traefik/middlewares/ip_whitelister.go

65 lines
1.7 KiB
Go
Raw Normal View History

package middlewares
import (
"fmt"
"net/http"
"github.com/containous/traefik/log"
2018-01-10 16:48:04 +00:00
"github.com/containous/traefik/middlewares/tracing"
2017-10-10 12:50:03 +00:00
"github.com/containous/traefik/whitelist"
"github.com/pkg/errors"
"github.com/urfave/negroni"
)
2017-10-10 12:50:03 +00:00
// IPWhiteLister is a middleware that provides Checks of the Requesting IP against a set of Whitelists
type IPWhiteLister struct {
handler negroni.Handler
whiteLister *whitelist.IP
}
// NewIPWhiteLister builds a new IPWhiteLister given a list of CIDR-Strings to whitelist
func NewIPWhiteLister(whiteList []string, useXForwardedFor bool) (*IPWhiteLister, error) {
if len(whiteList) == 0 {
return nil, errors.New("no white list provided")
}
2017-10-10 12:50:03 +00:00
whiteLister := IPWhiteLister{}
ip, err := whitelist.NewIP(whiteList, false, useXForwardedFor)
2017-10-10 12:50:03 +00:00
if err != nil {
return nil, fmt.Errorf("parsing CIDR whitelist %s: %v", whiteList, err)
}
2017-10-10 12:50:03 +00:00
whiteLister.whiteLister = ip
2017-10-10 12:50:03 +00:00
whiteLister.handler = negroni.HandlerFunc(whiteLister.handle)
2018-04-03 16:36:03 +00:00
log.Debugf("configured IP white list: %s", whiteList)
2017-10-10 12:50:03 +00:00
return &whiteLister, nil
}
2017-10-10 12:50:03 +00:00
func (wl *IPWhiteLister) handle(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
2018-04-23 14:20:05 +00:00
err := wl.whiteLister.IsAuthorized(r)
2017-10-10 12:50:03 +00:00
if err != nil {
2018-04-23 14:20:05 +00:00
tracing.SetErrorAndDebugLog(r, "request %+v - rejecting: %v", r, err)
2017-10-10 12:50:03 +00:00
reject(w)
return
}
2018-09-07 07:40:03 +00:00
tracing.SetErrorAndDebugLog(r, "request %+v matched white list %v - passing", r, wl.whiteLister)
2018-04-23 14:20:05 +00:00
next.ServeHTTP(w, r)
}
2017-10-10 12:50:03 +00:00
func (wl *IPWhiteLister) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
wl.handler.ServeHTTP(rw, r, next)
}
func reject(w http.ResponseWriter) {
statusCode := http.StatusForbidden
w.WriteHeader(statusCode)
2018-04-23 14:20:05 +00:00
_, err := w.Write([]byte(http.StatusText(statusCode)))
if err != nil {
log.Error(err)
}
}