use 16-byte arrays for storing trusted proxy IP addresses

gofiber · Apr 12, 2024 · 3d2c8e1 · 3d2c8e1
1 parent bb41540
commit 3d2c8e1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/app.go b/app.go
@@ -351,7 +351,7 @@ type Config struct {
 	//
 	// Default: []string
 	TrustedProxies     []string `json:"trusted_proxies"`
-	trustedProxiesMap  map[string]struct{}
+	trustedProxyIPs    map[[16]byte]bool
 	trustedProxyRanges []*net.IPNet
 
 	// If set to true, c.IP() and c.IPs() will validate IP addresses before returning them.
@@ -550,8 +550,7 @@ func New(config ...Config) *App {
 	if len(app.config.RequestMethods) == 0 {
 		app.config.RequestMethods = DefaultMethods
 	}
-
-	app.config.trustedProxiesMap = make(map[string]struct{}, len(app.config.TrustedProxies))
+	app.config.trustedProxyIPs = make(map[[16]byte]bool, len(app.config.TrustedProxies))
 	for _, ipAddress := range app.config.TrustedProxies {
 		app.handleTrustedProxy(ipAddress)
 	}
@@ -580,7 +579,9 @@ func (app *App) handleTrustedProxy(ipAddress string) {
 			app.config.trustedProxyRanges = append(app.config.trustedProxyRanges, ipNet)
 		}
 	} else {
-		app.config.trustedProxiesMap[ipAddress] = struct{}{}
+		if ip := net.ParseIP(ipAddress); ip != nil {
+			app.config.trustedProxyIPs[[16]byte(ip.To16())] = true
+		}
 	}
 }
 

diff --git a/ctx.go b/ctx.go
@@ -1664,7 +1664,7 @@ func (c *DefaultCtx) IsProxyTrusted() bool {
 
 	ip := c.fasthttp.RemoteIP()
 
-	if _, trusted := c.app.config.trustedProxiesMap[ip.String()]; trusted {
+	if _, trusted := c.app.config.trustedProxyIPs[[16]byte(ip.To16())]; trusted {
 		return true
 	}