fix: useragent and ip detection in password express endpoint

Author: darkbasic

packages/password/package.json

@@ -29,14 +29,16 @@
   "dependencies": {
     "@accounts/two-factor": "^0.32.4",
     "bcryptjs": "2.4.3",
-    "express-validator": "^7.0.1"
+    "express-validator": "^7.0.1",
+    "request-ip": "3.3.0"
   },
   "devDependencies": {
     "@accounts/server": "^0.33.1",
     "@accounts/types": "^0.33.1",
     "@types/bcryptjs": "2.4.6",
     "@types/express": "^4.17.21",
     "@types/lodash.set": "4.3.9",
+    "@types/request-ip": "0.0.41",
     "graphql": "16.8.1",
     "graphql-modules": "3.0.0-alpha-20231106133212-0b04b56e",
     "lodash.set": "4.3.2",

packages/password/src/endpoints/express.ts

@@ -2,6 +2,7 @@ import { type Injector } from 'graphql-modules';
 import type { Request, Response, NextFunction } from 'express';
 import AccountsPassword from '../accounts-password';
 import { body, matchedData, param, validationResult } from 'express-validator';
+import { getClientIp } from 'request-ip';
 
 function matchOrThrow<T extends Record<string, any> = Record<string, any>>(
   ...args: Parameters<typeof matchedData>
@@ -12,6 +13,15 @@ function matchOrThrow<T extends Record<string, any> = Record<string, any>>(
   return matchedData(...args) as T;
 }
 
+const getUserAgent = (req: Request) => {
+  let userAgent: string = (req.headers['user-agent'] as string) || '';
+  if (req.headers['x-ucbrowser-ua']) {
+    // special case of UC Browser
+    userAgent = req.headers['x-ucbrowser-ua'] as string;
+  }
+  return userAgent;
+};
+
 function getHtml(title: string, body: string) {
   return `
     <!DOCTYPE html>
@@ -30,11 +40,9 @@ function getHtml(title: string, body: string) {
 }
 
 export const infosMiddleware = (req: Request, _res: Response, next: NextFunction) => {
-  const userAgent = 'userAgent';
-  const ip = 'ip';
   req.infos = {
-    userAgent,
-    ip,
+    userAgent: getUserAgent(req),
+    ip: getClientIp(req) ?? req.ip,
   };
   next();
 };

packages/rest-express/src/express-middleware.ts

@@ -41,11 +41,9 @@ const accountsExpress = (
    * Middleware to populate the user agent and ip.
    */
   router.use((req, _, next) => {
-    const userAgent = getUserAgent(req);
-    const ip = getClientIp(req)!;
     req.infos = {
-      userAgent,
-      ip,
+      userAgent: getUserAgent(req),
+      ip: getClientIp(req) ?? req.ip,
     };
 
     next();

yarn.lock

@@ -412,12 +412,14 @@ __metadata:
     "@types/bcryptjs": "npm:2.4.6"
     "@types/express": "npm:^4.17.21"
     "@types/lodash.set": "npm:4.3.9"
+    "@types/request-ip": "npm:0.0.41"
     bcryptjs: "npm:2.4.3"
     express-validator: "npm:^7.0.1"
     graphql: "npm:16.8.1"
     graphql-modules: "npm:3.0.0-alpha-20231106133212-0b04b56e"
     lodash.set: "npm:4.3.2"
     reflect-metadata: "npm:0.1.13"
+    request-ip: "npm:3.3.0"
   peerDependencies:
     "@accounts/server": ^0.33.0
     graphql: ^14.0.0 || ^15.0.0 || ^16.0.0