Don't allow IP source to be set via X-Real-IP unless we're behind a load balancer. #30

This commit is contained in:
Ian 2014-11-16 13:45:20 -08:00
parent 33315c6050
commit a45b675976
2 changed files with 11 additions and 1 deletions

View File

@ -56,6 +56,12 @@ text.send('1119491234567', 'Bonjour!', 'intl', function(err) {
``` ```
### Usage as a standalone server
Textbelt can be run as a standalone server with: `node server/app.js`. Be sure to install dependencies first with `npm install`.
By default, the server listens on port 9090 and is configured to accept traffic from a reverse proxy or load balancer such as nginx. To enable accurate IP rate limiting, the reverse proxy should be configured to set the `X-Real-IP` header.
### Canadian and International endpoints ### Canadian and International endpoints
The /text endpoint supports U.S. phone numbers (and parts of Canada). The /text endpoint supports U.S. phone numbers (and parts of Canada).

View File

@ -89,7 +89,11 @@ function textRequestHandler(req, res, number, region, key) {
res.send({success:false,message:'Sorry, texts to this number are disabled.'}); res.send({success:false,message:'Sorry, texts to this number are disabled.'});
return; return;
} }
var ip = req.header('X-Real-IP') || req.connection.remoteAddress;
var ip = req.connection.remoteAddress;
if (!ip || ip === '127.0.0.1') {
ip = req.header('X-Real-IP');
}
var message = req.body.message; var message = req.body.message;
if (message.indexOf(':') > -1) { if (message.indexOf(':') > -1) {