diff --git a/internal/middleware/reject_anon.go b/internal/middleware/reject_anon.go new file mode 100644 index 0000000..82ba800 --- /dev/null +++ b/internal/middleware/reject_anon.go @@ -0,0 +1,99 @@ +// Middleware designed to reject requests from anon users unless from 'safe' +// IP addresses + +package middleware + +import ( + "errors" + "fmt" + "log" + "net" + "net/http" + "strings" +) + +type netList []net.IPNet + +var safeCIDRs = [...]string{"192.168.0.0/23", "10.0.0.0/24", "2001:8b0:f70:546d::/64"} + +var safeOriginNets netList + +const ipHeader = "x-forwarded-for" + +func init() { + safeOriginNets = make([]net.IPNet, 0, len(safeCIDRs)) + for _, cidr := range safeCIDRs { + _, net, err := net.ParseCIDR(cidr) + + if err != nil { + log.Printf("ignoring invalid cidr: %s", err) + continue + } + + safeOriginNets = append(safeOriginNets, *net) + } +} + +func (n *netList) Contains(ip net.IP) bool { + for _, net := range *n { + if contains := net.Contains(ip); contains { + return true + } + } + return false +} + +func RejectAnonMiddleware(redirect string, next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + user := r.Context().Value(ContextKey("user")).(string) + + originIP, err := getOriginIP(r) + + if err != nil { + log.Printf("unable to check origin ip: %s", err) + http.Redirect(w, r, redirect, http.StatusTemporaryRedirect) + return + } + + log.Printf("origin ip: %s", originIP) + safeOrigin := safeOriginNets.Contains(originIP) + + if user == "anon" && !safeOrigin { + http.Redirect(w, r, redirect, http.StatusTemporaryRedirect) + return + } + next.ServeHTTP(w, r) + }) +} + +// Get the origin ip from the x-forwarded-for header, or the source of +// the request if not available +func getOriginIP(r *http.Request) (net.IP, error) { + sourceIpHeader, ok := r.Header[http.CanonicalHeaderKey(ipHeader)] + + if !ok { + addrParts := strings.Split(r.RemoteAddr, ":") + + if len(addrParts) == 0 { + return nil, errors.New("no source ip available") + } + + ip := net.ParseIP(addrParts[0]) + if ip == nil { + return nil, fmt.Errorf("ip could not be parsed: %s", addrParts[0]) + } + return ip, nil + } + + if len(sourceIpHeader) != 1 { + return nil, fmt.Errorf("header has more than 1 value: %s=%v", ipHeader, sourceIpHeader) + } + + ips := strings.Split(sourceIpHeader[0], ",") + ip := net.ParseIP(ips[0]) + if ip == nil { + return nil, fmt.Errorf("not parseable as ip: %s", ips[0]) + } + + return ip, nil +}