traefik/old/middlewares/forwardedheaders/forwarded_header.go

package forwardedheaders

import (
	"net/http"

	"github.com/containous/traefik/ip"
	"github.com/vulcand/oxy/forward"
	"github.com/vulcand/oxy/utils"
)

// XForwarded filter for XForwarded headers
type XForwarded struct {
	insecure   bool
	trustedIps []string
	ipChecker  *ip.Checker
}

// NewXforwarded creates a new XForwarded
func NewXforwarded(insecure bool, trustedIps []string) (*XForwarded, error) {
	var ipChecker *ip.Checker
	if len(trustedIps) > 0 {
		var err error
		ipChecker, err = ip.NewChecker(trustedIps)
		if err != nil {
			return nil, err
		}
	}

	return &XForwarded{
		insecure:   insecure,
		trustedIps: trustedIps,
		ipChecker:  ipChecker,
	}, nil
}

func (x *XForwarded) isTrustedIP(ip string) bool {
	if x.ipChecker == nil {
		return false
	}
	return x.ipChecker.IsAuthorized(ip) == nil
}

func (x *XForwarded) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
	if !x.insecure && !x.isTrustedIP(r.RemoteAddr) {
		utils.RemoveHeaders(r.Header, forward.XHeaders...)
	}

	// If there is a next, call it.
	if next != nil {
		next(w, r)
	}
}
IPStrategy for selecting IP in whitelist 2018-08-24 14:20:03 +00:00			`package forwardedheaders`

			`import (`
			`"net/http"`

			`"github.com/containous/traefik/ip"`
			`"github.com/vulcand/oxy/forward"`
			`"github.com/vulcand/oxy/utils"`
			`)`

			`// XForwarded filter for XForwarded headers`
			`type XForwarded struct {`
			`insecure bool`
			`trustedIps []string`
			`ipChecker *ip.Checker`
			`}`

			`// NewXforwarded creates a new XForwarded`
			`func NewXforwarded(insecure bool, trustedIps []string) (*XForwarded, error) {`
			`var ipChecker *ip.Checker`
			`if len(trustedIps) > 0 {`
			`var err error`
			`ipChecker, err = ip.NewChecker(trustedIps)`
			`if err != nil {`
			`return nil, err`
			`}`
			`}`

			`return &XForwarded{`
			`insecure: insecure,`
			`trustedIps: trustedIps,`
			`ipChecker: ipChecker,`
			`}, nil`
			`}`

			`func (x *XForwarded) isTrustedIP(ip string) bool {`
			`if x.ipChecker == nil {`
			`return false`
			`}`
			`return x.ipChecker.IsAuthorized(ip) == nil`
			`}`

			`func (x XForwarded) ServeHTTP(w http.ResponseWriter, r http.Request, next http.HandlerFunc) {`
			`if !x.insecure && !x.isTrustedIP(r.RemoteAddr) {`
			`utils.RemoveHeaders(r.Header, forward.XHeaders...)`
			`}`

			`// If there is a next, call it.`
			`if next != nil {`
			`next(w, r)`
			`}`
			`}`