@ -103,10 +103,15 @@ pub struct AppConfig {
|
||||
#[arg(short = 'H', long, env)]
|
||||
pub hypervisor_uri: Option<String>,
|
||||
|
||||
/// Trusted network. If set, a client from a different will not be able to perform request other
|
||||
/// than those with GET verb (aside for login)
|
||||
/// Trusted network. If set, a client (user) from a different network will not be able to perform
|
||||
/// request other than those with GET verb (aside for login)
|
||||
#[arg(short = 'T', long, env)]
|
||||
pub trusted_network: Vec<String>,
|
||||
|
||||
/// Comma-separated list of allowed networks. If set, a client (user or API token) from a
|
||||
/// different network will not be able to access VirtWeb
|
||||
#[arg(short = 'A', long, env)]
|
||||
pub allowed_networks: Vec<String>,
|
||||
}
|
||||
|
||||
lazy_static::lazy_static! {
|
||||
@ -190,6 +195,25 @@ impl AppConfig {
|
||||
false
|
||||
}
|
||||
|
||||
/// Check if an IP belongs to an allowed network or not
|
||||
pub fn is_allowed_ip(&self, ip: IpAddr) -> bool {
|
||||
if self.allowed_networks.is_empty() {
|
||||
return true;
|
||||
}
|
||||
|
||||
for i in &self.allowed_networks {
|
||||
for sub_i in i.split(',') {
|
||||
let net =
|
||||
ipnetwork::IpNetwork::from_str(sub_i).expect("Allowed network is invalid!");
|
||||
if net.contains(ip) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
false
|
||||
}
|
||||
|
||||
/// Get OpenID providers configuration
|
||||
pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
|
||||
if self.disable_oidc {
|
||||
|
Reference in New Issue
Block a user