access IP headers form server from Meteor.call

Question

access IP headers form server from Meteor.call

ccorcos opened this issue 11 years ago · 6 comments

Meteor.methods({
method: function() {
console.log(headers.get());
},
});

This produces nothing: {}

How do I get the IP of the user who sent it?

Answer 1 · 2013-08-30T06:20:24.000Z

My bad, I rushed out the 0.6.5 support and inadvertently broke header support on the server. Thanks for pointing this out, it's been fixed and I've just pushed version 0.0.4 out to Atmosphere.

headers.get('x-forwarded-for').replace(/, /, ',').split(',')[0]; should get you what you need - please confirm. Also, read elsewhere about the reliability of the X-Forwarded-For header for getting the user's IP address. It's very easy to spoof. Instead of using index 0, you should really take the final element in the array less the number of proxies under your control.

Answer 2 · 2013-08-30T07:28:38.000Z

that works! thanks.

Any recommendations for what to use instead? spoofing could eventually be an issue...

Answer 3 · 2013-08-30T08:13:35.000Z

From my brief investigation of the issue (I don't use this personally), it should be fine if used as described above. I just threw in an undocumented freebie to do this a bit more cleanly, headers.getClientIP(proxyCount). proxyCount can be ommitted if you aren't running any proxies / caches / load balancers, otherwise it should be the number of proxies used as part of your hosting setup (i.e. that you can vouch for).

Just to explain, each proxy in the chain appends to the X-Forwarded-For header, such that if you know the number of proxies, you can work out the initial IP address specified by the first proxy in the chain (i.e. the end user's IP address). Thus, even if the end-user sends a request with his own X-Forwarded-For header, you can ignore these IPs. In the case where the user's ISP has a transparent proxy, you'll get that proxy's IP... but that remains the only IP that you know for sure is real.

Answer 4 · 2014-01-28T02:44:06.000Z

This may be a newbie question, however, I receive error:

Exception in onConnection callback: Error: Call headers.getClientIP(this) only from within a method or publish function. With callbacks / anonymous functions, use: var self=this; and call headers.getClientIP(self);

when calling from from the server on connection. Code below:

if (Meteor.isServer) {
Meteor.methods({
ip: function(){
return headers.getClientIP(this);
}
});

Meteor.onConnection(function () {
console.log(Meteor.call('ip'));
});
}

I receive the same error even when changed to the below:

if (Meteor.isServer) {
Meteor.methods({
ip: function(){
var self = this;
return headers.getClientIP(self);
}
});

Meteor.onConnection(function () {
console.log(Meteor.call('ip'));
});
}

Any suggestions?

Answer 5 · 2014-02-05T11:15:50.000Z

Hey, sorry for the long delay; almost missed this since you wrote it on a closed issue from 3 months ago? :) I've opened a new issue #14 which deals with this problem specifically; I'd love to know what you're trying to accomplish and hopefully we can find a workaround.

Answer 6 · 2014-02-05T16:12:46.000Z

Thanks. I'll post there.