Comunic/comunicapiv3
1
0
Fork 0
mirror of https://gitlab.com/comunic/comunicapiv3 synced 2024-11-22 13:29:21 +00:00
Code Issues Projects Releases Wiki Activity

Accept wider range of IP for proxies and RTC relay

Browse Source
This commit is contained in:
Pierre HUBERT 2021-10-16 21:55:29 +02:00
parent c782f64602
commit 36bfe8e24e
4 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/controllers/rtc_relay_controller.rs
View File

@ -13,6 +13,7 @@ use crate::data::config::conf;
use crate::data::error::{ExecError, Res}; use crate::data::error::{ExecError, Res};
use crate::helpers::events_helper; use crate::helpers::events_helper;
use crate::helpers::events_helper::Event; use crate::helpers::events_helper::Event;
use crate::utils::network_utils::match_ip;
struct RtcRelayActor {} struct RtcRelayActor {}
@ -245,7 +246,7 @@ pub async fn open_ws(req: actix_web::HttpRequest,
let conf = conf().rtc_relay.as_ref().unwrap(); let conf = conf().rtc_relay.as_ref().unwrap();
// Check remote IP address // Check remote IP address
if !ip.ip().to_string().eq(&conf.ip) { if !match_ip(&conf.ip, ip.ip().to_string().as_str()) {
eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip); eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip);
return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!")); return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!"));
} }

3
src/data/http_request_handler.rs
View File

@ -15,6 +15,7 @@ use crate::data::error::{Res, ResultBoxError};
use crate::data::user_token::UserAccessToken; use crate::data::user_token::UserAccessToken;
use crate::helpers::{account_helper, admin_access_token_helper, api_helper}; use crate::helpers::{account_helper, admin_access_token_helper, api_helper};
use crate::routes::RequestResult; use crate::routes::RequestResult;
use crate::utils::network_utils::match_ip;
/// Http request handler /// Http request handler
/// ///
@ -183,7 +184,7 @@ impl BaseRequestHandler for HttpRequestHandler {
// We check if the request comes from a trusted reverse proxy // We check if the request comes from a trusted reverse proxy
if let Some(proxy) = conf().proxy.as_ref() { if let Some(proxy) = conf().proxy.as_ref() {
if ip.eq(proxy) { if match_ip(proxy, &ip) {
if let Some(header) = self.request.headers().get("X-Forwarded-For") { if let Some(header) = self.request.headers().get("X-Forwarded-For") {
let header: Vec<String> = header let header: Vec<String> = header
.to_str() .to_str()

3
src/utils/mod.rs
View File

@ -11,4 +11,5 @@ pub mod pdf_utils;
pub mod mp3_utils; pub mod mp3_utils;
pub mod mp4_utils; pub mod mp4_utils;
pub mod zip_utils; pub mod zip_utils;
pub mod webpage_utils; pub mod webpage_utils;
pub mod network_utils;

28
src/utils/network_utils.rs Normal file
View File

@ -0,0 +1,28 @@
//! # Network utilities
//!
//! @author Pierre Hubert
/// Check whether an IP address matches a given pattern. Pattern can be either:
/// * An IP address
/// * An IP mask ending with a star (*)
///
/// ```
/// use comunic_server::utils::network_utils::match_ip;
///
/// assert!(match_ip("127.0.0.1", "127.0.0.1"));
/// assert!(!match_ip("127.0.0.1", "127.0.0.2"));
/// assert!(match_ip("127.0.0.*", "127.0.0.2"));
/// assert!(!match_ip("127.0.0.*", "187.0.0.2"));
/// ```
///
pub fn match_ip(pattern: &str, ip: &str) -> bool {
if pattern.eq(ip) {
return true;
}
if pattern.ends_with("*") && ip.starts_with(&pattern.replace("*", "")){
return true;
}
false
}