Fix: Refactor auth flow and ensure HAproxy v2 config check

Add conditional check for HAproxy v2 support before processing the client IP and XClientPort in auth.go. Also simplify auth call chain in http.go by removing redundant withClientInfo call.

Signed-off-by: Christian Roessner <c@roessner.co>

server/core/auth.go

@@ -2384,12 +2384,14 @@ func (a *AuthState) withClientInfo(ctx *gin.Context) *AuthState {
 
 	if a.ClientIP == "" {
 		// This might be valid if HAproxy v2 support is enabled
-		a.ClientIP, a.XClientPort, err = net.SplitHostPort(ctx.Request.RemoteAddr)
-		if err != nil {
-			level.Error(log.Logger).Log(definitions.LogKeyGUID, a.GUID, definitions.LogKeyMsg, err.Error())
-		}
+		if config.LoadableConfig.Server.HAproxyV2 {
+			a.ClientIP, a.XClientPort, err = net.SplitHostPort(ctx.Request.RemoteAddr)
+			if err != nil {
+				level.Error(log.Logger).Log(definitions.LogKeyGUID, a.GUID, definitions.LogKeyMsg, err.Error())
+			}
 
-		util.ProcessXForwardedFor(ctx, &a.ClientIP, &a.XClientPort, &a.XSSL)
+			util.ProcessXForwardedFor(ctx, &a.ClientIP, &a.XClientPort, &a.XSSL)
+		}
 	}
 
 	if config.LoadableConfig.Server.DNS.ResolveClientIP {

server/core/http.go

@@ -182,7 +182,7 @@ func requestHandler(ctx *gin.Context) {
 			if found, reject := auth.preproccessAuthRequest(ctx); reject {
 				return
 			} else if found {
-				auth.withClientInfo(ctx).withLocalInfo(ctx).withUserAgent(ctx).withXSSL(ctx)
+				auth.withLocalInfo(ctx).withUserAgent(ctx).withXSSL(ctx)
 			}
 
 			switch ctx.Param("service") {