1
mirror of https://github.com/xddxdd/bird-lg-go synced 2025-10-24 04:42:12 +02:00

32 Commits

Author SHA1 Message Date
Lan Tian
86129190ab release: v1.3.5 2024-01-01 14:43:25 -08:00
Lan Tian
ff55064a20 frontend: adjust navbar display of many servers 2023-12-31 16:31:56 -08:00
dependabot[bot]
dbb02c04ed Merge pull request #95 from xddxdd/dependabot/go_modules/proxy/github.com/spf13/viper-1.18.2 2023-12-19 00:50:09 +00:00
dependabot[bot]
c2b7de2e17 build(deps): bump github.com/spf13/viper from 1.18.1 to 1.18.2 in /proxy
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 00:48:47 +00:00
dependabot[bot]
c1b578e8db Merge pull request #94 from xddxdd/dependabot/go_modules/frontend/github.com/spf13/viper-1.18.2 2023-12-19 00:28:10 +00:00
dependabot[bot]
7b0e5689d4 build(deps): bump github.com/spf13/viper in /frontend
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.1 to 1.18.2.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 00:26:13 +00:00
dependabot[bot]
3c46bda49d Merge pull request #93 from xddxdd/dependabot/go_modules/frontend/github.com/spf13/viper-1.18.1 2023-12-11 00:45:58 +00:00
dependabot[bot]
32e00d2ce3 build(deps): bump github.com/spf13/viper in /frontend
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 00:44:41 +00:00
dependabot[bot]
a19750cdef Merge pull request #92 from xddxdd/dependabot/go_modules/proxy/github.com/spf13/viper-1.18.1 2023-12-11 00:04:27 +00:00
dependabot[bot]
7f1cdaa4ee build(deps): bump github.com/spf13/viper from 1.18.0 to 1.18.1 in /proxy
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-11 00:03:09 +00:00
Lan Tian
2d2193041e release: v1.3.4 2023-12-06 23:54:47 -08:00
dependabot[bot]
aad8ee98d7 Merge pull request #91 from xddxdd/dependabot/go_modules/frontend/github.com/spf13/viper-1.18.0 2023-12-07 00:58:49 +00:00
dependabot[bot]
00b5c12787 build(deps): bump github.com/spf13/viper in /frontend
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 00:57:01 +00:00
dependabot[bot]
55a1eb54fd Merge pull request #90 from xddxdd/dependabot/go_modules/proxy/github.com/spf13/viper-1.18.0 2023-12-07 00:33:12 +00:00
dependabot[bot]
0594edc69d build(deps): bump github.com/spf13/viper from 1.17.0 to 1.18.0 in /proxy
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 00:31:37 +00:00
Lan Tian
38bf6aba09 frontend: fix unit tests 2023-11-25 10:47:37 -08:00
Lan Tian
d261c22235 frontend: add connection timeout 2023-11-25 10:30:13 -08:00
dependabot[bot]
19aa8c77c5 Merge pull request #88 from xddxdd/dependabot/go_modules/frontend/github.com/gorilla/handlers-1.5.2 2023-11-06 01:01:43 +00:00
dependabot[bot]
fe07ebb5a5 build(deps): bump github.com/gorilla/handlers in /frontend
Bumps [github.com/gorilla/handlers](https://github.com/gorilla/handlers) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/gorilla/handlers/releases)
- [Commits](https://github.com/gorilla/handlers/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/handlers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 01:00:08 +00:00
dependabot[bot]
66547ebfa9 Merge pull request #87 from xddxdd/dependabot/go_modules/proxy/github.com/gorilla/handlers-1.5.2 2023-11-06 00:24:24 +00:00
dependabot[bot]
d253e4311b build(deps): bump github.com/gorilla/handlers in /proxy
Bumps [github.com/gorilla/handlers](https://github.com/gorilla/handlers) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/gorilla/handlers/releases)
- [Commits](https://github.com/gorilla/handlers/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/handlers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-06 00:22:00 +00:00
Lan Tian
026498ba2f general: auto merge updates from dependabot 2023-10-24 23:32:55 -07:00
Lan Tian
27c348a864 release: v1.3.3 2023-10-21 00:03:02 -07:00
Lan Tian
43b4ad93dd general: only build docker develop images on master branch push 2023-10-08 21:08:07 -07:00
dependabot[bot]
6176c45006 build(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 in /proxy (#86)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-08 21:04:12 -07:00
dependabot[bot]
47113184f4 build(deps): bump github.com/spf13/viper in /frontend (#85)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-08 21:04:04 -07:00
Simon Marsh
3c9a3e4339 Enable proxy to allow access by CIDR network as well as IP (#84) 2023-10-04 21:33:37 -07:00
Lan Tian
8457b18d46 release: v1.3.2.2 2023-09-09 01:44:16 -07:00
Lan Tian
f8f64b03a6 general: add tag for release Docker images 2023-09-09 01:42:38 -07:00
Lan Tian
cc818c1cc0 release: v1.3.2.1 2023-09-09 01:33:24 -07:00
Lan Tian
6224b43808 general: update GitHub actions 2023-09-09 01:32:56 -07:00
Lan Tian
17e0b14243 general: update GitHub actions 2023-09-09 01:29:49 -07:00
16 changed files with 1774 additions and 187 deletions

