max/gonotes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make netlist configurable

Browse source
This commit is contained in:
Maximilian Friedersdorff 2025-12-11 21:34:33 +00:00
parent 63405b6dc2
commit 55c7e00ad6
3 changed files with 29 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
cmd/server/main.go
View file

@ -51,7 +51,19 @@ func main() {
etag := middleware.NewETag("static", cacheExpiration) etag := middleware.NewETag("static", cacheExpiration)
router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound))) router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound)))
router.Handle("/notes/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter)))) router.Handle(
"/notes/",
sessions.AsMiddleware(
middleware.LoggingMiddleware(
middleware.RejectAnonMiddleware(
"/auth/login/",
http.StripPrefix(
"/notes", notesRouter,
),
),
),
),
)
router.Handle("/auth/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/auth", sessionRouter)))) router.Handle("/auth/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/auth", sessionRouter))))
router.Handle( router.Handle(
"/static/", "/static/",

1
internal/conf/conf.go
View file

@ -68,6 +68,7 @@ type Config struct {
RedirectURL string `toml:"redirect_url"` RedirectURL string `toml:"redirect_url"`
UserinfoURL string `toml:"userinfo_url"` UserinfoURL string `toml:"userinfo_url"`
} }
AnonCIDRs []string `toml:"anon_networks"`
} }
var ( var (

33
internal/middleware/reject_anon.go
View file

@ -10,30 +10,14 @@ import (
"net" "net"
"net/http" "net/http"
"strings" "strings"
"forgejo.gwairfelin.com/max/gonotes/internal/conf"
) )
type netList []net.IPNet type netList []net.IPNet
var safeCIDRs = [...]string{"192.168.0.0/23", "10.0.0.0/24", "2001:8b0:f70:546d::/64"}
var safeOriginNets netList
const ipHeader = "x-forwarded-for" const ipHeader = "x-forwarded-for"
func init() {
safeOriginNets = make([]net.IPNet, 0, len(safeCIDRs))
for _, cidr := range safeCIDRs {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
log.Printf("ignoring invalid cidr: %s", err)
continue
}
safeOriginNets = append(safeOriginNets, *net)
}
}
func (n *netList) Contains(ip net.IP) bool { func (n *netList) Contains(ip net.IP) bool {
for _, net := range *n { for _, net := range *n {
if contains := net.Contains(ip); contains { if contains := net.Contains(ip); contains {
@ -44,6 +28,19 @@ func (n *netList) Contains(ip net.IP) bool {
} }
func RejectAnonMiddleware(redirect string, next http.Handler) http.Handler { func RejectAnonMiddleware(redirect string, next http.Handler) http.Handler {
safeOriginNets := make(netList, 0, len(conf.Conf.AnonCIDRs))
for _, cidr := range conf.Conf.AnonCIDRs {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
log.Printf("ignoring invalid cidr: %s", err)
continue
}
safeOriginNets = append(safeOriginNets, *net)
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := r.Context().Value(ContextKey("user")).(string) user := r.Context().Value(ContextKey("user")).(string)