From cbceac786d9bb6450a8b7eec08a44757873be0d4 Mon Sep 17 00:00:00 2001 From: Gabriel Radureau Date: Wed, 27 Aug 2025 19:53:38 +0200 Subject: [PATCH] log denied forwardedIp --- main.go | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/main.go b/main.go index 1c3da60..ed8475f 100644 --- a/main.go +++ b/main.go @@ -19,9 +19,9 @@ import ( ) var ( - db *sql.DB // Global database connection - c = cache.New(5*time.Minute, 10*time.Minute) - oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code + db *sql.DB // Global database connection + c = cache.New(5*time.Minute, 10*time.Minute) + oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve ) @@ -140,9 +140,9 @@ func selectHandler(w http.ResponseWriter, r *http.Request) { // Structure de base pour passer les données au template HTML type CallbackData struct { - Code string - State string - Other map[string]string + Code string + State string + Other map[string]string } // oauth2_callback handles HTTP requests and display a message according to queryParams @@ -285,15 +285,16 @@ func retrieveHandler(w http.ResponseWriter, r *http.Request) { userIP, _, err := net.SplitHostPort(r.RemoteAddr) userIPforwarded := r.Header.Get("X-Forwarded-For") if err != nil || - !slices.Contains(oauthDeviceCodeAllowedIPs, userIP) && - !slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) { - fmt.Fprintln(os.Stderr, "denied userIP: "+userIP) + !slices.Contains(oauthDeviceCodeAllowedIPs, userIP) && + !slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) { + fmt.Fprintln(os.Stderr, "denied userIP: "+userIP+" forwarded: "+userIPforwarded) + fmt.Fprintf(os.Stderr, "alowed ips: %+v", oauthDeviceCodeAllowedIPs) // Parcourir tous les headers for name, values := range r.Header { // name représente le nom de l'en-tête // values est une slice contenant toutes les valeurs associées à cet en-tête for _, value := range values { - fmt.Fprintf(os.Stderr,"%s: %s\n", name, value) + fmt.Fprintf(os.Stderr, "%s: %s\n", name, value) } } http.Error(w, "Access denied: invalid IP", http.StatusForbidden) @@ -478,22 +479,21 @@ func main() { http.HandleFunc("/display-info", displayInfoHandler) /* - Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309 - https://gitea.arcodange.duckdns.org/.well-known/openid-configuration - "grant_types_supported": [ - "authorization_code", - "refresh_token" - ] + Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309 + https://gitea.arcodange.duckdns.org/.well-known/openid-configuration + "grant_types_supported": [ + "authorization_code", + "refresh_token" + ] - So we can use the authorization_code and redirect to this endpoint - and then the client can poll for the code matching the state it chose + So we can use the authorization_code and redirect to this endpoint + and then the client can poll for the code matching the state it chose */ http.HandleFunc("/oauth-callback", oauth2_callback) // Define the handler to exchange a state for a code http.HandleFunc("/retrieve", retrieveHandler) http.HandleFunc("/test-oauth-callback", test_oauth2_callback) - // Start the HTTP server port := ":8080" log.Printf("Server starting on port %s\n", port)