Add a system to restrict untrusted IPs

virtweb_backend/src/app_config.rs

@@ -1,6 +1,8 @@
 use crate::libvirt_lib_structures::XMLUuid;
 use clap::Parser;
+use std::net::IpAddr;
 use std::path::{Path, PathBuf};
+use std::str::FromStr;
 
 /// VirtWeb backend API
 #[derive(Parser, Debug, Clone)]
@@ -85,6 +87,11 @@ pub struct AppConfig {
     /// Hypervisor URI. If not specified, "" will be used instead
     #[arg(long, env)]
     pub hypervisor_uri: Option<String>,
+
+    /// Trusted network. If set, a client from a different will not be able to perform request other
+    /// than those with GET verb (aside for login)
+    #[arg(long, env)]
+    pub trusted_network: Vec<String>,
 }
 
 lazy_static::lazy_static! {
@@ -131,6 +138,23 @@ impl AppConfig {
         self.auth_username == user && self.auth_password == pass
     }
 
+    /// Check if an IP belongs to a trusted network or not
+    pub fn is_trusted_ip(&self, ip: IpAddr) -> bool {
+        if self.trusted_network.is_empty() {
+            return true;
+        }
+
+        for i in &self.trusted_network {
+            let net = ipnetwork::IpNetwork::from_str(i).expect("Trusted network is invalid!");
+
+            if net.contains(ip) {
+                return true;
+            }
+        }
+
+        false
+    }
+
     /// Get OpenID providers configuration
     pub fn openid_provider(&self) -> Option<OIDCProvider<'_>> {
         if self.disable_oidc {