From d1a0d01a5e291c33b1a1c4f5a00ace9279f61f58 Mon Sep 17 00:00:00 2001
From: Odyssey346 <odyssey346@disroot.org>
Date: Thu, 28 Jul 2022 11:21:25 +0200
Subject: [PATCH] ok its time to actually get their IP. it only works in
 reverse proxy.

Signed-off-by: Odyssey346 <odyssey346@disroot.org>
---
 api/form.go          |  9 +++++----
 otherthings/getip.go | 15 +++++++++++++++
 2 files changed, 20 insertions(+), 4 deletions(-)
 create mode 100644 otherthings/getip.go

diff --git a/api/form.go b/api/form.go
index cf2c993..e0e9c17 100644
--- a/api/form.go
+++ b/api/form.go
@@ -12,6 +12,8 @@ import (
 
 	"net/url"
 	"io"
+
+    "github.com/ProjectSegfault/segfautilities/otherthings"
 )
 
 var (
@@ -29,7 +31,6 @@ func Form() {
 	http.HandleFunc("/api/form", client.HandlerFunc(theActualFormCode))
 
 	http.HandleFunc("/form", renderTestForm)
-
 }
 
 func theActualFormCode(w http.ResponseWriter, r *http.Request) {
@@ -40,7 +41,7 @@ func theActualFormCode(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(http.StatusUnauthorized)
 				fmt.Fprint(w, "Seems like captcha failed, you didn't complete the captcha or you are a bot. Please try again.\nPlease note that your IP has been logged in our systems for manual review to check if you're an abusive user. If you're seen as abusive, you will be blacklisted.")
 				postData := url.Values{
-					"content": {"IP " + r.RemoteAddr + "failed captcha! [AbuseIPDB](https://abuseipdb.com/check/" + r.RemoteAddr},
+					"content": {"IP " + otherthings.GetUserIP(r) + "failed captcha! [AbuseIPDB](https://abuseipdb.com/check/" + otherthings.GetUserIP(r) + ")"},
 				}
 				req, err := http.PostForm(webhookURL, postData)
 				if err != nil {
@@ -51,7 +52,7 @@ func theActualFormCode(w http.ResponseWriter, r *http.Request) {
 			} else {
 				fmt.Fprintf(w, "Thanks for your message, and thanks for doing the captcha!\n%#+v", hcaptchaResp)
 				postData := url.Values{
-					"content": {"IP " + r.RemoteAddr + "\nFrom " + r.FormValue("email") + " with feedback type " + r.FormValue("commentType") + ":\n" + "**" + r.FormValue("message") + "**"},
+					"content": {"IP " + otherthings.GetUserIP(r) + "\nFrom " + r.FormValue("email") + " with feedback type " + r.FormValue("commentType") + ":\n" + "**" + r.FormValue("message") + "**"},
 				}
 				req, err := http.PostForm(webhookURL, postData)
 				if err != nil {
@@ -63,7 +64,7 @@ func theActualFormCode(w http.ResponseWriter, r *http.Request) {
 		default:
 			http.Error(w, "Method isn't allowed!\nYou may only POST here, not " + r.Method, http.StatusMethodNotAllowed)
 		}
-		log.Println("[HTTP] " + r.RemoteAddr + " accessed /api/form with method " + r.Method)
+		log.Println("[HTTP] " + otherthings.GetUserIP(r) + " accessed /api/form with method " + r.Method)
 }
 
 func renderTestForm(w http.ResponseWriter, r *http.Request) {
diff --git a/otherthings/getip.go b/otherthings/getip.go
new file mode 100644
index 0000000..2200c9c
--- /dev/null
+++ b/otherthings/getip.go
@@ -0,0 +1,15 @@
+package otherthings
+
+import (
+	"net/http"
+)
+
+// Thanks random StackOverflow answerer
+
+func GetUserIP(r *http.Request) string {
+    IPAddress := r.Header.Get("X-REAL-IP")
+    if IPAddress == "" {
+        IPAddress = r.Header.Get("X-FORWARDED-FOR")
+    }
+    return IPAddress
+}