From a32cde4da67989b810d341ea34b57280f10f2ea6 Mon Sep 17 00:00:00 2001
From: zefr0x <zer0-x.7ty50@aleeas.com>
Date: Sun, 31 Aug 2025 21:05:04 +0300
Subject: [PATCH] feat: add `http.peer_ip` to the root span

`realip_remote_addr` can be spoofed without using proxy or not
configuring it properly. `peer_addr` is considered more trustworthy for
security-sensitive operations, which is the actual socket address of the
client when not behind any proxy, and the proxy's address otherwise.

When we are using a trusted and properly configured proxy, `peer_addr`
should return the proxy's address, and `realip_remote_addr` should return
a trusted client address.
---
 src/root_span_macro.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/root_span_macro.rs b/src/root_span_macro.rs
index 53469d5..59e39c4 100644
--- a/src/root_span_macro.rs
+++ b/src/root_span_macro.rs
@@ -100,6 +100,7 @@ macro_rules! root_span {
                         http.scheme = %$crate::root_span_macro::private::http_scheme(connection_info.scheme()),
                         http.host = %connection_info.host(),
                         http.client_ip = %$request.connection_info().realip_remote_addr().unwrap_or(""),
+                        http.peer_ip = %$request.connection_info().peer_addr().unwrap_or(""),
                         http.user_agent = %user_agent,
                         http.target = %$request.uri().path_and_query().map(|p| p.as_str()).unwrap_or(""),
                         http.status_code = $crate::root_span_macro::private::tracing::field::Empty,