feat: new trusted_headers, trusted_proxies, and use_forward_headers config options

Signed-off-by: Henry <mail@henrygressmann.de>

Author: explodingcamera

CHANGELOG.md

@@ -18,16 +18,29 @@ Since this is not a library, this changelog focuses on the changes that are rele
 
 ## [Unreleased]
 
-- Added new entry/exit page metric
+### Features
+
+- Added new `trusted_headers`, `trusted_proxies`, and `use_forward_headers` config options
+- Added new entry page and exit page dimensions
+- Added new screen width and orientation dimensions
+
+### Bug Fixes
+
+- Fixed error when both `listen` and `port` config options are set
+- Added retry logic when opening the DuckDB database to handle potential locking issues on startup (e.g. when the database is being updated by another process or when using a shared network drive)
+- Fixed an issue where users with invalid session tokens would show up in the UI as logged in
+
+### Other
+
+- Added `?ref` / `?referrer` / `?source` as fallbacks for UTM source
 - Updated to the latest version of DuckDB (1.5.1)
-- Fixed error when both `listen` and `port` configuration options are set
-- Added retry logic when loading the DuckDB database to handle potential locking issues on startup (e.g. when the database is being updated by another process or when using a shared network drive)
 - Improved filtering out invalid referrers
 - Improved world map rendering & graph for bounce rate metric
+- Improved UI error messages / loading states
 
 ## [v1.4.0] - 2026-03-14
 
-- Updated to the latest version of DuckDB (1.5)
+- Updated to the latest version of DuckDB (1.5.0)
 - GeoIP database now automatically reloads if it has been updated on disk / fixed an issue where the GeoIP database would not be updated on the first boot
 - Switched to using `axum` as the web framework and `ua-parser` for user-agent parsing
 - Added new `listen` configuration option to specify the address and port to listen on (can be a socket address or just a port number). The old `port` option is still supported for backwards compatibility.
@@ -69,7 +82,7 @@ If you map a folder to `/data` and encounter permission issues, ensure it’s ow
 
 ## [v1.0.0] - 2024-12-06
 
-### 🚀 Features
+### Features
 
 - **UTM parameters**: Added support for UTM parameters. You can filter and search by UTM source, medium, campaign, content, and term. ([#13](https://github.com/explodingcamera/liwan/pull/13))
 - **New Date Ranges**: Fully reworked date ranges. Data is more accurate and consistent now, and you can move to the next or previous time range. Also includes some new time ranges like `Week to Date` and `All Time`. You can now also select a custom date range to view your data. ([97cdfce](https://github.com/explodingcamera/liwan/commit/97cdfce509ed2fd2fd74b23c73726a5e01b7b288), [391c580](https://github.com/explodingcamera/liwan/commit/391c580c926e2b4ca250e08bbe725210774d99b2))
@@ -78,7 +91,7 @@ If you map a folder to `/data` and encounter permission issues, ensure it’s ow
 - **Favicons can be disabled**: You can now disable fetching favicons from DuckDuckGo (`config.toml` setting: `disable_favicons`) ([2100bfe](https://github.com/explodingcamera/liwan/commit/2100bfe6ba868b59d2b383220f22b0dbf23a6712))
 - **New Graphs**: Graphs are now custom-built using d3 directly to improve performance and flexibility. ([eb1415d](https://github.com/explodingcamera/liwan/commit/eb1415d6bdf6d3be9509b0b4fa743b6f112b2c0a))
 
-### 🐛 Bug Fixes
+### Bug Fixes
 
 - Fixed a potential panic when entities are not found in the database ([`31405a7`](https://github.com/explodingcamera/liwan/commit/31405a721dc5c5493098e211927281cca7816fec))
 - Fixed issues with the `Yesterday` Date Range ([`76278b57`](https://github.com/explodingcamera/liwan/commit/76278b579c5fe1557bf1c184542ed6ed2aba57cd))

Cargo.lock

@@ -80,6 +80,7 @@ url="2.5"
 ua-parser="0.2"
 rust-embed={version="8.11", features=["mime-guess"]}
 reqwest={version="0.13", default-features=false, features=["json", "stream", "charset", "rustls"]}
+ipnet="2.11"
 
 # database
 duckdb={version="1.10501", features=["chrono", "bundled", "r2d2"]}

Cargo.toml

@@ -6,6 +6,20 @@ listen=9042 # The port to listen on (http)
 # # defaults to ./liwan-data on other platforms
 # data_dir="./liwan-data"
 
