tasks 6 and 7

SpecterOps · Jan 26, 2024 · 840ae04 · 840ae04
1 parent 9cb8a3d
commit 840ae04
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/cmd/api/src/api/middleware/middleware.go b/cmd/api/src/api/middleware/middleware.go
@@ -148,10 +148,7 @@ func ContextMiddleware(next http.Handler) http.Handler {
 }
 
 func parseUserIP(r *http.Request) string {
-	IPAddress := r.Header.Get("X-Real-Ip")
-	if IPAddress == "" {
-		IPAddress = r.Header.Get("X-Forwarded-For")
-	}
+	IPAddress := r.Header.Get("X-Forwarded-For")
 	if IPAddress == "" {
 		if parsedUrl, err := url.Parse(r.RemoteAddr); err != nil {
 			log.Errorf("error parsing IP address from RemoteAddr: %s", err)

diff --git a/cmd/api/src/ctx/ctx.go b/cmd/api/src/ctx/ctx.go
@@ -126,8 +126,9 @@ const (
 func NewAuditLogFromContext(ctx Context, idResolver auth.IdentityResolver) (model.AuditLog, error) {
 	if ctx.AuditCtx.Model == nil {
 		return model.AuditLog{}, fmt.Errorf("model cannot be nil when creating a new audit log")
+	} else if ctx.AuditCtx.Action != model.AuditStatusFailure && ctx.AuditCtx.Action != model.AuditStatusSuccess {
+		return model.AuditLog{}, fmt.Errorf("invalid action specified in audit log: %s", ctx.AuditCtx.Action)
 	}
-	//TODO: Add a check for empty status to prevent nil pointer references
 	authContext := ctx.AuthCtx
 
 	if !authContext.Authenticated() {