16
.github/workflows/auto-merge.yml vendored Normal file
View File

@@ -0,0 +1,16 @@
name: auto-merge
on:
pull_request_target:
jobs:
auto-merge:
name: Dependabot Auto Merge
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
steps:
- uses: actions/checkout@v2
- uses: ahmadnassri/action-dependabot-auto-merge@v2
with:
target: minor
github-token: ${{ secrets.AUTOMERGE_TOKEN }}

View File

@@ -1,7 +1,7 @@
on:
push:
branches:
- '**'
- 'master'
pull_request:
branches:
- 'master'

View File

@@ -7,6 +7,7 @@ jobs:
name: Release Go Binary
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
goos: [linux, windows, darwin]
goarch: ["386", amd64, "arm", arm64]
@@ -22,7 +23,7 @@ jobs:
uses: actions/checkout@v3
- name: Release frontend
uses: wangyoucao577/go-release-action@v1.34
uses: wangyoucao577/go-release-action@v1.40
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
@@ -31,7 +32,7 @@ jobs:
binary_name: "bird-lg-go"
- name: Release proxy
uses: wangyoucao577/go-release-action@v1.34
uses: wangyoucao577/go-release-action@v1.40
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
@@ -69,7 +70,9 @@ jobs:
push: true
tags: |
xddxdd/bird-lg-go:latest
xddxdd/bird-lg-go:${{ github.event.release.tag_name }}
ghcr.io/xddxdd/bird-lg-go:frontend
ghcr.io/xddxdd/bird-lg-go:frontend-${{ github.event.release.tag_name }}
- name: Build proxy docker image
uses: docker/build-push-action@v4
@@ -79,4 +82,6 @@ jobs:
push: true
tags: |
xddxdd/bird-lgproxy-go:latest
xddxdd/bird-lgproxy-go:${{ github.event.release.tag_name }}
ghcr.io/xddxdd/bird-lg-go:proxy
ghcr.io/xddxdd/bird-lg-go:proxy-${{ github.event.release.tag_name }}

View File

@@ -125,7 +125,7 @@ Configuration is handled by [viper](https://github.com/spf13/viper), any config
| Config Key | Parameter | Environment Variable | Description |
| ---------- | --------- | -------------------- | ----------- |
| allowed_ips | --allowed | ALLOWED_IPS | IPs allowed to access this proxy, separated by commas. Don't set to allow all IPs. (default "") |
| allowed_ips | --allowed | ALLOWED_IPS | IPs or networks allowed to access this proxy, separated by commas. Don't set to allow all IPs. (default "") |
| bird_socket | --bird | BIRD_SOCKET | socket file for bird, set either in parameter or environment variable BIRD_SOCKET (default "/var/run/bird/bird.ctl") |
| listen | --listen | BIRDLG_PROXY_PORT | listen address, set either in parameter or environment variable BIRDLG_PROXY_PORT(default "8000") |
| traceroute_bin | --traceroute_bin | BIRDLG_TRACEROUTE_BIN | traceroute binary file, set either in parameter or environment variable BIRDLG_TRACEROUTE_BIN |

View File

@@ -1 +1 @@
v1.3.2
v1.3.5

View File

@@ -8,6 +8,19 @@
<meta name="renderer" content="webkit">
<title>{{ html .Title }}</title>
<link rel="stylesheet" href="/static/jsdelivr/npm/bootstrap@4.5.1/dist/css/bootstrap.min.css" integrity="sha256-VoFZSlmyTXsegReQCNmbXrS4hBBUl/cexZvPmPWoJsY=" crossorigin="anonymous">
<style>
.navbar-nav {
flex-wrap: wrap;
}
@media (min-width: 768px) {
.navbar form {
min-width: 400px;
}
.nav-link {
padding: 0.2rem 0.5rem !important;
}
}
</style>
<meta name="robots" content="noindex, nofollow">
</head>
<body>

