Update README with new order of IP checks

Author: pbojinov

README.md

@@ -50,19 +50,20 @@ The connect-middleware also supports retrieving the ip address under a custom at
 
 It looks for specific headers in the request and falls back to some defaults if they do not exist.
 
-The following is the order we use to determine the user ip from the request.
+The user ip is determined by the following order:
 
 1. `X-Client-IP`  
 2. `X-Forwarded-For` (Header may return multiple IP addresses in the format: "client IP, proxy 1 IP, proxy 2 IP", so we take the the first one.)
 3. `CF-Connecting-IP` (Cloudflare)
-4. `True-Client-Ip` (Akamai and Cloudflare)
-5. `X-Real-IP` (Nginx proxy/FastCGI)
-6. `X-Cluster-Client-IP` (Rackspace LB, Riverbed Stingray)
-7. `X-Forwarded`, `Forwarded-For` and `Forwarded` (Variations of #2)
-8. `req.connection.remoteAddress`
-9. `req.socket.remoteAddress`
-10. `req.connection.socket.remoteAddress`
-11. `req.info.remoteAddress`
+4. `Fastly-Client-Ip` (Fastly CDN and Firebase hosting header when forwared to a cloud function)
+5. `True-Client-Ip` (Akamai and Cloudflare)
+6. `X-Real-IP` (Nginx proxy/FastCGI)
+7. `X-Cluster-Client-IP` (Rackspace LB, Riverbed Stingray)
+8. `X-Forwarded`, `Forwarded-For` and `Forwarded` (Variations of #2)
+9. `req.connection.remoteAddress`
+10. `req.socket.remoteAddress`
+11. `req.connection.socket.remoteAddress`
+12. `req.info.remoteAddress`
 
 If an IP address cannot be found, it will return `null`.
 
@@ -96,7 +97,8 @@ To easily generate a new changelog, install [github-changelog-generator](https:/
 * Thanks to [@osherx](https://github.com/osherx) for adding the connect-middleware.
 * Thanks to [@raunc](https://github.com/raunc) for adding Squid proxy support.
 * Thanks to [@fluxsauce](https://github.com/fluxsauce) for adding `CF-Connecting-IP`, `True-Client-IP`, and ES6 support.
+* Thanks to [@vishalvijay](https://github.com/vishalvijay) for adding Fastly/Firebase hosting support.
 
 ## License
 
-The MIT License (MIT) - 2017
+The MIT License (MIT) - 2018

package.json

@@ -13,7 +13,8 @@
     "X-Client-IP",
     "X-Forwarded-For",
     "CF-Connecting-IP",
-    "True-Client-IP"
+    "Fastly-Client-IP",
+    "True-Client-IP",
     "X-Real-IP",
     "X-Cluster-Client-IP",
     "X-Forwarded",

src/index.js

@@ -46,18 +46,15 @@ function getClientIpFromXForwardedFor(value) {
  * @returns {string} ip - The IP address if known, defaulting to empty string if unknown.
  */
 function getClientIp(req) {
+
     // Server is probably behind a proxy.
     if (req.headers) {
+        
         // Standard headers used by Amazon EC2, Heroku, and others.
         if (is.ip(req.headers['x-client-ip'])) {
             return req.headers['x-client-ip'];
         }
 
-        // Firebase hosting header (When forwared to cloud function)
-        if (is.ip(req.headers['fastly-client-ip'])) {
-            return req.headers['fastly-client-ip'];
-        }
-
         // Load-balancers (AWS ELB) or proxies.
         const xForwardedFor = getClientIpFromXForwardedFor(req.headers['x-forwarded-for']);
         if (is.ip(xForwardedFor)) {
@@ -71,6 +68,11 @@ function getClientIp(req) {
             return req.headers['cf-connecting-ip'];
         }
 
+        // Fastly and Firebase hosting header (When forwared to cloud function)
+        if (is.ip(req.headers['fastly-client-ip'])) {
+            return req.headers['fastly-client-ip'];
+        }
+
         // Akamai and Cloudflare: True-Client-IP.
         if (is.ip(req.headers['true-client-ip'])) {
             return req.headers['true-client-ip'];