fix(backend): fix #16994 by approach 6 (#17005)

* fix(backend): narrow down trustproxy default value and enhance documentation on how to configure it

* Update Changelog

* indent [ci skip]

* Update CHANGELOG.md [ci skip]

* add cloudflare specific example

* Update .config/example.yml

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* fix: productionでIPレートリミットされる際にlocalhostからリクエストが来たらログを残すように

* fix: wrong condition

* fix: use own logger for signin api

* flip configuration

* fix

* fix [ci skip]

* fix: wrong message [ci skip]

* fix: どこがおかしいか明記 [ci skip]

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>

3 files changed, 21 insertions, 13 deletions

diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts
index 261e147040..8bae46d9fb 100644
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@@ -313,16 +313,15 @@ export class ApiCallService implements OnApplicationShutdown {
 		}
 
 		if (ep.meta.limit) {
-			let limitActor: string | null;
+			let limitActor: string | null = null;
 			if (user) {
 				limitActor = user.id;
-			} else {
-				if (request.ip === '::1' || request.ip === '127.0.0.1') {
-					console.warn('request ip is localhost, maybe caused by misconfiguration of trustProxy or reverse proxy');
-					limitActor = null;
-				} else {
-					limitActor = getIpHash(request.ip);
+			} else if (this.config.enableIpRateLimit) {
+				if (process.env.NODE_ENV === 'production' && (request.ip === '::1' || request.ip === '127.0.0.1')) {
+					this.logger.warn('Recieved API request from localhost IP address for rate limiting in production environment. This is likely due to an improper trustProxy setting in the config file.');
 				}
+
+				limitActor = getIpHash(request.ip);
 			}
 
 			const limit = Object.assign({}, ep.meta.limit);
diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts
index 14726f8411..00e8828242 100644
--- a/packages/backend/src/server/api/SigninApiService.ts
+++ b/packages/backend/src/server/api/SigninApiService.ts
@@ -15,6 +15,7 @@ import type {
 	UserSecurityKeysRepository,
 	UsersRepository,
 } from '@/models/_.js';
+import type Logger from '@/logger.js';
 import type { Config } from '@/config.js';
 import { getIpHash } from '@/misc/get-ip-hash.js';
 import type { MiLocalUser } from '@/models/User.js';
@@ -23,6 +24,7 @@ import { bindThis } from '@/decorators.js';
 import { WebAuthnService } from '@/core/WebAuthnService.js';
 import { UserAuthService } from '@/core/UserAuthService.js';
 import { CaptchaService } from '@/core/CaptchaService.js';
+import { LoggerService } from '@/core/LoggerService.js';
 import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
 import { RateLimiterService } from './RateLimiterService.js';
 import { SigninService } from './SigninService.js';
@@ -31,6 +33,8 @@ import type { FastifyReply, FastifyRequest } from 'fastify';
 
 @Injectable()
 export class SigninApiService {
+	private logger: Logger;
+
 	constructor(
 		@Inject(DI.config)
 		private config: Config,
@@ -50,6 +54,7 @@ export class SigninApiService {
 		@Inject(DI.signinsRepository)
 		private signinsRepository: SigninsRepository,
 
+		private loggerService: LoggerService,
 		private idService: IdService,
 		private rateLimiterService: RateLimiterService,
 		private signinService: SigninService,
@@ -57,6 +62,7 @@ export class SigninApiService {
 		private webAuthnService: WebAuthnService,
 		private captchaService: CaptchaService,
 	) {
+		this.logger = this.loggerService.getLogger('Signin');
 	}
 
 	@bindThis
@@ -89,10 +95,11 @@ export class SigninApiService {
 			return { error };
 		}
 
-		if (request.ip === '::1' || request.ip === '127.0.0.1') {
-			console.warn('request ip is localhost, maybe caused by misconfiguration of trustProxy or reverse proxy');
-		} else {
 		// not more than 1 attempt per second and not more than 10 attempts per hour
+		if (this.config.enableIpRateLimit) {
+			if (process.env.NODE_ENV === 'production' && (request.ip === '::1' || request.ip === '127.0.0.1')) {
+				this.logger.warn('Recieved signin request from localhost IP address for rate limiting in production environment. This is likely due to an improper trustProxy setting in the config file.');
+			}
 			const rateLimit = await this.rateLimiterService.limit({ key: 'signin', duration: 60 * 60 * 1000, max: 10, minInterval: 1000 }, getIpHash(request.ip));
 			if (rateLimit != null) {
 				reply.code(429);
diff --git a/packages/backend/src/server/api/SigninWithPasskeyApiService.ts b/packages/backend/src/server/api/SigninWithPasskeyApiService.ts
index 1b89752340..920f9d0b3a 100644
--- a/packages/backend/src/server/api/SigninWithPasskeyApiService.ts
+++ b/packages/backend/src/server/api/SigninWithPasskeyApiService.ts
@@ -84,9 +84,11 @@ export class SigninWithPasskeyApiService {
 			return error(status ?? 500, failure ?? { id: '4e30e80c-e338-45a0-8c8f-44455efa3b76' });
 		};
 
-		if (request.ip === '::1' || request.ip === '127.0.0.1') {
-			console.warn('request ip is localhost, maybe caused by misconfiguration of trustProxy or reverse proxy');
-		} else {
+		if (this.config.enableIpRateLimit) {
+			if (process.env.NODE_ENV === 'production' && (request.ip === '::1' || request.ip === '127.0.0.1')) {
+				this.logger.warn('Recieved signin with passkey request from localhost IP address for rate limiting in production environment. This is likely due to an improper trustProxy setting in the config file.');
+			}
+
 			try {
 			// Not more than 1 API call per 250ms and not more than 100 attempts per 30min
 			// NOTE: 1 Sign-in require 2 API calls