From 840ae047a707c5282cc4b9b1457c78b2f2a8e031 Mon Sep 17 00:00:00 2001
From: Irshad Ahmed <iahmed@specterops.io>
Date: Fri, 26 Jan 2024 12:03:42 -0600
Subject: [PATCH] tasks 6 and 7

---
 cmd/api/src/api/middleware/middleware.go | 5 +----
 cmd/api/src/ctx/ctx.go                   | 3 ++-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/cmd/api/src/api/middleware/middleware.go b/cmd/api/src/api/middleware/middleware.go
index 389abe485b..60550e3213 100644
--- a/cmd/api/src/api/middleware/middleware.go
+++ b/cmd/api/src/api/middleware/middleware.go
@@ -148,10 +148,7 @@ func ContextMiddleware(next http.Handler) http.Handler {
 }
 
 func parseUserIP(r *http.Request) string {
-	IPAddress := r.Header.Get("X-Real-Ip")
-	if IPAddress == "" {
-		IPAddress = r.Header.Get("X-Forwarded-For")
-	}
+	IPAddress := r.Header.Get("X-Forwarded-For")
 	if IPAddress == "" {
 		if parsedUrl, err := url.Parse(r.RemoteAddr); err != nil {
 			log.Errorf("error parsing IP address from RemoteAddr: %s", err)
diff --git a/cmd/api/src/ctx/ctx.go b/cmd/api/src/ctx/ctx.go
index 87a2195b4b..9ef0bf28c5 100644
--- a/cmd/api/src/ctx/ctx.go
+++ b/cmd/api/src/ctx/ctx.go
@@ -126,8 +126,9 @@ const (
 func NewAuditLogFromContext(ctx Context, idResolver auth.IdentityResolver) (model.AuditLog, error) {
 	if ctx.AuditCtx.Model == nil {
 		return model.AuditLog{}, fmt.Errorf("model cannot be nil when creating a new audit log")
+	} else if ctx.AuditCtx.Action != model.AuditStatusFailure && ctx.AuditCtx.Action != model.AuditStatusSuccess {
+		return model.AuditLog{}, fmt.Errorf("invalid action specified in audit log: %s", ctx.AuditCtx.Action)
 	}
-	//TODO: Add a check for empty status to prevent nil pointer references
 	authContext := ctx.AuthCtx
 
 	if !authContext.Authenticated() {