log denied forwardedIp
All checks were successful
Docker Build / build-and-push-image (push) Successful in 1m31s
All checks were successful
Docker Build / build-and-push-image (push) Successful in 1m31s
This commit is contained in:
38
main.go
38
main.go
@@ -19,9 +19,9 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
db *sql.DB // Global database connection
|
||||
c = cache.New(5*time.Minute, 10*time.Minute)
|
||||
oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
|
||||
db *sql.DB // Global database connection
|
||||
c = cache.New(5*time.Minute, 10*time.Minute)
|
||||
oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
|
||||
oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve
|
||||
)
|
||||
|
||||
@@ -140,9 +140,9 @@ func selectHandler(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Structure de base pour passer les données au template HTML
|
||||
type CallbackData struct {
|
||||
Code string
|
||||
State string
|
||||
Other map[string]string
|
||||
Code string
|
||||
State string
|
||||
Other map[string]string
|
||||
}
|
||||
|
||||
// oauth2_callback handles HTTP requests and display a message according to queryParams
|
||||
@@ -285,15 +285,16 @@ func retrieveHandler(w http.ResponseWriter, r *http.Request) {
|
||||
userIP, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
userIPforwarded := r.Header.Get("X-Forwarded-For")
|
||||
if err != nil ||
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIP) &&
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) {
|
||||
fmt.Fprintln(os.Stderr, "denied userIP: "+userIP)
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIP) &&
|
||||
!slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) {
|
||||
fmt.Fprintln(os.Stderr, "denied userIP: "+userIP+" forwarded: "+userIPforwarded)
|
||||
fmt.Fprintf(os.Stderr, "alowed ips: %+v", oauthDeviceCodeAllowedIPs)
|
||||
// Parcourir tous les headers
|
||||
for name, values := range r.Header {
|
||||
// name représente le nom de l'en-tête
|
||||
// values est une slice contenant toutes les valeurs associées à cet en-tête
|
||||
for _, value := range values {
|
||||
fmt.Fprintf(os.Stderr,"%s: %s\n", name, value)
|
||||
fmt.Fprintf(os.Stderr, "%s: %s\n", name, value)
|
||||
}
|
||||
}
|
||||
http.Error(w, "Access denied: invalid IP", http.StatusForbidden)
|
||||
@@ -478,22 +479,21 @@ func main() {
|
||||
http.HandleFunc("/display-info", displayInfoHandler)
|
||||
|
||||
/*
|
||||
Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309
|
||||
https://gitea.arcodange.duckdns.org/.well-known/openid-configuration
|
||||
"grant_types_supported": [
|
||||
"authorization_code",
|
||||
"refresh_token"
|
||||
]
|
||||
Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309
|
||||
https://gitea.arcodange.duckdns.org/.well-known/openid-configuration
|
||||
"grant_types_supported": [
|
||||
"authorization_code",
|
||||
"refresh_token"
|
||||
]
|
||||
|
||||
So we can use the authorization_code and redirect to this endpoint
|
||||
and then the client can poll for the code matching the state it chose
|
||||
So we can use the authorization_code and redirect to this endpoint
|
||||
and then the client can poll for the code matching the state it chose
|
||||
*/
|
||||
http.HandleFunc("/oauth-callback", oauth2_callback)
|
||||
// Define the handler to exchange a state for a code
|
||||
http.HandleFunc("/retrieve", retrieveHandler)
|
||||
http.HandleFunc("/test-oauth-callback", test_oauth2_callback)
|
||||
|
||||
|
||||
// Start the HTTP server
|
||||
port := ":8080"
|
||||
log.Printf("Server starting on port %s\n", port)
|
||||
|
||||
Reference in New Issue
Block a user