From 7aff2b47c56c5b41620445b7d49c429eb1866164 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 6 Oct 2020 15:47:11 -0500
Subject: Fix docs for default headers used by RemoteIp. We only use
 X-Forwarded-For by default.

---
 config/description.exs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/description.exs b/config/description.exs
index ac3dfbb2b..f6331dd30 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -3262,8 +3262,9 @@ config :pleroma, :config_description, [
       %{
         key: :headers,
         type: {:list, :string},
-        description:
-          "A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Default: `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`."
+        description: """
+          A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Default: `["x-forwarded-for"]`.
+        """
       },
       %{
         key: :proxies,
-- 
cgit v1.2.3


From d43d05005ae4e8b0f069111baee867492d4f0c52 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 6 Oct 2020 17:02:46 -0500
Subject: Move hardcoded default configuration into config.exs

---
 config/config.exs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/config.exs b/config/config.exs
index 2e6b0796a..d53663d36 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -677,7 +677,18 @@ config :pleroma, :rate_limit,
 
 config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600
 
-config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true
+config :pleroma, Pleroma.Plugs.RemoteIp,
+  enabled: true,
+  headers: ["x-forwarded-for"],
+  proxies: [],
+  reserved: [
+    "127.0.0.0/8",
+    "::1/128",
+    "fc00::/7",
+    "10.0.0.0/8",
+    "172.16.0.0/12",
+    "192.168.0.0/16"
+  ]
 
 config :pleroma, :static_fe, enabled: false
 
-- 
cgit v1.2.3


From b8c05f4876b8f48bcd93d7e5d60539101329065a Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 6 Oct 2020 17:21:27 -0500
Subject: Improve descriptions for reserved and proxies

---
 config/description.exs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/description.exs b/config/description.exs
index f6331dd30..2c7d91ccc 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -3270,13 +3270,14 @@ config :pleroma, :config_description, [
         key: :proxies,
         type: {:list, :string},
         description:
-          "A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Default: `[]`."
+          "A list of upstream proxy IP subnets in CIDR notation. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128."
       },
       %{
         key: :reserved,
         type: {:list, :string},
-        description:
-          "Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network)."
+        description: """
+          A list of reserved IP subnets in CIDR notation which should be ignored if found in `headers`. Defaults to `["127.0.0.0/8", "::1/128", "fc00::/7", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]`
+        """
       }
     ]
   },
-- 
cgit v1.2.3


From e08eb4aba07ce843f3f1149b8c70fb6b4d855c44 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 6 Oct 2020 17:29:56 -0500
Subject: Don't leak internal variables in the docs. They're useless to users.

---
 config/description.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/description.exs b/config/description.exs
index 2c7d91ccc..71cb5d913 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -3263,7 +3263,7 @@ config :pleroma, :config_description, [
         key: :headers,
         type: {:list, :string},
         description: """
-          A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Default: `["x-forwarded-for"]`.
+          A list of strings naming the HTTP headers to use when deriving the true client IP. Default: `["x-forwarded-for"]`.
         """
       },
       %{
-- 
cgit v1.2.3


From b90eda3d8bfa1faf5bdabce9539b601476abed94 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 6 Oct 2020 17:36:29 -0500
Subject: Improve description yet again

---
 config/description.exs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/description.exs b/config/description.exs
index 71cb5d913..c6916ad14 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -3270,7 +3270,7 @@ config :pleroma, :config_description, [
         key: :proxies,
         type: {:list, :string},
         description:
-          "A list of upstream proxy IP subnets in CIDR notation. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128."
+          "A list of upstream proxy IP subnets in CIDR notation from which we will parse the content of `headers`. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128."
       },
       %{
         key: :reserved,
-- 
cgit v1.2.3