mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-12-26 13:38:51 +00:00
Accept wider range of IP for proxies and RTC relay
This commit is contained in:
parent
c782f64602
commit
36bfe8e24e
@ -13,6 +13,7 @@ use crate::data::config::conf;
|
||||
use crate::data::error::{ExecError, Res};
|
||||
use crate::helpers::events_helper;
|
||||
use crate::helpers::events_helper::Event;
|
||||
use crate::utils::network_utils::match_ip;
|
||||
|
||||
struct RtcRelayActor {}
|
||||
|
||||
@ -245,7 +246,7 @@ pub async fn open_ws(req: actix_web::HttpRequest,
|
||||
let conf = conf().rtc_relay.as_ref().unwrap();
|
||||
|
||||
// Check remote IP address
|
||||
if !ip.ip().to_string().eq(&conf.ip) {
|
||||
if !match_ip(&conf.ip, ip.ip().to_string().as_str()) {
|
||||
eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip);
|
||||
return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!"));
|
||||
}
|
||||
|
@ -15,6 +15,7 @@ use crate::data::error::{Res, ResultBoxError};
|
||||
use crate::data::user_token::UserAccessToken;
|
||||
use crate::helpers::{account_helper, admin_access_token_helper, api_helper};
|
||||
use crate::routes::RequestResult;
|
||||
use crate::utils::network_utils::match_ip;
|
||||
|
||||
/// Http request handler
|
||||
///
|
||||
@ -183,7 +184,7 @@ impl BaseRequestHandler for HttpRequestHandler {
|
||||
|
||||
// We check if the request comes from a trusted reverse proxy
|
||||
if let Some(proxy) = conf().proxy.as_ref() {
|
||||
if ip.eq(proxy) {
|
||||
if match_ip(proxy, &ip) {
|
||||
if let Some(header) = self.request.headers().get("X-Forwarded-For") {
|
||||
let header: Vec<String> = header
|
||||
.to_str()
|
||||
|
@ -11,4 +11,5 @@ pub mod pdf_utils;
|
||||
pub mod mp3_utils;
|
||||
pub mod mp4_utils;
|
||||
pub mod zip_utils;
|
||||
pub mod webpage_utils;
|
||||
pub mod webpage_utils;
|
||||
pub mod network_utils;
|
28
src/utils/network_utils.rs
Normal file
28
src/utils/network_utils.rs
Normal file
@ -0,0 +1,28 @@
|
||||
//! # Network utilities
|
||||
//!
|
||||
//! @author Pierre Hubert
|
||||
|
||||
/// Check whether an IP address matches a given pattern. Pattern can be either:
|
||||
/// * An IP address
|
||||
/// * An IP mask ending with a star (*)
|
||||
///
|
||||
/// ```
|
||||
/// use comunic_server::utils::network_utils::match_ip;
|
||||
///
|
||||
/// assert!(match_ip("127.0.0.1", "127.0.0.1"));
|
||||
/// assert!(!match_ip("127.0.0.1", "127.0.0.2"));
|
||||
/// assert!(match_ip("127.0.0.*", "127.0.0.2"));
|
||||
/// assert!(!match_ip("127.0.0.*", "187.0.0.2"));
|
||||
/// ```
|
||||
///
|
||||
pub fn match_ip(pattern: &str, ip: &str) -> bool {
|
||||
if pattern.eq(ip) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if pattern.ends_with("*") && ip.starts_with(&pattern.replace("*", "")){
|
||||
return true;
|
||||
}
|
||||
|
||||
false
|
||||
}
|
Loading…
Reference in New Issue
Block a user