c1:9b88:5c30 with SMTP id ada2fe7eead31-4daaa738ddemr400766137.19.1745873609545;
        Mon, 28 Apr 2025 13:53:29 -0700 (PDT)
Received: from localhost ([2803:2d60:1118:5ee:e9d3:8303:760f:3950])
        by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-877c6985c64sm1047510241.14.2025.04.28.13.53.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 28 Apr 2025 13:53:29 -0700 (PDT)
From: Peter Sanchez <peter@netlandish.com>
To: ~netlandish/links-dev@lists.code.netlandish.com
Cc: Peter Sanchez <peter@netlandish.com>
Subject: [PATCH links] Add X-Real-IP header for internal API relays so AuditLogs record the correct IP address.
Date: Mon, 28 Apr 2025 14:53:23 -0600
Message-ID: <20250428205326.2819-1-peter@netlandish.com>
X-Mailer: git-send-email 2.47.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Fixes: https://todo.code.netlandish.com/~netlandish/links/109
---
 client.go  | 14 +++++++++++++-
 helpers.go |  3 +--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/client.go b/client.go
index caeabcc..62f1733 100644
--- a/client.go
+++ b/client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"net/url"
 	"strings"
 	"time"
 
@@ -74,13 +75,24 @@ func Execute(ctx context.Context, op *gqlclient.Operation, result any) error {
 
 	token := grant.Encode(ctx)
 	trans.AddHeader("Authorization", fmt.Sprintf("Internal %s", token))
+
+	ourl, err := url.Parse(origin)
+	if err == nil {
+		if ourl.Host == "127.0.0.1" || ourl.Host == "localhost" {
+			ip := IPForContext(ctx)
+			if ip != "" {
+				trans.AddHeader("X-Real-IP", IPForContext(ctx))
+			}
+		}
+	}
+
 	httpClient = &http.Client{
 		Transport: trans,
 		Timeout:   30 * time.Second,
 	}
 
 	client = gqlclient.New(origin, httpClient)
-	err := client.Execute(ctx, op, &result)
+	err = client.Execute(ctx, op, &result)
 	if err != nil {
 		if graphErrors, ok := err.(interface{ Unwrap() []error }); ok {
 			errs := graphErrors.Unwrap()
diff --git a/helpers.go b/helpers.go
index 4e944c0..a2fbc3d 100644
--- a/helpers.go
+++ b/helpers.go
@@ -6,7 +6,6 @@ import (
 	"database/sql"
 	"encoding/json"
 	"encoding/xml"
-	"errors"
 	"fmt"
 	"html/template"
 	"io"
@@ -1193,7 +1192,7 @@ func IPContext(ctx context.Context, ip string) context.Context {
 func IPForContext(ctx context.Context) string {
 	ip, ok := ctx.Value(IPCtxKey).(string)
 	if !ok {
-		panic(errors.New("Invalid IP context"))
+		return ""
 	}
 	return ip
 }
-- 
2.47.2