Include remote address through X-Forwarded-For in job artifact requestalberts-pass-on-remote-addr-in-x-forwarded-for-to-artifact-request

2 files changed, 25 insertions, 6 deletions

diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go
index dab1fb91..67136883 100644
--- a/internal/artifact/artifact.go
+++ b/internal/artifact/artifact.go
@@ -88,6 +88,11 @@ func (a *Artifact) makeRequest(w http.ResponseWriter, r *http.Request, reqURL *u
 	if token != "" {
 		req.Header.Add("Authorization", "Bearer "+token)
 	}
+
+	if r.RemoteAddr != "" {
+		req.Header.Add("X-Forwarded-For", r.RemoteAddr)
+	}
+
 	resp, err := a.client.Do(req)
 	if err != nil {
 		if errors.Is(err, context.Canceled) {
diff --git a/internal/artifact/artifact_test.go b/internal/artifact/artifact_test.go
index b8c2771b..bd606b44 100644
--- a/internal/artifact/artifact_test.go
+++ b/internal/artifact/artifact_test.go
@@ -16,8 +16,6 @@ import (
 func TestTryMakeRequest(t *testing.T) {
 	content := "<!DOCTYPE html><html><head><title>Title of the document</title></head><body></body></html>"
 	contentType := "text/html; charset=utf-8"
-	testServer := makeArtifactServerStub(t, content, contentType)
-	defer testServer.Close()
 
 	cases := []struct {
 		Path         string
@@ -28,6 +26,7 @@ func TestTryMakeRequest(t *testing.T) {
 		CacheControl string
 		ContentType  string
 		Description  string
+		RemoteAddr   string
 	}{
 		{
 			"/200.html",
@@ -38,6 +37,7 @@ func TestTryMakeRequest(t *testing.T) {
 			"max-age=3600",
 			"text/html; charset=utf-8",
 			"basic successful request",
+			"1.2.3.4",
 		},
 		{
 			"/200.html",
@@ -48,6 +48,7 @@ func TestTryMakeRequest(t *testing.T) {
 			"",
 			"text/html; charset=utf-8",
 			"basic successful request",
+			"1.2.3.4",
 		},
 		{
 			"/max-caching.html",
@@ -58,6 +59,7 @@ func TestTryMakeRequest(t *testing.T) {
 			"max-age=3600",
 			"text/html; charset=utf-8",
 			"max caching request",
+			"1.2.3.4",
 		},
 		{
 			"/non-caching.html",
@@ -68,17 +70,27 @@ func TestTryMakeRequest(t *testing.T) {
 			"",
 			"text/html; charset=utf-8",
 			"no caching request",
+			"",
 		},
 	}
 
 	for _, c := range cases {
 		t.Run(c.Description, func(t *testing.T) {
-			result := httptest.NewRecorder()
+			upstreamRecorder := httptest.NewRecorder()
+			testServer := makeArtifactServerStub(t, content, contentType, upstreamRecorder)
+			defer testServer.Close()
+
 			reqURL, err := url.Parse("/-/subgroup/project/-/jobs/1/artifacts" + c.Path)
 			require.NoError(t, err)
-			r := &http.Request{URL: reqURL}
+			r := &http.Request{
+				URL:        reqURL,
+				RemoteAddr: c.RemoteAddr,
+			}
+
 			art := artifact.New(testServer.URL, 1, "gitlab-example.io")
 
+			result := httptest.NewRecorder()
+
 			require.True(t, art.TryMakeRequest("group.gitlab-example.io", result, r, c.Token, func(resp *http.Response) bool { return false }))
 			require.Equal(t, c.Status, result.Code)
 			require.Equal(t, c.ContentType, result.Header().Get("Content-Type"))
@@ -90,8 +102,10 @@ func TestTryMakeRequest(t *testing.T) {
 }
 
 // provide stub for testing different artifact responses
-func makeArtifactServerStub(t *testing.T, content string, contentType string) *httptest.Server {
+func makeArtifactServerStub(t *testing.T, content string, contentType string, recorder *httptest.ResponseRecorder) *httptest.Server {
 	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		recorder.Header().Set("X-Forwarded-For", r.Header.Get("X-Forwarded-For"))
+
 		w.Header().Set("Content-Type", contentType)
 		switch r.URL.RawPath {
 		case "/projects/group%2Fsubgroup%2Fproject/jobs/1/artifacts/200.html":
@@ -280,7 +294,7 @@ func TestBuildURL(t *testing.T) {
 func TestContextCanceled(t *testing.T) {
 	content := "<!DOCTYPE html><html><head><title>Title of the document</title></head><body></body></html>"
 	contentType := "text/html; charset=utf-8"
-	testServer := makeArtifactServerStub(t, content, contentType)
+	testServer := makeArtifactServerStub(t, content, contentType, httptest.NewRecorder())
 	t.Cleanup(testServer.Close)
 
 	result := httptest.NewRecorder()