remote ip/port if behind a proxy

[23doors]

About #10

This is not a correct fix.

First of all:

class RawWebSocket(WebSocketsResource, OldWebSocketsResource):
    def _makeFactory(self):
        f = PeerOverrideFactory(self.parent._factory)
        WebSocketsResource.__init__(self, self.parent._factory) 
        OldWebSocketsResource.__init__(self, self.parent._factory)

first line in this method is completely unused.

Should be:

class RawWebSocket(WebSocketsResource, OldWebSocketsResource):
    def _makeFactory(self):
        f = PeerOverrideFactory(self.parent._factory)
        WebSocketsResource.__init__(f) 
        OldWebSocketsResource.__init__(f)

otherwise PeerOverrideFactory is completely unused.

Also, getPeer should probably return port as well and support header in format $remote_addr:$remote_port;

E.g. in nginx:

proxy_set_header    X-Real-IP $remote_addr:$remote_port;

In this case PeerOverrideProtocol can look like:

class PeerOverrideProtocol(ProtocolWrapper):
    def getPeer(self):
        if self.parent._options["proxy_header"] and self.request.requestHeaders.hasHeader(
                self.parent._options["proxy_header"]):
            print self.request.requestHeaders.getRawHeaders(self.parent._options["proxy_header"])
            ip = self.request.requestHeaders.getRawHeaders(self.parent._options["proxy_header"])[0].split(",")[
                -1].strip()
            regex = re.match(r"^(?P<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:(?P<port>\d{1,5}))?$", ip)
            ipv4 = True

            if not regex:
                ipv4 = False
                regex = re.match(r"^(?P<ip>.*?)(:(?P<port>\d{1,5}))?$", ip)

            ip = regex.group('ip')
            port = int(regex.group('port')) or ProtocolWrapper.getPeer(self).port

            if ipv4:
                return address.IPv4Address("TCP", ip, port)
            else:
                return address.IPv6Address("TCP", ip, port)

        return ProtocolWrapper.getPeer(self)

IPV6 is not completely parsed here but this address doesn't really have much relevance when behind the proxy other than for logging and informative purposes.

[FugiTech]

1. Yes I saw your comment, I just didn't have time until now to do anything about it. Please be more patient.
2. If you know what's wrong, why didn't you just submit a pull request?
3. Your port-matching regex for IPv6 seems completely broken as IPv6 uses colons as delimiters. Perhaps just use a separate header for the port entirely to avoid having to parse the IP address?
4. What do you mean "this address doesn't really have much relevance when behind the proxy other than for logging and informative purposes"?

[23doors]

1. Wasn't sure if you keep track and receive notifications for closed issues. Main reason for nagging you..
2. I got you the code and explanation. I don't see a reason for you to complain as it is a rather easy fix. Pull request would be much more of a hassle for me, although I agree that it would be more useful for you. Sorry about that, I just didn't have time for all of it but it doesn't mean that I don't appreciate the work you're doing so I wanted to let you know how I fixed it for my purposes.
3. I see that you haven't tested it. It is not broken at all. I know how ipv6 looks like etc and because of that here I have used lazy matching (.*?) for ip part. More info about how it works: http://www.regular-expressions.info/repeat.html . Anyway, feel free to check it.
4. I didn't mean it specifically about ipv6 but about ip in general here. This address is normally not used in any way other than for informative/logging purposes. To identify distinctive clients. It's not like it actually uses it for connecting to them (well, unless someone wants to use it in a more specific way). When used behind untrusted proxy, it can be easily malformed, but it's something one needs to be aware of. Therefore we can assume that proxy will either pass either valid ipv4 or ipv6 address. Validating ipv6 here is not that useful here as if it's not valid, then proxy is misconfigured and that's not for library creator to worry about. Proper validation for ipv6 would be much heavier.