Personal preference
This commit is contained in:
parent
1672322fc1
commit
16ad94441b
2 changed files with 13 additions and 16 deletions
16
cmd/serve.go
16
cmd/serve.go
|
@ -304,27 +304,25 @@ func sigHandlerConfigReload(config string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
|
func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
|
||||||
//try parsing as prefix
|
// Try parsing as prefix, e.g. 10.0.1.0/24
|
||||||
prefix, err := netip.ParsePrefix(host)
|
prefix, err := netip.ParsePrefix(host)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
prefixes = append(prefixes, prefix.Masked()) // Masked returns the prefix in its canonical form, the same for every ip in the range. This exists for ease of debugging. For example, 10.1.2.3/16 is 10.1.0.0/16.
|
prefixes = append(prefixes, prefix.Masked())
|
||||||
return prefixes, nil // success
|
return prefixes, nil
|
||||||
}
|
}
|
||||||
|
// Not a prefix, parse as host or IP (LookupHost passes through an IP as is)
|
||||||
// not a prefix, parse as host or IP
|
|
||||||
// LookupHost passes through an IP as is
|
|
||||||
ips, err := net.LookupHost(host)
|
ips, err := net.LookupHost(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
for _, i := range ips {
|
for _, ipStr := range ips {
|
||||||
ip, err := netip.ParseAddr(i)
|
ip, err := netip.ParseAddr(ipStr)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
prefix, err := ip.Prefix(ip.BitLen())
|
prefix, err := ip.Prefix(ip.BitLen())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
|
return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
|
||||||
}
|
}
|
||||||
prefixes = append(prefixes, prefix.Masked()) //also masked canonical ip
|
prefixes = append(prefixes, prefix.Masked())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
|
|
|
@ -1437,14 +1437,14 @@ func extractUserPass(r *http.Request) (username string, password string, ok bool
|
||||||
// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
|
// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
|
||||||
func (s *Server) visitor(r *http.Request) *visitor {
|
func (s *Server) visitor(r *http.Request) *visitor {
|
||||||
remoteAddr := r.RemoteAddr
|
remoteAddr := r.RemoteAddr
|
||||||
ipport, err := netip.ParseAddrPort(remoteAddr)
|
addrPort, err := netip.ParseAddrPort(remoteAddr)
|
||||||
ip := ipport.Addr()
|
ip := addrPort.Addr()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
|
// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
|
||||||
ip, err = netip.ParseAddr(remoteAddr)
|
ip, err = netip.ParseAddr(remoteAddr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ip = netip.IPv4Unspecified()
|
ip = netip.IPv4Unspecified()
|
||||||
log.Error("Unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
|
log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
|
if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
|
||||||
|
@ -1452,14 +1452,13 @@ func (s *Server) visitor(r *http.Request) *visitor {
|
||||||
// only the right-most address can be trusted (as this is the one added by our proxy server).
|
// only the right-most address can be trusted (as this is the one added by our proxy server).
|
||||||
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
|
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
|
||||||
ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
|
ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
|
||||||
myip, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
|
realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
|
log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
|
||||||
// fall back to regular remote address if X-Forwarded-For is damaged
|
// Fall back to regular remote address if X-Forwarded-For is damaged
|
||||||
} else {
|
} else {
|
||||||
ip = myip
|
ip = realIP
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
return s.visitorFromIP(ip)
|
return s.visitorFromIP(ip)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue