Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a websocketClientAddress helper function to extract the client IP for logging in the OpenAI responses websocket handler. The review feedback identifies that the manual parsing of the remote address and port is redundant because the Gin framework's ClientIP method already implements this logic, and suggests a simplified implementation.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: caa529c282
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if c == nil || c.Request == nil { | ||
| return "" | ||
| } | ||
| return strings.TrimSpace(c.ClientIP()) |
There was a problem hiding this comment.
Switching this log field from Request.RemoteAddr to ClientIP() makes the recorded client address header-dependent; in this repo I only found SetTrustedProxies(...) in a unit test (rg "SetTrustedProxies|TrustedProxies|ForwardedByClientIP"), so production routes appear to rely on Gin defaults where X-Forwarded-For can be trusted too broadly. In that setup, a direct client can spoof X-Forwarded-For and poison websocket connection logs/audit trails with arbitrary IPs.
Useful? React with 👍 / 👎.
2 participants
No description provided.