From f41dfab9163f5d754ed9de9e6fc5a6b571b9b5c4 Mon Sep 17 00:00:00 2001
From: Israel Barreto Sant'Anna <ibsa14@inf.ufpr.br>
Date: Tue, 28 Nov 2017 11:17:36 -0200
Subject: [PATCH] Added some commentary important for getting the right IP in
 production

---
 app/controllers/concerns/downloadable_controller.rb | 1 +
 app/models/user.rb                                  | 6 ++++++
 config/initializers/rack-attack.rb                  | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/app/controllers/concerns/downloadable_controller.rb b/app/controllers/concerns/downloadable_controller.rb
index 2cf5cd2c..fd409412 100644
--- a/app/controllers/concerns/downloadable_controller.rb
+++ b/app/controllers/concerns/downloadable_controller.rb
@@ -22,6 +22,7 @@ module DownloadableController
 
   # GET /learning_objects/1/download
   def download
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
     downloadable.download(current_user, request.remote_ip)
     link = downloadable.download_link
     if !link.blank?
diff --git a/app/models/user.rb b/app/models/user.rb
index d603fdd3..405f0706 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -277,4 +277,10 @@ class User < ApplicationRecord
   def ignore_changes
     super + %w(tokens sign_in_count current_sign_in_at last_sign_in_at current_sign_in_ip last_sign_in_ip score follows_count confirmation_token confirmed_at confirmation_sent_at)
   end
+
+  def update_tracked_fields(request)
+    super
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
+    self.current_sign_in_ip = request.remote_ip
+  end
 end
diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
index 2b1b053b..573cbeb8 100644
--- a/config/initializers/rack-attack.rb
+++ b/config/initializers/rack-attack.rb
@@ -43,6 +43,7 @@ class Rack::Attack
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
   throttle('req/ip', limit: 600, period: 5.minutes) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
     req.ip unless req.path =~ %r{ ^\/(attachments|download|system) }
   end
 
@@ -59,6 +60,7 @@ class Rack::Attack
   #
   # Key: "rack::attack:#{Time.now.to_i/:period}:logins/ip:#{req.ip}"
   throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
     req.ip if req.path == '/v1/auth/sign_in' && req.post?
   end
 
-- 
GitLab