we were using conflicting IP addresses from different sources. fix this.

block.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"fmt"
 	"io"
 	"net"
 	"net/http"
@@ -25,20 +24,15 @@ func agentBlock(next http.Handler) http.Handler {
 
 func cloudflareBlock(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		ip := net.ParseIP(r.Header.Get("CF-Connecting-IP"))
-		fmt.Println("should blopccccccccccc?", ip)
+		ip := net.ParseIP(actualIP(r))
 		if ip != nil {
-			fmt.Println("  !")
 			for _, ipnet := range cloudflareRanges {
-				fmt.Println("  range", ipnet)
 				if ipnet.Contains(ip) {
-					fmt.Println("    match")
 					// cloudflare is not allowed
 					log.Debug().Stringer("ip", ip).Msg("cloudflare (attacker) ip blocked")
 					http.Redirect(w, r, "https://njump.me/", 302)
 					return
 				}
-				fmt.Println("    no match")
 			}
 		}
 

http_logging.go

@@ -9,7 +9,7 @@ func loggingMiddleware(next http.Handler) http.Handler {
 			path += "?" + r.URL.RawQuery
 		}
 		log.Debug().
-			Str("ip", r.Header.Get("X-Forwarded-For")).
+			Str("ip", actualIP(r)).
 			Str("path", path).
 			Str("user-agent", r.Header.Get("User-Agent")).
 			Str("referer", r.Header.Get("Referer")).

ip.go

@@ -0,0 +1,16 @@
+package main
+
+import (
+	"net/http"
+	"strings"
+)
+
+func actualIP(r *http.Request) string {
+	if cf := r.Header.Get("CF-Connecting-IP"); cf != "" {
+		return cf
+	} else if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
+		return strings.Split(xff, ",")[0]
+	} else {
+		return r.RemoteAddr
+	}
+}