From fc9a4ea22eb91757b95cbe1bf1708be17fc2337a Mon Sep 17 00:00:00 2001
From: yo momma <shutup@oops.wtf>
Date: Tue, 27 Jan 2026 03:33:16 +0000
Subject: Fix HTTPS/mixed content; make config env-driven

- Replace hardcoded dump.fm URLs with host/scheme config\n- Add optional passwordless login flow\n- Update templates/static assets to avoid blocked HTTP resources\n- Ignore local uploads/SQL dumps
---
 src/utils.clj | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

(limited to 'src/utils.clj')

diff --git a/src/utils.clj b/src/utils.clj
index c0b8b28..57060a6 100755
--- a/src/utils.clj
+++ b/src/utils.clj
@@ -24,11 +24,14 @@
         config
         ))
 
-(let [db-name "dumpfm"
-      db-user (or (System/getenv "DUMP_DBNAME") "postgres")
-      db-pass "root"]
+(let [db-name (or (System/getenv "DUMPFM_DB_NAME") "dumpfm")
+      db-user (or (System/getenv "DUMPFM_DB_USER") "postgres")
+      db-pass (or (System/getenv "DUMPFM_DB_PASSWORD") "")
+      db-port (let [p (System/getenv "DUMPFM_DB_PORT")]
+                (if p (Integer/parseInt p) 5432))]
   (def *db* {:datasource (doto (new PGPoolingDataSource)
                            (.setServerName   db-server)
+                           (.setPortNumber   db-port)
                            (.setDatabaseName db-name)
                            (.setUser         db-user)
                            (.setPassword     db-pass)
@@ -47,8 +50,21 @@
       (throw (Exception. (str "Invalid url " u))))))
 
 (defn get-ip [request]
-  (let [ip (get (:headers request) "x-real-ip")           ; behind nginx
-        ip (if ip ip (:remote-addr request))] (str ip)))  ; deployed locally
+  ;; Prefer reverse-proxy headers, falling back to :remote-addr when running directly.
+  ;; Caddy sets X-Forwarded-For by default.
+  (let [headers (:headers request)
+        x-real  (get headers "x-real-ip")
+        xff     (get headers "x-forwarded-for")
+        xff     (when (and xff (string? xff) (not= "" xff))
+                  (let [ip (.trim (aget (.split xff ",") 0))]
+                    (when-not (= "unknown" (.toLowerCase ip)) ip)))
+        ip      (or x-real xff (:remote-addr request))
+        ip      (if (string? ip) (.trim ip) (str ip))
+        ;; If a proxy includes an IPv4 port suffix, strip it (keep IPv6 intact).
+        ip      (if (and (.contains ip ".") (.contains ip ":"))
+                  (first (.split ip ":"))
+                  ip)]
+    ip))
 
 (defn append [& seqs]
   (reduce into (map vector seqs)))
-- 
cgit v1.2.3-70-g09d2