2022-10-06 14:23:59 +02:00
|
|
|
package actions
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net"
|
|
|
|
"reflect"
|
2024-02-16 17:04:42 +01:00
|
|
|
"strings"
|
2022-10-06 14:23:59 +02:00
|
|
|
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
)
|
|
|
|
|
|
|
|
func SetHTTPConfig(config *HTTPConfig) {
|
|
|
|
httpConfig = config
|
|
|
|
}
|
|
|
|
|
|
|
|
var httpConfig *HTTPConfig
|
|
|
|
|
|
|
|
type HTTPConfig struct {
|
|
|
|
DenyList []AddressChecker
|
|
|
|
}
|
|
|
|
|
|
|
|
func HTTPConfigDecodeHook(from, to reflect.Value) (interface{}, error) {
|
|
|
|
if to.Type() != reflect.TypeOf(HTTPConfig{}) {
|
|
|
|
return from.Interface(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
config := struct {
|
|
|
|
DenyList []string
|
|
|
|
}{}
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: &config,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err = decoder.Decode(from.Interface()); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
c := HTTPConfig{
|
2024-02-16 17:04:42 +01:00
|
|
|
DenyList: make([]AddressChecker, 0),
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
|
|
|
|
2024-02-16 17:04:42 +01:00
|
|
|
for _, unsplit := range config.DenyList {
|
|
|
|
for _, split := range strings.Split(unsplit, ",") {
|
2024-10-22 16:16:44 +02:00
|
|
|
parsed, parseErr := NewHostChecker(split)
|
2024-02-16 17:04:42 +01:00
|
|
|
if parseErr != nil {
|
|
|
|
return nil, parseErr
|
|
|
|
}
|
|
|
|
if parsed != nil {
|
|
|
|
c.DenyList = append(c.DenyList, parsed)
|
|
|
|
}
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return c, nil
|
|
|
|
}
|
|
|
|
|
2024-10-22 16:16:44 +02:00
|
|
|
func NewHostChecker(entry string) (AddressChecker, error) {
|
|
|
|
_, network, err := net.ParseCIDR(entry)
|
2022-10-06 14:23:59 +02:00
|
|
|
if err == nil {
|
2024-10-22 16:16:44 +02:00
|
|
|
return &HostChecker{Net: network}, nil
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
2024-10-22 16:16:44 +02:00
|
|
|
if ip := net.ParseIP(entry); ip != nil {
|
|
|
|
return &HostChecker{IP: ip}, nil
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
2024-10-22 16:16:44 +02:00
|
|
|
return &HostChecker{Domain: entry}, nil
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
|
|
|
|
2024-10-22 16:16:44 +02:00
|
|
|
type HostChecker struct {
|
|
|
|
Net *net.IPNet
|
|
|
|
IP net.IP
|
|
|
|
Domain string
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
|
|
|
|
2024-10-22 16:16:44 +02:00
|
|
|
func (c *HostChecker) Matches(ips []net.IP, address string) bool {
|
|
|
|
// if the address matches the domain, no additional checks as needed
|
|
|
|
if c.Domain == address {
|
|
|
|
return true
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
2024-10-22 16:16:44 +02:00
|
|
|
// otherwise we need to check on ips (incl. the resolved ips of the host)
|
|
|
|
for _, ip := range ips {
|
|
|
|
if c.Net != nil && c.Net.Contains(ip) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
if c.IP != nil && c.IP.Equal(ip) {
|
|
|
|
return true
|
|
|
|
}
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|
2024-10-22 16:16:44 +02:00
|
|
|
return false
|
2022-10-06 14:23:59 +02:00
|
|
|
}
|