mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2025-07-12 00:39:00 +07:00
Code Issues Packages Projects Releases Wiki Activity

Properly parse r.RemoteAddr (#50)

Browse Source 
* Properly parse r.RemoteAddr

* Add tests, and fix net.ParseCIDR issues with IPv6 addresses enclosed in brackets
This commit is contained in:
Joona Hoikkala
2018-03-15 00:23:55 +02:00
committed by GitHub
parent 5c2e60a828
commit 439da9c09f
4 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
acmetxt.go
View File

@ -33,9 +33,9 @@ func (c *cidrslice) JSON() string {
func (c *cidrslice) ValidEntries() []string { func (c *cidrslice) ValidEntries() []string {
valid := []string{} valid := []string{}
for _, v := range *c { for _, v := range *c {
_, _, err := net.ParseCIDR(v) _, _, err := net.ParseCIDR(sanitizeIPv6addr(v))
if err == nil { if err == nil {
valid = append(valid, v) valid = append(valid, sanitizeIPv6addr(v))
} }
} }
return valid return valid

8
auth.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"net"
"net/http" "net/http"
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
@ -83,5 +84,10 @@ func updateAllowedFromIP(r *http.Request, user ACMETxt) bool {
ips := getIPListFromHeader(r.Header.Get(Config.API.HeaderName)) ips := getIPListFromHeader(r.Header.Get(Config.API.HeaderName))
return user.allowedFromList(ips) return user.allowedFromList(ips)
} }
return user.allowedFrom(r.RemoteAddr) host, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
log.WithFields(log.Fields{"error": err.Error(), "remoteaddr": r.RemoteAddr}).Error("Error while parsing remote address")
host = ""
}
return user.allowedFrom(host)
} }

33
auth_test.go Normal file
View File

@ -0,0 +1,33 @@
package main
import (
"net/http"
"testing"
)
func TestUpdateAllowedFromIP(t *testing.T) {
userWithAllow := newACMETxt()
userWithAllow.AllowFrom = cidrslice{"192.168.1.2/32", "[::1]/128"}
userWithoutAllow := newACMETxt()
for i, test := range []struct {
remoteaddr string
expected bool
}{
{"192.168.1.2:1234", true},
{"192.168.1.1:1234", false},
{"invalid", false},
{"[::1]:4567", true},
} {
newreq, _ := http.NewRequest("GET", "/whatever", nil)
newreq.RemoteAddr = test.remoteaddr
ret := updateAllowedFromIP(newreq, userWithAllow)
if test.expected != ret {
t.Errorf("Test %d: Unexpected result for user with allowForm set", i)
}
if !updateAllowedFromIP(newreq, userWithoutAllow) {
t.Errorf("Test %d: Unexpected result for user without allowForm set", i)
}
}
}

6
util.go
View File

@ -38,6 +38,12 @@ func sanitizeString(s string) string {
return re.ReplaceAllString(s, "") return re.ReplaceAllString(s, "")
} }
func sanitizeIPv6addr(s string) string {
// Remove brackets from IPv6 addresses, net.ParseCIDR needs this
re, _ := regexp.Compile("[\\[\\]]+")
return re.ReplaceAllString(s, "")
}
func generatePassword(length int) string { func generatePassword(length int) string {
ret := make([]byte, length) ret := make([]byte, length)
const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-_" const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-_"