simplify functions
This commit is contained in:
parent
627138544f
commit
fef8ca84f4
@ -10,7 +10,7 @@ use crate::constants::{APP_NAME, MAX_FAILED_LOGIN_ATTEMPTS, MIN_PASS_LEN};
|
|||||||
use crate::controllers::base_controller::{FatalErrorPage, redirect_user};
|
use crate::controllers::base_controller::{FatalErrorPage, redirect_user};
|
||||||
use crate::data::app_config::AppConfig;
|
use crate::data::app_config::AppConfig;
|
||||||
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
||||||
use crate::utils::network_utils::{get_remote_ip, parse_ip};
|
use crate::utils::network_utils::get_remote_ip;
|
||||||
|
|
||||||
#[derive(Template)]
|
#[derive(Template)]
|
||||||
#[template(path = "base_login_page.html")]
|
#[template(path = "base_login_page.html")]
|
||||||
@ -62,14 +62,7 @@ pub async fn login_route(
|
|||||||
let mut success = String::new();
|
let mut success = String::new();
|
||||||
let mut login = String::new();
|
let mut login = String::new();
|
||||||
|
|
||||||
let remote_ip = match parse_ip(&get_remote_ip(&http_req, config.proxy_ip.as_deref())) {
|
let remote_ip = get_remote_ip(&http_req, config.proxy_ip.as_deref());
|
||||||
None => return HttpResponse::InternalServerError().body(
|
|
||||||
FatalErrorPage {
|
|
||||||
message: "Failed to determine remote ip address!"
|
|
||||||
}.render().unwrap()
|
|
||||||
),
|
|
||||||
Some(i) => i,
|
|
||||||
};
|
|
||||||
|
|
||||||
let failed_attempts = bruteforce.send(bruteforce_actor::CountFailedAttempt { ip: remote_ip })
|
let failed_attempts = bruteforce.send(bruteforce_actor::CountFailedAttempt { ip: remote_ip })
|
||||||
.await.unwrap();
|
.await.unwrap();
|
||||||
|
@ -18,19 +18,23 @@ pub fn match_ip(pattern: &str, ip: &str) -> bool {
|
|||||||
|
|
||||||
|
|
||||||
/// Get the remote IP address
|
/// Get the remote IP address
|
||||||
pub fn get_remote_ip(req: &HttpRequest, proxy_ip: Option<&str>) -> String {
|
pub fn get_remote_ip(req: &HttpRequest, proxy_ip: Option<&str>) -> IpAddr {
|
||||||
let mut ip = req.peer_addr().unwrap().ip().to_string();
|
let mut ip = req.peer_addr().unwrap().ip();
|
||||||
|
|
||||||
// We check if the request comes from a trusted reverse proxy
|
// We check if the request comes from a trusted reverse proxy
|
||||||
if let Some(proxy) = proxy_ip.as_ref() {
|
if let Some(proxy) = proxy_ip.as_ref() {
|
||||||
if match_ip(proxy, &ip) {
|
if match_ip(proxy, &ip.to_string()) {
|
||||||
if let Some(header) = req.headers().get("X-Forwarded-For") {
|
if let Some(header) = req.headers().get("X-Forwarded-For") {
|
||||||
let header = header.to_str().unwrap();
|
let header = header.to_str().unwrap();
|
||||||
|
|
||||||
if let Some((upstream_ip, _)) = header.split_once(',') {
|
let remote_ip = if let Some((upstream_ip, _)) = header.split_once(',') {
|
||||||
ip = upstream_ip.to_string();
|
upstream_ip
|
||||||
} else {
|
} else {
|
||||||
ip = header.to_string();
|
header
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Some(upstream_ip) = parse_ip(remote_ip) {
|
||||||
|
ip = upstream_ip;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -74,7 +78,7 @@ mod test {
|
|||||||
let req = TestRequest::default()
|
let req = TestRequest::default()
|
||||||
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
.to_http_request();
|
.to_http_request();
|
||||||
assert_eq!(get_remote_ip(&req, None), "192.168.1.1");
|
assert_eq!(get_remote_ip(&req, None), "192.168.1.1".parse::<IpAddr>().unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@ -83,7 +87,7 @@ mod test {
|
|||||||
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
.insert_header(("X-Forwarded-For", "1.1.1.1"))
|
.insert_header(("X-Forwarded-For", "1.1.1.1"))
|
||||||
.to_http_request();
|
.to_http_request();
|
||||||
assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1");
|
assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1".parse::<IpAddr>().unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@ -92,7 +96,16 @@ mod test {
|
|||||||
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
||||||
.to_http_request();
|
.to_http_request();
|
||||||
assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1");
|
assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "1.1.1.1".parse::<IpAddr>().unwrap());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_get_remote_ip_from_proxy_ipv6() {
|
||||||
|
let req = TestRequest::default()
|
||||||
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
|
.insert_header(("X-Forwarded-For", "10::1, 1.2.2.2"))
|
||||||
|
.to_http_request();
|
||||||
|
assert_eq!(get_remote_ip(&req, Some("192.168.1.1")), "10::".parse::<IpAddr>().unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@ -101,7 +114,7 @@ mod test {
|
|||||||
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
||||||
.to_http_request();
|
.to_http_request();
|
||||||
assert_eq!(get_remote_ip(&req, None), "192.168.1.1");
|
assert_eq!(get_remote_ip(&req, None), "192.168.1.1".parse::<IpAddr>().unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@ -110,7 +123,7 @@ mod test {
|
|||||||
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
.peer_addr(SocketAddr::from_str("192.168.1.1:1000").unwrap())
|
||||||
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
.insert_header(("X-Forwarded-For", "1.1.1.1, 1.2.2.2"))
|
||||||
.to_http_request();
|
.to_http_request();
|
||||||
assert_eq!(get_remote_ip(&req, Some("192.168.1.2")), "192.168.1.1");
|
assert_eq!(get_remote_ip(&req, Some("192.168.1.2")), "192.168.1.1".parse::<IpAddr>().unwrap());
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
Loading…
Reference in New Issue
Block a user