From fba4939965d1a3952b00cb60849116e571a83c09 Mon Sep 17 00:00:00 2001
From: Marcel Pociot <m.pociot@gmail.com>
Date: Mon, 27 Apr 2020 11:55:19 +0200
Subject: [PATCH] wip

---
 app/HttpServer/Controllers/PostController.php           | 5 ++++-
 app/Server/Http/Controllers/TunnelMessageController.php | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/HttpServer/Controllers/PostController.php b/app/HttpServer/Controllers/PostController.php
index c17c4ac..74b0bf7 100644
--- a/app/HttpServer/Controllers/PostController.php
+++ b/app/HttpServer/Controllers/PostController.php
@@ -79,7 +79,10 @@ abstract class PostController extends Controller
             $connection->request->getUri(),
             $connection->request->getHeaders(),
             $connection->requestBuffer,
-            $connection->request->getProtocolVersion()
+            $connection->request->getProtocolVersion(),
+            [
+                'REMOTE_ADDR' => $connection->remoteAddress
+            ]
         ))
             ->withQueryParams(QueryParameters::create($connection->request)->all())
             ->withParsedBody($bodyParameters);
diff --git a/app/Server/Http/Controllers/TunnelMessageController.php b/app/Server/Http/Controllers/TunnelMessageController.php
index 3e739a7..247e0c6 100644
--- a/app/Server/Http/Controllers/TunnelMessageController.php
+++ b/app/Server/Http/Controllers/TunnelMessageController.php
@@ -81,6 +81,8 @@ class TunnelMessageController extends PostController
 
     protected function prepareRequest(Request $request, ControlConnection $controlConnection): Request
     {
+        $request::setTrustedProxies([$controlConnection->socket->remoteAddress], Request::HEADER_X_FORWARDED_ALL);
+
         $request->headers->set('Host', $controlConnection->host);
         $request->headers->set('X-Forwarded-Proto', $request->isSecure() ? 'https' : 'http');
         $request->headers->set('X-Expose-Request-ID', uniqid());