View File

@@ -4,26 +4,30 @@ go 1.17
require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
github.com/gorilla/handlers v1.5.1
github.com/gorilla/handlers v1.5.2
github.com/jarcoal/httpmock v1.3.1
github.com/magiconair/properties v1.8.7
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.16.0
github.com/spf13/viper v1.18.2
)
require (
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

File diff suppressed because it is too large Load Diff

View File

@@ -2,11 +2,14 @@ package main
import (
"io"
"net"
"net/http"
"net/url"
"strconv"
"strings"
"time"
"github.com/jarcoal/httpmock"
)
type channelData struct {
@@ -14,6 +17,29 @@ type channelData struct {
data string
}
func createConnectionTimeoutRoundTripper(timeout int) http.RoundTripper {
context := net.Dialer{
Timeout: time.Duration(timeout) * time.Second,
}
// Prefer httpmock's transport if activated, so unit tests can work
if http.DefaultTransport == httpmock.DefaultTransport {
return httpmock.DefaultTransport
}
return &http.Transport{
DialContext: context.DialContext,
// Default options from transport.go
Proxy: http.ProxyFromEnvironment,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
}
// Send commands to lgproxy instances in parallel, and retrieve their responses
func batchRequest(servers []string, endpoint string, command string) []string {
// Channel and array for storing responses
@@ -47,7 +73,10 @@ func batchRequest(servers []string, endpoint string, command string) []string {
}
url := "http://" + hostname + ":" + strconv.Itoa(setting.proxyPort) + "/" + url.PathEscape(endpoint) + "?q=" + url.QueryEscape(command)
go func(url string, i int) {
client := http.Client{Timeout: time.Duration(setting.timeOut) * time.Second}
client := http.Client{
Transport: createConnectionTimeoutRoundTripper(setting.connectionTimeOut),
Timeout: time.Duration(setting.timeOut) * time.Second,
}
response, err := client.Get(url)
if err != nil {
ch <- channelData{i, "request failed: " + err.Error() + "\n"}

View File

@@ -7,24 +7,25 @@ import (
)
type settingType struct {
servers []string
serversDisplay []string
domain string
proxyPort int
whoisServer string
listen string
dnsInterface string
netSpecificMode string
titleBrand string
navBarBrand string
navBarBrandURL string
navBarAllServer string
navBarAllURL string
bgpmapInfo string
telegramBotName string
protocolFilter []string
nameFilter string
timeOut int
servers []string
serversDisplay []string
domain string
proxyPort int
whoisServer string
listen string
dnsInterface string
netSpecificMode string
titleBrand string
navBarBrand string
navBarBrandURL string
navBarAllServer string
navBarAllURL string
bgpmapInfo string
telegramBotName string
protocolFilter []string
nameFilter string
timeOut int
connectionTimeOut int
}
var setting settingType

View File

@@ -9,23 +9,24 @@ import (
)
type viperSettingType struct {
Servers string `mapstructure:"servers"`
Domain string `mapstructure:"domain"`
ProxyPort int `mapstructure:"proxy_port"`
WhoisServer string `mapstructure:"whois"`
Listen string `mapstructure:"listen"`
DNSInterface string `mapstructure:"dns_interface"`
NetSpecificMode string `mapstructure:"net_specific_mode"`
TitleBrand string `mapstructure:"title_brand"`
NavBarBrand string `mapstructure:"navbar_brand"`
NavBarBrandURL string `mapstructure:"navbar_brand_url"`
NavBarAllServer string `mapstructure:"navbar_all_servers"`
NavBarAllURL string `mapstructure:"navbar_all_url"`
BgpmapInfo string `mapstructure:"bgpmap_info"`
TelegramBotName string `mapstructure:"telegram_bot_name"`
ProtocolFilter string `mapstructure:"protocol_filter"`
NameFilter string `mapstructure:"name_filter"`
TimeOut int `mapstructure:"timeout"`
Servers string `mapstructure:"servers"`
Domain string `mapstructure:"domain"`
ProxyPort int `mapstructure:"proxy_port"`
WhoisServer string `mapstructure:"whois"`
Listen string `mapstructure:"listen"`
DNSInterface string `mapstructure:"dns_interface"`
NetSpecificMode string `mapstructure:"net_specific_mode"`
TitleBrand string `mapstructure:"title_brand"`
NavBarBrand string `mapstructure:"navbar_brand"`
NavBarBrandURL string `mapstructure:"navbar_brand_url"`
NavBarAllServer string `mapstructure:"navbar_all_servers"`
NavBarAllURL string `mapstructure:"navbar_all_url"`
BgpmapInfo string `mapstructure:"bgpmap_info"`
TelegramBotName string `mapstructure:"telegram_bot_name"`
ProtocolFilter string `mapstructure:"protocol_filter"`
NameFilter string `mapstructure:"name_filter"`
TimeOut int `mapstructure:"timeout"`
ConnectionTimeOut int `mapstructure:"connection_timeout"`
}
// Parse settings with viper, and convert to legacy setting format
@@ -87,9 +88,12 @@ func parseSettings() {
pflag.String("name-filter", "", "protocol name regex to hide in summary tables (RE2 syntax); defaults to none if not set")
viper.BindPFlag("name_filter", pflag.Lookup("name-filter"))
pflag.Int("time-out", 120, "time before request timed out, in seconds; defaults to 120 if not set")
pflag.Int("time-out", 120, "time before backend HTTP request times out, in seconds; defaults to 120 if not set")
viper.BindPFlag("timeout", pflag.Lookup("time-out"))
pflag.Int("connection-time-out", 5, "time before backend TCP connection times out, in seconds; defaults to 5 if not set")
viper.BindPFlag("connection_timeout", pflag.Lookup("connection-time-out"))
pflag.Parse()
if err := viper.ReadInConfig(); err != nil {
@@ -139,6 +143,7 @@ func parseSettings() {
setting.nameFilter = viperSettings.NameFilter
setting.timeOut = viperSettings.TimeOut
setting.connectionTimeOut = viperSettings.ConnectionTimeOut
fmt.Printf("%#v\n", setting)
}

