Add HttpServletRequestUtil

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ChallengeController.java

@@ -43,6 +43,7 @@ import org.whispersystems.textsecuregcm.spam.FilterSpam;
 import org.whispersystems.textsecuregcm.spam.PushChallengeConfig;
 import org.whispersystems.textsecuregcm.spam.ScoreThreshold;
 import org.whispersystems.textsecuregcm.util.HeaderUtils;
+import org.whispersystems.textsecuregcm.util.HttpServletRequestUtil;
 
 @Path("/v1/challenge")
 @Tag(name = "Challenge")
@@ -103,7 +104,7 @@ public class ChallengeController {
         tags = tags.and(CHALLENGE_TYPE_TAG, "recaptcha");
 
         final String remoteAddress = useRemoteAddress
-            ? request.getRemoteAddr()
+            ? HttpServletRequestUtil.getRemoteAddress(request)
             : HeaderUtils.getMostRecentProxy(forwardedFor).orElseThrow(BadRequestException::new);
         boolean success = rateLimitChallengeManager.answerRecaptchaChallenge(
             auth.getAccount(),

service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java

@@ -89,6 +89,7 @@ import org.whispersystems.textsecuregcm.storage.RegistrationRecoveryPasswordsMan
 import org.whispersystems.textsecuregcm.storage.VerificationSessionManager;
 import org.whispersystems.textsecuregcm.util.ExceptionUtils;
 import org.whispersystems.textsecuregcm.util.HeaderUtils;
+import org.whispersystems.textsecuregcm.util.HttpServletRequestUtil;
 import org.whispersystems.textsecuregcm.util.Pair;
 import org.whispersystems.textsecuregcm.util.Util;
 
@@ -212,7 +213,7 @@ public class VerificationController {
       @NotNull @Extract final SenderOverride senderOverride) {
 
     final String sourceHost = useRemoteAddress
-        ? request.getRemoteAddr()
+        ? HttpServletRequestUtil.getRemoteAddress(request)
         : HeaderUtils.getMostRecentProxy(forwardedFor).orElseThrow();
 
     final Pair<String, PushNotification.TokenType> pushTokenAndType = validateAndExtractPushToken(

service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitByIpFilter.java

@@ -26,6 +26,7 @@ import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.controllers.RateLimitExceededException;
 import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.util.HeaderUtils;
+import org.whispersystems.textsecuregcm.util.HttpServletRequestUtil;
 
 public class RateLimitByIpFilter implements ContainerRequestFilter {
 
@@ -71,7 +72,7 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
     try {
       final String xffHeader = requestContext.getHeaders().getFirst(HttpHeaders.X_FORWARDED_FOR);
       final Optional<String> remoteAddress = useRemoteAddress
-          ? Optional.of(httpServletRequestProvider.get().getRemoteAddr())
+          ? Optional.of(HttpServletRequestUtil.getRemoteAddress(httpServletRequestProvider.get()))
           : Optional.ofNullable(xffHeader)
               .flatMap(HeaderUtils::getMostRecentProxy);
 

service/src/main/java/org/whispersystems/textsecuregcm/util/HttpServletRequestUtil.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2024 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+package org.whispersystems.textsecuregcm.util;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class HttpServletRequestUtil {
+
+  /**
+   * Returns the remote address of the request, removing bracket ("[…]") host notation from IPv6 addresses present in
+   * some implementations, notably {@link org.eclipse.jetty.server.HttpChannel}.
+   */
+  public static String getRemoteAddress(final HttpServletRequest request) {
+    final String remoteAddr = request.getRemoteAddr();
+
+    if (remoteAddr.startsWith("[")) {
+      return remoteAddr.substring(1, remoteAddr.length() - 1);
+    }
+
+    return remoteAddr;
+  }
+}