log denied forwardedIp

chart/templates/config.yaml

@@ -5,6 +5,6 @@ metadata:
   namespace: {{ .Release.Namespace }}
 data:
   OAUTH_ALLOWED_HOST: webapp.arcodange.duckdns.org
-  OAUTH_DEVICE_CODE_ALLOWED_IPS: 90.16.102.250,
+  OAUTH_DEVICE_CODE_ALLOWED_IPS: 86.247.157.144,
   DATABASE_URL: postgres://pgbouncer_auth:pgbouncer_auth@pgbouncer.tools/postgres?sslmode=disable
 #  DATABASE_URL: postgres://username:password@localhost/dbname?sslmode=disable

main.go

@@ -19,9 +19,9 @@ import (
 )
 
 var (
-	db *sql.DB // Global database connection
+	db                        *sql.DB // Global database connection
-	c = cache.New(5*time.Minute, 10*time.Minute)
+	c                         = cache.New(5*time.Minute, 10*time.Minute)
-	oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
+	oauthAllowedHost          = os.Getenv("OAUTH_ALLOWED_HOST")                                // URL authorized for device code
 	oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve
 )
 
@@ -140,9 +140,9 @@ func selectHandler(w http.ResponseWriter, r *http.Request) {
 
 // Structure de base pour passer les données au template HTML
 type CallbackData struct {
-    Code  string
+	Code  string
-    State string
+	State string
-    Other map[string]string
+	Other map[string]string
 }
 
 // oauth2_callback handles HTTP requests and display a message according to queryParams
@@ -285,15 +285,16 @@ func retrieveHandler(w http.ResponseWriter, r *http.Request) {
 	userIP, _, err := net.SplitHostPort(r.RemoteAddr)
 	userIPforwarded := r.Header.Get("X-Forwarded-For")
 	if err != nil ||
-	!slices.Contains(oauthDeviceCodeAllowedIPs, userIP)  &&
+		!slices.Contains(oauthDeviceCodeAllowedIPs, userIP) &&
-	!slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) {
+			!slices.Contains(oauthDeviceCodeAllowedIPs, userIPforwarded) {
-		fmt.Fprintln(os.Stderr, "denied userIP: "+userIP)
+		fmt.Fprintln(os.Stderr, "denied userIP: "+userIP+" forwarded: "+userIPforwarded)
+		fmt.Fprintf(os.Stderr, "alowed ips: %+v", oauthDeviceCodeAllowedIPs)
 		// Parcourir tous les headers
 		for name, values := range r.Header {
 			// name représente le nom de l'en-tête
 			// values est une slice contenant toutes les valeurs associées à cet en-tête
 			for _, value := range values {
-				fmt.Fprintf(os.Stderr,"%s: %s\n", name, value)
+				fmt.Fprintf(os.Stderr, "%s: %s\n", name, value)
 			}
 		}
 		http.Error(w, "Access denied: invalid IP", http.StatusForbidden)
@@ -478,22 +479,21 @@ func main() {
 	http.HandleFunc("/display-info", displayInfoHandler)
 
 	/*
-	Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309
+		Gitea doesn't come with device flow # https://github.com/go-gitea/gitea/issues/27309
-	https://gitea.arcodange.duckdns.org/.well-known/openid-configuration
+		https://gitea.arcodange.duckdns.org/.well-known/openid-configuration
-	"grant_types_supported": [
+		"grant_types_supported": [
-	"authorization_code",
+		"authorization_code",
-	"refresh_token"
+		"refresh_token"
-	]
+		]
 
-	So we can use the authorization_code and redirect to this endpoint
+		So we can use the authorization_code and redirect to this endpoint
-	and then the client can poll for the code matching the state it chose
+		and then the client can poll for the code matching the state it chose
 	*/
 	http.HandleFunc("/oauth-callback", oauth2_callback)
 	// Define the handler to exchange a state for a code
 	http.HandleFunc("/retrieve", retrieveHandler)
 	http.HandleFunc("/test-oauth-callback", test_oauth2_callback)
 
-
 	// Start the HTTP server
 	port := ":8080"
 	log.Printf("Server starting on port %s\n", port)