Enable bruteforce protection on login endpoint
This commit is contained in:
@ -1,2 +1,3 @@
|
||||
pub mod err;
|
||||
pub mod time;
|
||||
pub mod network_utils;
|
||||
102
src/utils/network_utils.rs
Normal file
102
src/utils/network_utils.rs
Normal file
@ -0,0 +1,102 @@
|
||||
use std::net::{IpAddr, Ipv6Addr};
|
||||
use std::str::FromStr;
|
||||
|
||||
use actix_web::HttpRequest;
|
||||
|
||||
/// Check if two ips matches
|
||||
pub fn match_ip(pattern: &str, ip: &str) -> bool {
|
||||
if pattern.eq(ip) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if pattern.ends_with('*') && ip.starts_with(&pattern.replace('*', "")) {
|
||||
return true;
|
||||
}
|
||||
|
||||
false
|
||||
}
|
||||
|
||||
|
||||
/// Get the remote IP address
|
||||
pub fn get_remote_ip(req: &HttpRequest, proxy_ip: Option<&str>) -> String {
|
||||
let mut ip = req.peer_addr().unwrap().ip().to_string();
|
||||
|
||||
// We check if the request comes from a trusted reverse proxy
|
||||
if let Some(proxy) = proxy_ip.as_ref() {
|
||||
if match_ip(proxy, &ip) {
|
||||
if let Some(header) = req.headers().get("X-Forwarded-For") {
|
||||
let header: Vec<String> = header
|
||||
.to_str()
|
||||
.unwrap()
|
||||
.to_string()
|
||||
.split(',')
|
||||
.map(|f| f.to_string())
|
||||
.collect();
|
||||
|
||||
if !header.is_empty() {
|
||||
ip = header[0].to_string();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ip
|
||||
}
|
||||
|
||||
/// Parse an IP address
|
||||
pub fn parse_ip(ip: &str) -> Option<IpAddr> {
|
||||
let mut ip = match IpAddr::from_str(ip) {
|
||||
Ok(ip) => ip,
|
||||
Err(e) => {
|
||||
log::warn!("Failed to parse an IP address: {}", e);
|
||||
return None;
|
||||
}
|
||||
};
|
||||
|
||||
if let IpAddr::V6(ipv6) = &mut ip {
|
||||
let mut octets = ipv6.octets();
|
||||
for i in 8..16 {
|
||||
octets[i] = 0;
|
||||
}
|
||||
ip = IpAddr::V6(Ipv6Addr::from(octets));
|
||||
}
|
||||
|
||||
Some(ip)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
|
||||
|
||||
use crate::utils::network_utils::parse_ip;
|
||||
|
||||
#[test]
|
||||
fn parse_bad_ip() {
|
||||
let ip = parse_ip("badbad");
|
||||
assert_eq!(None, ip);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_ip_v4_address() {
|
||||
let ip = parse_ip("192.168.1.1").unwrap();
|
||||
assert_eq!(ip, IpAddr::V4(Ipv4Addr::new(192, 168, 1, 1)));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_ip_v6_address() {
|
||||
let ip = parse_ip("2a00:1450:4007:813::200e").unwrap();
|
||||
assert_eq!(ip, IpAddr::V6(Ipv6Addr::new(0x2a00, 0x1450, 0x4007, 0x813, 0, 0, 0, 0)));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_ip_v6_address_2() {
|
||||
let ip = parse_ip("::1").unwrap();
|
||||
assert_eq!(ip, IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 0)));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_ip_v6_address_3() {
|
||||
let ip = parse_ip("a::1").unwrap();
|
||||
assert_eq!(ip, IpAddr::V6(Ipv6Addr::new(0xa, 0, 0, 0, 0, 0, 0, 0)));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user