+# Trusted client IP headers (used in order).
+# Defaults to all supported headers.
+# trusted_headers=["cf-connecting-ip", "fly-client-ip", "true-client-ip", "x-real-ip", "cloudfront-viewer-address", "x-forwarded-for", "forwarded"]
+# You can also include custom headers. Names are case-insensitive.
+# trusted_headers=["X-Forwarded-For", "X-Client-IP"]
+
+# Trusted reverse proxies (IP or CIDR).
+# Empty by default, meaning all proxies are trusted.
+# trusted_proxies=["127.0.0.1", "10.0.0.0/8"]
+
+# Whether to use forwarded IP headers at all.
+# If false, only the direct peer IP is used.
+# use_forward_headers=true
+
 # GeoIp settings (Optional)
 [geoip]
 # # MaxMind account ID and license key

data/config.example.toml

@@ -1,3 +1,4 @@
+use crate::utils::ip_headers::{TrustedHeader, TrustedProxy, deserialize_trusted_headers, deserialize_trusted_proxies};
 use anyhow::{Context, Result, bail};
 use figment::Figment;
 use figment::providers::{Env, Format, Toml};
@@ -36,6 +37,14 @@ fn default_data_dir() -> String {
     "./liwan-data".to_string()
 }
 
+fn default_trusted_headers() -> Vec<TrustedHeader> {
+    TrustedHeader::all().to_vec()
+}
+
+fn default_use_forward_headers() -> bool {
+    true
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Config {
     #[serde(default = "default_base")]
@@ -59,6 +68,15 @@ pub struct Config {
 
     #[serde(default)]
     pub duckdb: DuckdbConfig,
+
+    #[serde(default = "default_trusted_headers", deserialize_with = "deserialize_trusted_headers")]
+    pub trusted_headers: Vec<TrustedHeader>,
+
+    #[serde(default, deserialize_with = "deserialize_trusted_proxies")]
+    pub trusted_proxies: Vec<TrustedProxy>,
+
+    #[serde(default = "default_use_forward_headers")]
+    pub use_forward_headers: bool,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -87,6 +105,9 @@ impl Default for Config {
             disable_favicons: false,
             listen: None,
             port: None,
+            trusted_headers: default_trusted_headers(),
+            trusted_proxies: Vec::new(),
+            use_forward_headers: default_use_forward_headers(),
         }
     }
 }
@@ -194,6 +215,7 @@ impl Config {
 #[allow(clippy::result_large_err)]
 mod test {
     use super::*;
+    use crate::utils::ip_headers::{TrustedHeader, TrustedProxy};
     use figment::Jail;
 
     #[test]
@@ -285,10 +307,28 @@ mod test {
             jail.set_env("LIWAN_DATA_DIR", "/data");
             jail.set_env("LIWAN_BASE_URL", "https://example.com");
             jail.set_env("LIWAN_MAXMIND_ACCOUNT_ID", 123);
+            jail.set_env("LIWAN_TRUSTED_HEADERS", "X_Forwarded_For,Forwarded");
+            jail.set_env("LIWAN_TRUSTED_PROXIES", "127.0.0.1,10.0.0.0/8");
             let config = Config::load(None).expect("failed to load config");
             assert_eq!(config.data_dir, "/data");
             assert_eq!(config.base_url, "https://example.com");
             assert_eq!(config.geoip.maxmind_account_id, Some("123".to_string()));
+            assert_eq!(config.trusted_headers, vec![TrustedHeader::XForwardedFor, TrustedHeader::Forwarded]);
+            assert_eq!(
+                config.trusted_proxies,
+                vec![TrustedProxy::Ip("127.0.0.1".parse().unwrap()), TrustedProxy::Cidr("10.0.0.0/8".parse().unwrap())]
+            );
+            assert!(config.use_forward_headers);
+            Ok(())
+        });
+    }
+
+    #[test]
+    fn test_env_custom_trusted_header() {
+        Jail::expect_with(|jail| {
+            jail.set_env("LIWAN_TRUSTED_HEADERS", "X_CLIENT_IP");
+            let config = Config::load(None).expect("failed to load config");
+            assert_eq!(config.trusted_headers, vec![TrustedHeader::Other("x-client-ip".to_string())]);
             Ok(())
         });
     }