[auth] Make a process of deriving end-user IP configurable.

On GAE we always use req.RemoteAddr as end-user IP (e.g. to use in IP
whitelists). This is no longer correct in k8s or any other environment with
HTTP-level proxies or load balancers: req.RemoteAddr will be the address or
a proxy, not end user.

Most proxies convey end-user address through X-Forwarded-For header. But its
exact format depends on the hosting environment (e.g. number of proxy layers in
front of the server). It is now responsibility of a code that hosts auth
subsystem to supply correct implementation of the end-user IP extraction.

R=jchinlee@chromium.org, nodir@chromium.org, tandrii@chromium.org
BUG=959427

Change-Id: I89646a0a0544b0a30e5553da80f0ac0d35967269
Reviewed-on: https://chromium-review.googlesource.com/c/infra/luci/luci-go/+/1623156
Reviewed-by: Jao-ke Chin-Lee <jchinlee@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
3 files changed
tree: 67c9aaab6ba8eec91a0953e04d1894ab1ecdf963
  1. .gitattributes
  2. .travis.yml
  3. AUTHORS
  4. CONTRIBUTING.md
  5. CONTRIBUTORS
  6. LICENSE
  7. OWNERS
  8. PRESUBMIT.py
  9. README.md
  10. appengine/
  11. auth/
  12. buildbucket/
  13. cipd/
  14. client/
  15. codereview.settings
  16. common/
  17. config/
  18. cq/
  19. dm/
  20. examples/
  21. gce/
  22. grpc/
  23. hardcoded/
  24. logdog/
  25. luci_notify/
  26. lucicfg/
  27. lucictx/
  28. machine-db/
  29. milo/
  30. mmutex/
  31. mp/
  32. pre-commit-go.yml
  33. scheduler/
  34. scripts/
  35. server/
  36. starlark/
  37. swarming/
  38. tokenserver/
  39. tools/
  40. tumble/
  41. vpython/
  42. web/
README.md

luci-go: LUCI services and tools in Go

GoDoc

Installing

LUCI Go code is meant to be worked on from an Chromium infra.git checkout, which enforces packages versions and Go toolchain version. First get fetch via depot_tools.git then run:

fetch infra
cd infra/go
eval `./env.py`
cd src/go.chromium.org/luci

Contributing

Contributing uses the same flow as Chromium contributions.