View File

@@ -4,25 +4,29 @@ go 1.17
require (
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
github.com/gorilla/handlers v1.5.1
github.com/gorilla/handlers v1.5.2
github.com/magiconair/properties v1.8.7
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.16.0
github.com/spf13/viper v1.18.2
)
require (
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

File diff suppressed because it is too large Load Diff

View File

@@ -22,8 +22,8 @@ func invalidHandler(httpW http.ResponseWriter, httpR *http.Request) {
}
func hasAccess(remoteAddr string) bool {
// setting.allowedIPs will always have at least one element because of how it's defined
if len(setting.allowedIPs) == 0 {
// setting.allowedNets will always have at least one element because of how it's defined
if len(setting.allowedNets) == 0 {
return true
}
@@ -40,8 +40,8 @@ func hasAccess(remoteAddr string) bool {
return false
}
for _, allowedIP := range setting.allowedIPs {
if ipObject.Equal(allowedIP) {
for _, net := range setting.allowedNets {
if net.Contains(ipObject) {
return true
}
}
@@ -49,7 +49,7 @@ func hasAccess(remoteAddr string) bool {
return false
}
// Access handler, check to see if client IP in allowed IPs, continue if it is, send to invalidHandler if not
// Access handler, check to see if client IP in allowed nets, continue if it is, send to invalidHandler if not
func accessHandler(next http.Handler) http.Handler {
return http.HandlerFunc(func(httpW http.ResponseWriter, httpR *http.Request) {
if hasAccess(httpR.RemoteAddr) {
@@ -61,12 +61,12 @@ func accessHandler(next http.Handler) http.Handler {
}
type settingType struct {
birdSocket string
listen string
allowedIPs []net.IP
tr_bin string
tr_flags []string
tr_raw bool
birdSocket string
listen string
allowedNets []*net.IPNet
tr_bin string
tr_flags []string
tr_raw bool
}
var setting settingType

