Personal preference

This commit is contained in:
Philipp Heckel 2022-10-08 17:58:05 -04:00
parent 1672322fc1
commit 16ad94441b
2 changed files with 13 additions and 16 deletions

View File

@ -304,27 +304,25 @@ func sigHandlerConfigReload(config string) {
} }
func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) { func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
//try parsing as prefix // Try parsing as prefix, e.g. 10.0.1.0/24
prefix, err := netip.ParsePrefix(host) prefix, err := netip.ParsePrefix(host)
if err == nil { if err == nil {
prefixes = append(prefixes, prefix.Masked()) // Masked returns the prefix in its canonical form, the same for every ip in the range. This exists for ease of debugging. For example, 10.1.2.3/16 is 10.1.0.0/16. prefixes = append(prefixes, prefix.Masked())
return prefixes, nil // success return prefixes, nil
} }
// Not a prefix, parse as host or IP (LookupHost passes through an IP as is)
// not a prefix, parse as host or IP
// LookupHost passes through an IP as is
ips, err := net.LookupHost(host) ips, err := net.LookupHost(host)
if err != nil { if err != nil {
return nil, err return nil, err
} }
for _, i := range ips { for _, ipStr := range ips {
ip, err := netip.ParseAddr(i) ip, err := netip.ParseAddr(ipStr)
if err == nil { if err == nil {
prefix, err := ip.Prefix(ip.BitLen()) prefix, err := ip.Prefix(ip.BitLen())
if err != nil { if err != nil {
return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error()) return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
} }
prefixes = append(prefixes, prefix.Masked()) //also masked canonical ip prefixes = append(prefixes, prefix.Masked())
} }
} }
return return

View File

@ -1437,14 +1437,14 @@ func extractUserPass(r *http.Request) (username string, password string, ok bool
// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT). // This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
func (s *Server) visitor(r *http.Request) *visitor { func (s *Server) visitor(r *http.Request) *visitor {
remoteAddr := r.RemoteAddr remoteAddr := r.RemoteAddr
ipport, err := netip.ParseAddrPort(remoteAddr) addrPort, err := netip.ParseAddrPort(remoteAddr)
ip := ipport.Addr() ip := addrPort.Addr()
if err != nil { if err != nil {
// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified // This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
ip, err = netip.ParseAddr(remoteAddr) ip, err = netip.ParseAddr(remoteAddr)
if err != nil { if err != nil {
ip = netip.IPv4Unspecified() ip = netip.IPv4Unspecified()
log.Error("Unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err) log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
} }
} }
if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" { if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
@ -1452,14 +1452,13 @@ func (s *Server) visitor(r *http.Request) *visitor {
// only the right-most address can be trusted (as this is the one added by our proxy server). // only the right-most address can be trusted (as this is the one added by our proxy server).
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details. // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",") ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
myip, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr))) realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
if err != nil { if err != nil {
log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error()) log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
// fall back to regular remote address if X-Forwarded-For is damaged // Fall back to regular remote address if X-Forwarded-For is damaged
} else { } else {
ip = myip ip = realIP
} }
} }
return s.visitorFromIP(ip) return s.visitorFromIP(ip)
} }