From 8c05fe4351cda23e97dd3c016c2d9122a7215e9f Mon Sep 17 00:00:00 2001
From: RandomChars <random@chars.jp>
Date: Tue, 23 Nov 2021 19:30:02 +0900
Subject: [PATCH] return error properly after reading metadata, add
 TrustedProxies as a configuration entry

---
 backend/filesystem/image.go | 14 ++++++++++----
 config.go                   | 14 ++++++++++----
 web.go                      |  5 ++++-
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/backend/filesystem/image.go b/backend/filesystem/image.go
index f1aa541..519dc1b 100644
--- a/backend/filesystem/image.go
+++ b/backend/filesystem/image.go
@@ -398,8 +398,11 @@ func (s *Store) ImageSnowflakeHash(flake string) (string, error) {
 	}
 
 	if !s.Compat {
-		img, err := s.imageMetadataRead(s.ImageSnowflakePath(flake) + "/" + infoJson)
-		return img.Hash, err
+		if img, err := s.imageMetadataRead(s.ImageSnowflakePath(flake) + "/" + infoJson); err != nil {
+			return "", err
+		} else {
+			return img.Hash, nil
+		}
 	} else {
 		if path, err := os.ReadFile(s.ImageSnowflakePath(flake)); err != nil {
 			if os.IsNotExist(err) {
@@ -408,8 +411,11 @@ func (s *Store) ImageSnowflakeHash(flake string) (string, error) {
 			return "", err
 		} else {
 			var img *store.Image
-			img, err = s.imageMetadataRead(string(path) + "/" + infoJson)
-			return img.Hash, err
+			if img, err = s.imageMetadataRead(string(path) + "/" + infoJson); err != nil {
+				return "", err
+			} else {
+				return img.Hash, nil
+			}
 		}
 	}
 }
diff --git a/config.go b/config.go
index 9a1fcfd..35d465f 100644
--- a/config.go
+++ b/config.go
@@ -14,10 +14,11 @@ type conf struct {
 }
 
 type serverConf struct {
-	Host  string `toml:"host"`
-	Unix  bool   `toml:"unix"`
-	Port  uint16 `toml:"port"`
-	Proxy bool   `toml:"proxy"`
+	Host           string   `toml:"host"`
+	Unix           bool     `toml:"unix"`
+	Port           uint16   `toml:"port"`
+	Proxy          bool     `toml:"proxy"`
+	TrustedProxies []string `toml:"trusted_proxies"`
 }
 
 type systemConf struct {
@@ -79,5 +80,10 @@ var defConf = conf{
 		Unix:  false,
 		Port:  7777,
 		Proxy: true,
+		TrustedProxies: []string{
+			"10.0.0.0/8",
+			"172.16.0.0/12",
+			"192.168.0.0/16",
+		},
 	},
 }
diff --git a/web.go b/web.go
index 508cab3..c3fe0b7 100644
--- a/web.go
+++ b/web.go
@@ -27,10 +27,13 @@ func webSetup() {
 	}
 
 	router = gin.New()
-	router.Use(recovery())
 	router.ForwardedByClientIP = config.Server.Proxy
+	router.TrustedProxies = config.Server.TrustedProxies
 	if config.System.Verbose {
 		router.Use(gin.Logger())
+		router.Use(gin.Recovery())
+	} else {
+		router.Use(recovery())
 	}
 	router.NoRoute(func(context *gin.Context) {
 		context.Redirect(http.StatusTemporaryRedirect, "/web")
-- 
GitLab