Remote IP in context is proxy IP not user IP

[quintinm-dev]

Hello, thank you for all the amazing work that goes into Ash!

In some of my Ash actions I have been reaching into the context.ash_authentication_request.remote_ip as a key for AshRateLimiter. But I am observing that the addresses are from my proxy instead of the actual users, and this matches the dispatcher taking the remote_ip from peer_data

ash_authentication/lib/ash_authentication/plug/dispatcher.ex

Line 80 in 62e5a06

remote_ip: peer_data.address |> :inet.ntoa() |> to_string(),

Beyond my specific rate limiting issues I think this affects the logs written by AshAuthentication.AddOn.AuditLog.

I have a workaround but I'm wondering if there's appetite to fix this more generally. I'm already using RemoteIp https://github.com/ajvondrak/remote_ip to rewrite the conn's remote IP for logging, so maybe we could add a configuration option to take from conn.remote_ip directly instead?

---

Aside: how bad is it to be writing ash_authentication_context into my Ash action context myself? I started rate limiting by IP for actions that aren't authentication related, and it seemed convenient to have a single read path for getting the remote IP. But it feels bad to be setting authentication context for actions that are distinctly not authentication related 😅

[quintinm-dev]

Ah interesting I see #1154
feel like this would be an issue there too ;)