class ActionDispatch::RemoteIp::GetIp

Experimental RBS support (using type sampling data from the type_fusion project). 

# sig/action_dispatch/middleware/remote_ip.rbs

class ActionDispatch::RemoteIp::GetIp
  def ips_from: (String header) -> Array[String]
  def to_s: () -> String
end

is called, this class will calculate the value and then memoize it.
into an actual IP address. If the ActionDispatch::Request#remote_ip method
The GetIp class exists as a way to defer processing of the request data

def calculate_ip

the last address left, which was presumably set by one of those proxies.
take the list of IPs, remove known and trusted proxies, and then take
In order to find the first address that is (probably) accurate, we

it could also have been set by the client maliciously.
while the first IP in the list is likely to be the "originating" IP,
As discussed in {this post about Rails IP Spoofing}[https://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/],

set the +Client-Ip+ header instead, so we check that too.
proxies, that header may contain a list of IPs. Other proxy services
request will be put in an +X-Forwarded-For+ header. If there are multiple
server like HAProxy or NGINX, the IP address that made the original
Ruby process, on e.g. Heroku. When the request is proxied by another
REMOTE_ADDR will be correct if the request is made directly against the

request.
likely to be the address of the actual remote client making this
Sort through the various IP address headers, looking for the IP most 
def calculate_ip
  # Set by the Rack web server, this is a single value.
  remote_addr = ips_from(@req.remote_addr).last
  # Could be a CSV list and/or repeated headers that were concatenated.
  client_ips    = ips_from(@req.client_ip).reverse
  forwarded_ips = ips_from(@req.x_forwarded_for).reverse
  # +Client-Ip+ and +X-Forwarded-For+ should not, generally, both be set.
  # If they are both set, it means that either:
  #
  # 1) This request passed through two proxies with incompatible IP header
  #    conventions.
  # 2) The client passed one of +Client-Ip+ or +X-Forwarded-For+
  #    (whichever the proxy servers weren't using) themselves.
  #
  # Either way, there is no way for us to determine which header is the
  # right one after the fact. Since we have no idea, if we are concerned
  # about IP spoofing we need to give up and explode. (If you're not
  # concerned about IP spoofing you can turn the +ip_spoofing_check+
  # option off.)
  should_check_ip = @check_ip && client_ips.last && forwarded_ips.last
  if should_check_ip && !forwarded_ips.include?(client_ips.last)
    # We don't know which came from the proxy, and which from the user
    raise IpSpoofAttackError, "IP spoofing attack?! " \
      "HTTP_CLIENT_IP=#{@req.client_ip.inspect} " \
      "HTTP_X_FORWARDED_FOR=#{@req.x_forwarded_for.inspect}"
  end
  # We assume these things about the IP headers:
  #
  #   - X-Forwarded-For will be a list of IPs, one per proxy, or blank
  #   - Client-Ip is propagated from the outermost proxy, or is blank
  #   - REMOTE_ADDR will be the IP that made the request to Rack
  ips = [forwarded_ips, client_ips].flatten.compact
  # If every single IP option is in the trusted list, return the IP
  # that's furthest away
  filter_proxies(ips + [remote_addr]).first || ips.last || remote_addr
end

def filter_proxies(ips) # :doc:

:doc: 
def filter_proxies(ips) # :doc:
  ips.reject do |ip|
    @proxies.any? { |proxy| proxy === ip }
  end
end

def initialize(req, check_ip, proxies) 

def initialize(req, check_ip, proxies)
  @req      = req
  @check_ip = check_ip
  @proxies  = proxies
end

def ips_from(header) # :doc:

Experimental RBS support (using type sampling data from the type_fusion project). 

def ips_from: (String header) ->

This signature was generated using 2 samples from 1 application.

:doc: 
def ips_from(header) # :doc:
  return [] unless header
  # Split the comma-separated list into an array of strings.
  ips = header.strip.split(/[,\s]+/)
  ips.select do |ip|
    # Only return IPs that are valid according to the IPAddr#new method.
    range = IPAddr.new(ip).to_range
    # We want to make sure nobody is sneaking a netmask in.
    range.begin == range.end
  rescue ArgumentError
    nil
  end
end

def to_s

Experimental RBS support (using type sampling data from the type_fusion project). 

def to_s: () -> String

This signature was generated using 1 sample from 1 application.

ActionDispatch::Request to use.
Memoizes the value returned by #calculate_ip and returns it for 
def to_s
  @ip ||= calculate_ip
end