Can set a list of allowed IP
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
9d738285ab
commit
9365e9afdf
@ -17,6 +17,7 @@ Please refer to this guide: [virtweb_docs/SETUP_PROD.md](virtweb_docs/SETUP_PROD
|
|||||||
* Start & stop networks
|
* Start & stop networks
|
||||||
* Create, update & delete network filters
|
* Create, update & delete network filters
|
||||||
* Upload ISO for easy VM installation
|
* Upload ISO for easy VM installation
|
||||||
|
* API tokens for system interconnection
|
||||||
|
|
||||||
## Screenshot
|
## Screenshot
|
||||||
|
|
||||||
|
|||||||
@ -103,10 +103,15 @@ pub struct AppConfig {
|
|||||||
#[arg(short = 'H', long, env)]
|
#[arg(short = 'H', long, env)]
|
||||||
pub hypervisor_uri: Option<String>,
|
pub hypervisor_uri: Option<String>,
|
||||||
|
|
||||||
/// Trusted network. If set, a client from a different will not be able to perform request other
|
/// Trusted network. If set, a client (user) from a different network will not be able to perform
|
||||||
/// than those with GET verb (aside for login)
|
/// request other than those with GET verb (aside for login)
|
||||||
#[arg(short = 'T', long, env)]
|
#[arg(short = 'T', long, env)]
|
||||||
pub trusted_network: Vec<String>,
|
pub trusted_network: Vec<String>,
|
||||||
|
|
||||||
|
/// Comma-separated list of allowed networks. If set, a client (user or API token) from a
|
||||||
|
/// different network will not be able to access VirtWeb
|
||||||
|
#[arg(short = 'A', long, env)]
|
||||||
|
pub allowed_networks: Vec<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
lazy_static::lazy_static! {
|
lazy_static::lazy_static! {
|
||||||
@ -190,6 +195,25 @@ impl AppConfig {
|
|||||||
false
|
false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Check if an IP belongs to an allowed network or not
|
||||||
|
pub fn is_allowed_ip(&self, ip: IpAddr) -> bool {
|
||||||
|
if self.allowed_networks.is_empty() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
for i in &self.allowed_networks {
|
||||||
|
for sub_i in i.split(',') {
|
||||||
|
let net =
|
||||||
|
ipnetwork::IpNetwork::from_str(sub_i).expect("Allowed network is invalid!");
|
||||||
|
if net.contains(ip) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
/// Get OpenID providers configuration
|
/// Get OpenID providers configuration
|
||||||
pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
|
pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
|
||||||
if self.disable_oidc {
|
if self.disable_oidc {
|
||||||
|
|||||||
@ -67,6 +67,16 @@ where
|
|||||||
.await
|
.await
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
|
if !AppConfig::get().is_allowed_ip(remote_ip.0) {
|
||||||
|
log::error!("An attempt to access VirtWeb from an unauthorized network has been intercepted! {:?}", remote_ip);
|
||||||
|
return Ok(req
|
||||||
|
.into_response(
|
||||||
|
HttpResponse::MethodNotAllowed()
|
||||||
|
.json("I am sorry, but your IP is not allowed to access this service!"),
|
||||||
|
)
|
||||||
|
.map_into_right_body());
|
||||||
|
}
|
||||||
|
|
||||||
let auth_disabled = AppConfig::get().unsecure_disable_auth;
|
let auth_disabled = AppConfig::get().unsecure_disable_auth;
|
||||||
|
|
||||||
// Check API authentication
|
// Check API authentication
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user