mirror of
https://gitlab.com/comunic/comunicapiv3
synced 2024-11-26 07:19:22 +00:00
Accept wider range of IP for proxies and RTC relay
This commit is contained in:
parent
c782f64602
commit
36bfe8e24e
@ -13,6 +13,7 @@ use crate::data::config::conf;
|
|||||||
use crate::data::error::{ExecError, Res};
|
use crate::data::error::{ExecError, Res};
|
||||||
use crate::helpers::events_helper;
|
use crate::helpers::events_helper;
|
||||||
use crate::helpers::events_helper::Event;
|
use crate::helpers::events_helper::Event;
|
||||||
|
use crate::utils::network_utils::match_ip;
|
||||||
|
|
||||||
struct RtcRelayActor {}
|
struct RtcRelayActor {}
|
||||||
|
|
||||||
@ -245,7 +246,7 @@ pub async fn open_ws(req: actix_web::HttpRequest,
|
|||||||
let conf = conf().rtc_relay.as_ref().unwrap();
|
let conf = conf().rtc_relay.as_ref().unwrap();
|
||||||
|
|
||||||
// Check remote IP address
|
// Check remote IP address
|
||||||
if !ip.ip().to_string().eq(&conf.ip) {
|
if !match_ip(&conf.ip, ip.ip().to_string().as_str()) {
|
||||||
eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip);
|
eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip);
|
||||||
return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!"));
|
return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!"));
|
||||||
}
|
}
|
||||||
|
@ -15,6 +15,7 @@ use crate::data::error::{Res, ResultBoxError};
|
|||||||
use crate::data::user_token::UserAccessToken;
|
use crate::data::user_token::UserAccessToken;
|
||||||
use crate::helpers::{account_helper, admin_access_token_helper, api_helper};
|
use crate::helpers::{account_helper, admin_access_token_helper, api_helper};
|
||||||
use crate::routes::RequestResult;
|
use crate::routes::RequestResult;
|
||||||
|
use crate::utils::network_utils::match_ip;
|
||||||
|
|
||||||
/// Http request handler
|
/// Http request handler
|
||||||
///
|
///
|
||||||
@ -183,7 +184,7 @@ impl BaseRequestHandler for HttpRequestHandler {
|
|||||||
|
|
||||||
// We check if the request comes from a trusted reverse proxy
|
// We check if the request comes from a trusted reverse proxy
|
||||||
if let Some(proxy) = conf().proxy.as_ref() {
|
if let Some(proxy) = conf().proxy.as_ref() {
|
||||||
if ip.eq(proxy) {
|
if match_ip(proxy, &ip) {
|
||||||
if let Some(header) = self.request.headers().get("X-Forwarded-For") {
|
if let Some(header) = self.request.headers().get("X-Forwarded-For") {
|
||||||
let header: Vec<String> = header
|
let header: Vec<String> = header
|
||||||
.to_str()
|
.to_str()
|
||||||
|
@ -12,3 +12,4 @@ pub mod mp3_utils;
|
|||||||
pub mod mp4_utils;
|
pub mod mp4_utils;
|
||||||
pub mod zip_utils;
|
pub mod zip_utils;
|
||||||
pub mod webpage_utils;
|
pub mod webpage_utils;
|
||||||
|
pub mod network_utils;
|
28
src/utils/network_utils.rs
Normal file
28
src/utils/network_utils.rs
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
//! # Network utilities
|
||||||
|
//!
|
||||||
|
//! @author Pierre Hubert
|
||||||
|
|
||||||
|
/// Check whether an IP address matches a given pattern. Pattern can be either:
|
||||||
|
/// * An IP address
|
||||||
|
/// * An IP mask ending with a star (*)
|
||||||
|
///
|
||||||
|
/// ```
|
||||||
|
/// use comunic_server::utils::network_utils::match_ip;
|
||||||
|
///
|
||||||
|
/// assert!(match_ip("127.0.0.1", "127.0.0.1"));
|
||||||
|
/// assert!(!match_ip("127.0.0.1", "127.0.0.2"));
|
||||||
|
/// assert!(match_ip("127.0.0.*", "127.0.0.2"));
|
||||||
|
/// assert!(!match_ip("127.0.0.*", "187.0.0.2"));
|
||||||
|
/// ```
|
||||||
|
///
|
||||||
|
pub fn match_ip(pattern: &str, ip: &str) -> bool {
|
||||||
|
if pattern.eq(ip) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if pattern.ends_with("*") && ip.starts_with(&pattern.replace("*", "")){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
false
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user