allow both duckdns.org and .fr domains
All checks were successful
Docker Build / build-and-push-image (push) Successful in 4m25s
All checks were successful
Docker Build / build-and-push-image (push) Successful in 4m25s
This commit is contained in:
23
main.go
23
main.go
@@ -21,8 +21,11 @@ import (
|
||||
var (
|
||||
db *sql.DB // Global database connection
|
||||
c = cache.New(5*time.Minute, 10*time.Minute)
|
||||
oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
|
||||
oauthAllowedHosts = strings.Split(os.Getenv("OAUTH_ALLOWED_HOSTS"), ",") // authorized HOSTS for device code
|
||||
oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve
|
||||
_, localNetwork, _ = net.ParseCIDR("192.168.0.0/16")
|
||||
_, localNetworkIPV6, _ = net.ParseCIDR("2a01:cb04:dff:cf00::/56")
|
||||
_, k3sNetwork, _ = net.ParseCIDR("10.42.0.0/16")
|
||||
)
|
||||
|
||||
// dbConnection initializes the database connection.
|
||||
@@ -103,7 +106,7 @@ func indexHandler(w http.ResponseWriter, r *http.Request) {
|
||||
</body>
|
||||
</html>
|
||||
`
|
||||
fmt.Fprintf(w, tmpl)
|
||||
fmt.Fprint(w, tmpl)
|
||||
}
|
||||
|
||||
// selectHandler handles HTTP requests and executes a SQL query.
|
||||
@@ -151,7 +154,7 @@ func oauth2_callback(w http.ResponseWriter, r *http.Request) {
|
||||
// Vérifier le référent (ou origine)
|
||||
|
||||
hostHeader := strings.Trim(r.Header.Get("X-Forwarded-Host"), "[]")
|
||||
if oauthAllowedHost != "" && hostHeader != oauthAllowedHost {
|
||||
if len(oauthAllowedHosts) > 0 && !slices.Contains(oauthAllowedHosts, hostHeader) {
|
||||
fmt.Fprintln(os.Stderr, "X-Forwarded-Host: "+hostHeader)
|
||||
fmt.Fprintln(os.Stderr, "received headers")
|
||||
for key, value := range r.Header {
|
||||
@@ -283,11 +286,17 @@ func oauth2_callback(w http.ResponseWriter, r *http.Request) {
|
||||
func retrieveHandler(w http.ResponseWriter, r *http.Request) {
|
||||
// Récupérer l'IP de l'utilisateur
|
||||
userIP, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
userIPforwarded := r.Header.Get("X-Forwarded-For")
|
||||
userIPforwarded := net.ParseIP(r.Header.Get("X-Forwarded-For"))
|
||||
ip := userIPforwarded
|
||||
if ip == nil {
|
||||
ip = net.ParseIP(userIP)
|
||||
}
|
||||
if err != nil ||
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIP) &&
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) {
|
||||
fmt.Fprintln(os.Stderr, "denied userIP: "+userIP+" forwarded: "+userIPforwarded)
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, ip.String()) &&
|
||||
!localNetwork.Contains(ip) &&
|
||||
!localNetworkIPV6.Contains(ip) &&
|
||||
!k3sNetwork.Contains(ip) {
|
||||
fmt.Fprintln(os.Stderr, "denied userIP: "+userIP+" forwarded: "+userIPforwarded.String())
|
||||
fmt.Fprintf(os.Stderr, "alowed ips: %+v", oauthDeviceCodeAllowedIPs)
|
||||
// Parcourir tous les headers
|
||||
for name, values := range r.Header {
|
||||
|
||||
Reference in New Issue
Block a user