Added some commentary important for getting the right IP in production

f41dfab9 · Israel Barreto Sant'Anna · af792d9f · f41dfab9 · f41dfab9 · f41dfab9
Commit f41dfab9 authored 7 years ago by Israel Barreto Sant'Anna
--- a/app/controllers/concerns/downloadable_controller.rb
+++ b/app/controllers/concerns/downloadable_controller.rb
@@ -22,6 +22,7 @@ module DownloadableController

  # GET /learning_objects/1/download
  def download
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
    downloadable.download(current_user, request.remote_ip)
    link = downloadable.download_link
    if !link.blank?

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -277,4 +277,10 @@ class User < ApplicationRecord
  def ignore_changes
    super + %w(tokens sign_in_count current_sign_in_at last_sign_in_at current_sign_in_ip last_sign_in_ip score follows_count confirmation_token confirmed_at confirmation_sent_at)
  end
+
+  def update_tracked_fields(request)
+    super
+    # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
+    self.current_sign_in_ip = request.remote_ip
+  end
 end
--- a/config/initializers/rack-attack.rb
+++ b/config/initializers/rack-attack.rb
@@ -43,6 +43,7 @@ class Rack::Attack
  #
  # Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
  throttle('req/ip', limit: 600, period: 5.minutes) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
    req.ip unless req.path =~ %r{ ^\/(attachments|download|system) }
  end

@@ -59,6 +60,7 @@ class Rack::Attack
  #
  # Key: "rack::attack:#{Time.now.to_i/:period}:logins/ip:#{req.ip}"
  throttle('logins/ip', limit: 5, period: 20.seconds) do |req|
+    # Change req.ip to req.env["HTTP_X_REAL_IP"] in production
    req.ip if req.path == '/v1/auth/sign_in' && req.post?
  end