Accept wider range of IP for proxies and RTC relay

2024-11-22 13:29:21 +00:00 · 2021-10-16 21:55:29 +02:00 · 2021-10-16 21:55:29 +02:00 · 36bfe8e24e
commit 36bfe8e24e
parent c782f64602
4 changed files with 34 additions and 3 deletions
--- a/src/controllers/rtc_relay_controller.rs
+++ b/src/controllers/rtc_relay_controller.rs
@ -13,6 +13,7 @@ use crate::data::config::conf;
 use crate::data::error::{ExecError, Res};
 use crate::helpers::events_helper;
 use crate::helpers::events_helper::Event;
+use crate::utils::network_utils::match_ip;

 struct RtcRelayActor {}

@ -245,7 +246,7 @@ pub async fn open_ws(req: actix_web::HttpRequest,
    let conf = conf().rtc_relay.as_ref().unwrap();

    // Check remote IP address
-    if !ip.ip().to_string().eq(&conf.ip) {
+    if !match_ip(&conf.ip, ip.ip().to_string().as_str()) {
        eprintln!("A relay from {} tried to connect to the server but the IP address is not authorized!", ip);
        return Ok(actix_web::HttpResponse::Unauthorized().body("Access denied!"));
    }
--- a/src/data/http_request_handler.rs
+++ b/src/data/http_request_handler.rs
@ -15,6 +15,7 @@ use crate::data::error::{Res, ResultBoxError};
 use crate::data::user_token::UserAccessToken;
 use crate::helpers::{account_helper, admin_access_token_helper, api_helper};
 use crate::routes::RequestResult;
+use crate::utils::network_utils::match_ip;

 /// Http request handler
 ///
@ -183,7 +184,7 @@ impl BaseRequestHandler for HttpRequestHandler {

        // We check if the request comes from a trusted reverse proxy
        if let Some(proxy) = conf().proxy.as_ref() {
-            if ip.eq(proxy) {
+            if match_ip(proxy, &ip) {
                if let Some(header) = self.request.headers().get("X-Forwarded-For") {
                    let header: Vec<String> = header
                        .to_str()
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@ -12,3 +12,4 @@ pub mod mp3_utils;
 pub mod mp4_utils;
 pub mod zip_utils;
 pub mod webpage_utils;
+pub mod network_utils;
--- a/src/utils/network_utils.rs
+++ b/src/utils/network_utils.rs
@ -0,0 +1,28 @@
+//! # Network utilities
+//!
+//! @author Pierre Hubert
+
+/// Check whether an IP address matches a given pattern. Pattern can be either:
+/// * An IP address
+/// * An IP mask ending with a star (*)
+///
+/// ```
+/// use comunic_server::utils::network_utils::match_ip;
+///
+/// assert!(match_ip("127.0.0.1", "127.0.0.1"));
+/// assert!(!match_ip("127.0.0.1", "127.0.0.2"));
+/// assert!(match_ip("127.0.0.*", "127.0.0.2"));
+/// assert!(!match_ip("127.0.0.*", "187.0.0.2"));
+/// ```
+///
+pub fn match_ip(pattern: &str, ip: &str) -> bool {
+    if pattern.eq(ip) {
+        return true;
+    }
+
+    if pattern.ends_with("*") && ip.starts_with(&pattern.replace("*", "")){
+        return true;
+    }
+
+    false
+}