max/gonotes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make netlist configurable

Browse source
This commit is contained in:
Maximilian Friedersdorff 2025-12-11 21:34:33 +00:00
parent 63405b6dc2
commit 55c7e00ad6
3 changed files with 29 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

33
internal/middleware/reject_anon.go
View file

@ -10,30 +10,14 @@ import (
"net"
"net/http"
"strings"
"forgejo.gwairfelin.com/max/gonotes/internal/conf"
)
type netList []net.IPNet
var safeCIDRs = [...]string{"192.168.0.0/23", "10.0.0.0/24", "2001:8b0:f70:546d::/64"}
var safeOriginNets netList
const ipHeader = "x-forwarded-for"
func init() {
safeOriginNets = make([]net.IPNet, 0, len(safeCIDRs))
for _, cidr := range safeCIDRs {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
log.Printf("ignoring invalid cidr: %s", err)
continue
}
safeOriginNets = append(safeOriginNets, *net)
}
}
func (n *netList) Contains(ip net.IP) bool {
for _, net := range *n {
if contains := net.Contains(ip); contains {
@ -44,6 +28,19 @@ func (n *netList) Contains(ip net.IP) bool {
}
func RejectAnonMiddleware(redirect string, next http.Handler) http.Handler {
safeOriginNets := make(netList, 0, len(conf.Conf.AnonCIDRs))
for _, cidr := range conf.Conf.AnonCIDRs {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
log.Printf("ignoring invalid cidr: %s", err)
continue
}
safeOriginNets = append(safeOriginNets, *net)
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(ContextKey("user")).(string)