From a3526604e0c3b9d81f1cde7e9ca2f610c4d2654d Mon Sep 17 00:00:00 2001
From: Daniel <dhaavi@users.noreply.github.com>
Date: Wed, 8 May 2024 14:18:52 +0200
Subject: [PATCH] Fix process based API authentication when API listens on
 0.0.0.0

---
 service/firewall/api.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/service/firewall/api.go b/service/firewall/api.go
index 244ec2b8..24fa69ba 100644
--- a/service/firewall/api.go
+++ b/service/firewall/api.go
@@ -75,6 +75,11 @@ func apiAuthenticator(r *http.Request, s *http.Server) (token *api.AuthToken, er
 	if err != nil {
 		return nil, fmt.Errorf("failed to get local IP/Port: %w", err)
 	}
+	// Correct 0.0.0.0 to 127.0.0.1 to fix local process-based authentication,
+	// if 0.0.0.0 is used as the API listen address.
+	if localIP.Equal(net.IPv4zero) {
+		localIP = net.IPv4(127, 0, 0, 1)
+	}
 
 	// get remote IP/Port
 	remoteIP, remotePort, err := netutils.ParseIPPort(r.RemoteAddr)
@@ -110,7 +115,6 @@ func apiAuthenticator(r *http.Request, s *http.Server) (token *api.AuthToken, er
 		if !retry {
 			break
 		}
-
 		// wait a little
 		time.Sleep(500 * time.Millisecond)
 	}