move ipfilter to router config
This commit is contained in:
ziv-codefresh
parent
2e6e38cab2
commit
9cca1613a5
@ -1,9 +1,15 @@
|
||||
[common]
|
||||
server_addr = 127.0.0.1
|
||||
server_port = 7000
|
||||
server_addr = tunnel.io
|
||||
server_port = 7005
|
||||
;protocol = websocket
|
||||
log_level = debug
|
||||
|
||||
[ssh]
|
||||
[web]
|
||||
type = tcp
|
||||
local_ip = 127.0.0.1
|
||||
local_port = 22
|
||||
remote_port = 6000
|
||||
local_port = 3002
|
||||
remote_port = 84
|
||||
meta_Authorization = {{ .Envs.AUTHORIZATION }}
|
||||
subdomain = ziv
|
||||
ips_allow_list = "127.0.1.1/16,192.198.100.10"
|
||||
;http_user = abc
|
||||
;http_pwd = abc
|
||||
@ -1,2 +1,15 @@
|
||||
[common]
|
||||
bind_port = 7000
|
||||
bind_port = 7005
|
||||
vhost_http_port=82
|
||||
subdomain_host=tunnel.io
|
||||
log_level = trace
|
||||
|
||||
;[plugin.codefresh]
|
||||
;addr = 127.0.0.1:7200
|
||||
;path = /newProxy
|
||||
;ops = NewProxy
|
||||
|
||||
;[plugin.codefresh]
|
||||
;addr = 127.0.0.1:7200
|
||||
;path = /newWorkConn
|
||||
;ops = Ping
|
||||
@ -20,7 +20,6 @@ import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/jpillora/ipfilter"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
@ -190,14 +189,8 @@ func (rp *HTTPReverseProxy) CheckRemoteAddress(domain, location, routeByHTTPUser
|
||||
remoteAddWithoutPort := strings.Split(remoteAdd, ":")[0]
|
||||
vr, ok := rp.getVhost(domain, location, routeByHTTPUser)
|
||||
if ok {
|
||||
ipsAllowList := vr.payload.(*RouteConfig).IpsAllowList
|
||||
if ipsAllowList != nil {
|
||||
// perhaps it's better to configure it once and check the remote address here
|
||||
f := ipfilter.New(ipfilter.Options{
|
||||
AllowedIPs: vr.payload.(*RouteConfig).IpsAllowList,
|
||||
BlockByDefault: true,
|
||||
})
|
||||
return f.Allowed(remoteAddWithoutPort)
|
||||
if vr.ipValidator != nil {
|
||||
return vr.ipValidator.Allowed(remoteAddWithoutPort)
|
||||
}
|
||||
}
|
||||
return true
|
||||
|
||||
@ -2,9 +2,13 @@ package vhost
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
"unsafe"
|
||||
|
||||
"github.com/jpillora/ipfilter"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -20,9 +24,10 @@ type Routers struct {
|
||||
}
|
||||
|
||||
type Router struct {
|
||||
domain string
|
||||
location string
|
||||
httpUser string
|
||||
domain string
|
||||
location string
|
||||
httpUser string
|
||||
ipValidator *ipfilter.IPFilter
|
||||
|
||||
// store any object here
|
||||
payload interface{}
|
||||
@ -51,12 +56,22 @@ func (r *Routers) Add(domain, location, httpUser string, payload interface{}) er
|
||||
vrs = make([]*Router, 0, 1)
|
||||
}
|
||||
|
||||
vr := &Router{
|
||||
domain: domain,
|
||||
location: location,
|
||||
httpUser: httpUser,
|
||||
payload: payload,
|
||||
var ipValidator *ipfilter.IPFilter
|
||||
if payload.(*RouteConfig).IpsAllowList != nil {
|
||||
ipValidator = ipfilter.New(ipfilter.Options{
|
||||
AllowedIPs: payload.(*RouteConfig).IpsAllowList,
|
||||
BlockByDefault: true,
|
||||
})
|
||||
}
|
||||
|
||||
vr := &Router{
|
||||
domain: domain,
|
||||
location: location,
|
||||
httpUser: httpUser,
|
||||
ipValidator: ipValidator,
|
||||
payload: payload,
|
||||
}
|
||||
fmt.Printf("Size of %T struct: %d bytes", vr, unsafe.Sizeof(*vr))
|
||||
vrs = append(vrs, vr)
|
||||
sort.Sort(sort.Reverse(ByLocation(vrs)))
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user