From 0211b5d881216a64505a530b12c984394009a056 Mon Sep 17 00:00:00 2001
From: Sergey Karmanov <ppoocpel8888@gmail.com>
Date: Sat, 6 Sep 2025 22:27:32 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20X?=
 =?UTF-8?q?=20Forwarded=20Proto?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 SfeduSchedule/Program.cs | 10 +++++++---
 docker-compose-prod.yml  |  1 +
 docker-compose-test.yml  |  1 +
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/SfeduSchedule/Program.cs b/SfeduSchedule/Program.cs
index cb3433a..09788dd 100644
--- a/SfeduSchedule/Program.cs
+++ b/SfeduSchedule/Program.cs
@@ -76,7 +76,9 @@ builder.Services.AddRateLimiter(options =>
 {
     options.AddPolicy("throttle", httpContext =>
         RateLimitPartition.GetFixedWindowLimiter(
-            partitionKey: httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown",
+            partitionKey: (httpContext.Request.Headers.TryGetValue("X-Forwarded-For", out var xff) && !string.IsNullOrWhiteSpace(xff.ToString()))
+                ? xff.ToString().Split(',')[0].Trim()
+                : (httpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown"),
             factory: _ => new FixedWindowRateLimiterOptions
             {
                 PermitLimit = 20,
@@ -92,8 +94,10 @@ builder.Services.AddRateLimiter(options =>
             cancellationToken);
 
         var reqLogger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
-        reqLogger.LogWarning("Rate limit exceeded for IP: {IpAddress}",
-            context.HttpContext.Connection.RemoteIpAddress);
+        var clientIp = (context.HttpContext.Request.Headers.TryGetValue("X-Forwarded-For", out var xff) && !string.IsNullOrWhiteSpace(xff.ToString()))
+            ? xff.ToString().Split(',')[0].Trim()
+            : context.HttpContext.Connection.RemoteIpAddress?.ToString();
+        reqLogger.LogWarning("Rate limit exceeded for IP: {IpAddress}", clientIp);
     };
 });
 
diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
index 2208b32..33b278d 100644
--- a/docker-compose-prod.yml
+++ b/docker-compose-prod.yml
@@ -4,6 +4,7 @@ services:
             - '8088:8080'
         container_name: SfeduSchedule
         environment:
+            - ASPNETCORE_FORWARDEDHEADERS_ENABLED=true
             - AzureAd:Instance=https://login.microsoftonline.com/
             - AzureAd:TenantId=sfedu.ru
             - AzureAd:ClientId=
diff --git a/docker-compose-test.yml b/docker-compose-test.yml
index 85db821..b1a5944 100644
--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
@@ -4,6 +4,7 @@ services:
             - '8088:8080'
         container_name: SfeduSchedule
         environment:
+            - ASPNETCORE_FORWARDEDHEADERS_ENABLED=true
             - AzureAd:Instance=https://login.microsoftonline.com/
             - AzureAd:TenantId=sfedu.ru
             - AzureAd:ClientId=