Class: Otto::Security::Middleware::IPPrivacyMiddleware

Inherits:

Object

• Object
• Otto::Security::Middleware::IPPrivacyMiddleware

Defined in:

lib/otto/security/middleware/ip_privacy_middleware.rb

Overview

IP Privacy Middleware

Automatically masks IP addresses for privacy by default. Original IPs are never stored unless privacy is explicitly disabled.

This middleware runs FIRST in the stack to ensure all downstream middleware and application code receives masked IPs by default.

Examples:

Default behavior (privacy enabled)

# env['REMOTE_ADDR'] is masked to 192.168.1.0
# env['otto.privacy.fingerprint'] contains full anonymized data
# env['otto.original_ip'] is NOT set

Privacy disabled

otto.disable_ip_privacy!
# env['REMOTE_ADDR'] contains real IP
# env['otto.original_ip'] also contains real IP

Instance Method Summary

• #call(env) ⇒ Array

  Process request with IP privacy.

• #initialize(app, security_config = nil) ⇒ IPPrivacyMiddleware constructor

  Initialize IP Privacy middleware.

Constructor Details

#initialize(app, security_config = nil) ⇒ IPPrivacyMiddleware

Initialize IP Privacy middleware

Parameters:

• app (#call) —

  Rack application

• security_config (Otto::Security::Config) (defaults to: nil) —

  Security configuration

# File 'lib/otto/security/middleware/ip_privacy_middleware.rb', line 31

def initialize(app, security_config = nil)
  @app = app
  @security_config = security_config
  @config = security_config&.ip_privacy_config || Otto::Privacy::Config.new

  # Privacy is enabled by default unless explicitly disabled
  @privacy_enabled = @config.enabled?
end

Instance Method Details

#call(env) ⇒ Array

Process request with IP privacy

Parameters:

• env (Hash) —

  Rack environment

Returns:

• (Array) —

  Rack response tuple [status, headers, body]

# File 'lib/otto/security/middleware/ip_privacy_middleware.rb', line 44

def call(env)
  # Idempotency: if a prior IPPrivacyMiddleware pass already resolved the
  # canonical client IP for this request, do not re-resolve or re-mask.
  # This makes stacking two instances (e.g. an app-level mount plus
  # Otto's built-in router mount) order-safe instead of double-masking.
  return @app.call(env) if env.key?('otto.client_ip')

  # Record the connecting peer's trust decision BEFORE any masking, so
  # secure? can authorize X-Forwarded-Proto canonically even after
  # REMOTE_ADDR is rewritten to the masked client IP. Leak-free boolean.
  #
  # This is the trusted-proxy *identity* check only — it is deliberately
  # independent of count-based depth mode. Depth resolves the client IP;
  # it never grants proxy trust for X-Forwarded-Proto (matching the
  # downstream OneTimeSecret behavior).
  env['otto.via_trusted_proxy'] = trusted_proxy?(env['REMOTE_ADDR'])

  if @privacy_enabled
    apply_privacy(env)
  else
    apply_no_privacy(env)
  end

  @app.call(env)
end