View File

@@ -10,42 +10,61 @@ import (
)
func TestHasAccessNotConfigured(t *testing.T) {
setting.allowedIPs = []net.IP{}
setting.allowedNets = []*net.IPNet{}
assert.Equal(t, hasAccess("whatever"), true)
}
func TestHasAccessAllowIPv4(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("1.2.3.4")}
_, netip, _ := net.ParseCIDR("1.2.3.4/32")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("1.2.3.4:4321"), true)
}
func TestHasAccessAllowIPv4Net(t *testing.T) {
_, netip, _ := net.ParseCIDR("1.2.3.0/24")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("1.2.3.4:4321"), true)
}
func TestHasAccessDenyIPv4(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("4.3.2.1")}
_, netip, _ := net.ParseCIDR("4.3.2.1/32")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("1.2.3.4:4321"), false)
}
func TestHasAccessAllowIPv6(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("2001:db8::1")}
_, netip, _ := net.ParseCIDR("2001:db8::1/128")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("[2001:db8::1]:4321"), true)
}
func TestHasAccessAllowIPv6Net(t *testing.T) {
_, netip, _ := net.ParseCIDR("2001:db8::/64")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("[2001:db8::1]:4321"), true)
}
func TestHasAccessAllowIPv6DifferentForm(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("2001:0db8::1")}
_, netip, _ := net.ParseCIDR("2001:db8::1/128")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("[2001:db8::1]:4321"), true)
}
func TestHasAccessDenyIPv6(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("2001:db8::2")}
_, netip, _ := net.ParseCIDR("2001:db8::2/128")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("[2001:db8::1]:4321"), false)
}
func TestHasAccessBadClientIP(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("1.2.3.4")}
_, netip, _ := net.ParseCIDR("1.2.3.4/32")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("not an IP"), false)
}
func TestHasAccessBadClientIPPort(t *testing.T) {
setting.allowedIPs = []net.IP{net.ParseIP("1.2.3.4")}
_, netip, _ := net.ParseCIDR("1.2.3.4/32")
setting.allowedNets = []*net.IPNet{netip}
assert.Equal(t, hasAccess("not an IP:not a port"), false)
}
@@ -57,7 +76,8 @@ func TestAccessHandlerAllow(t *testing.T) {
r.RemoteAddr = "1.2.3.4:4321"
w := httptest.NewRecorder()
setting.allowedIPs = []net.IP{net.ParseIP("1.2.3.4")}
_, netip, _ := net.ParseCIDR("1.2.3.4/32")
setting.allowedNets = []*net.IPNet{netip}
wrappedHandler.ServeHTTP(w, r)
assert.Equal(t, w.Code, http.StatusNotFound)
@@ -71,7 +91,8 @@ func TestAccessHandlerDeny(t *testing.T) {
r.RemoteAddr = "1.2.3.4:4321"
w := httptest.NewRecorder()
setting.allowedIPs = []net.IP{net.ParseIP("4.3.2.1")}
_, netip, _ := net.ParseCIDR("4.3.2.1/32")
setting.allowedNets = []*net.IPNet{netip}
wrappedHandler.ServeHTTP(w, r)
assert.Equal(t, w.Code, http.StatusInternalServerError)

View File

@@ -13,7 +13,7 @@ import (
type viperSettingType struct {
BirdSocket string `mapstructure:"bird_socket"`
Listen string `mapstructure:"listen"`
AllowedIPs string `mapstructure:"allowed_ips"`
AllowedNets string `mapstructure:"allowed_ips"`
TracerouteBin string `mapstructure:"traceroute_bin"`
TracerouteFlags string `mapstructure:"traceroute_flags"`
TracerouteRaw bool `mapstructure:"traceroute_raw"`
@@ -40,7 +40,7 @@ func parseSettings() {
pflag.String("listen", "8000", "listen address, set either in parameter or environment variable BIRDLG_PROXY_PORT")
viper.BindPFlag("listen", pflag.Lookup("listen"))
pflag.String("allowed", "", "IPs allowed to access this proxy, separated by commas. Don't set to allow all IPs.")
pflag.String("allowed", "", "IPs or networks allowed to access this proxy, separated by commas. Don't set to allow all IPs.")
viper.BindPFlag("allowed_ips", pflag.Lookup("allowed"))
pflag.String("traceroute_bin", "", "traceroute binary file, set either in parameter or environment variable BIRDLG_TRACEROUTE_BIN")
@@ -66,18 +66,31 @@ func parseSettings() {
setting.birdSocket = viperSettings.BirdSocket
setting.listen = viperSettings.Listen
if viperSettings.AllowedIPs != "" {
for _, ip := range strings.Split(viperSettings.AllowedIPs, ",") {
ipObject := net.ParseIP(ip)
if ipObject == nil {
fmt.Printf("Parse IP %s failed\n", ip)
continue
if viperSettings.AllowedNets != "" {
for _, arg := range strings.Split(viperSettings.AllowedNets, ",") {
// if argument is an IP address, convert to CIDR by adding a suitable mask
if !strings.Contains(arg, "/") {
if strings.Contains(arg, ":") {
// IPv6 address with /128 mask
arg += "/128"
} else {
// IPv4 address with /32 mask
arg += "/32"
}
}
setting.allowedIPs = append(setting.allowedIPs, ipObject)
// parse the network
_, netip, err := net.ParseCIDR(arg)
if err != nil {
fmt.Printf("Failed to parse CIDR %s: %s\n", arg, err.Error())
continue
}
setting.allowedNets = append(setting.allowedNets, netip)
}
} else {
setting.allowedIPs = []net.IP{}
setting.allowedNets = []*net.IPNet{}
}
var err error