astra/ntfy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Personal preference

Browse source
This commit is contained in:
Philipp Heckel 2022-10-08 17:58:05 -04:00
parent 1672322fc1
commit 16ad94441b
2 changed files with 13 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

16
cmd/serve.go
View file

@ -304,27 +304,25 @@ func sigHandlerConfigReload(config string) {
}
func parseIPHostPrefix(host string) (prefixes []netip.Prefix, err error) {
//try parsing as prefix
// Try parsing as prefix, e.g. 10.0.1.0/24
prefix, err := netip.ParsePrefix(host)
if err == nil {
prefixes = append(prefixes, prefix.Masked()) // Masked returns the prefix in its canonical form, the same for every ip in the range. This exists for ease of debugging. For example, 10.1.2.3/16 is 10.1.0.0/16.
return prefixes, nil // success
prefixes = append(prefixes, prefix.Masked())
return prefixes, nil
}
// not a prefix, parse as host or IP
// LookupHost passes through an IP as is
// Not a prefix, parse as host or IP (LookupHost passes through an IP as is)
ips, err := net.LookupHost(host)
if err != nil {
return nil, err
}
for _, i := range ips {
ip, err := netip.ParseAddr(i)
for _, ipStr := range ips {
ip, err := netip.ParseAddr(ipStr)
if err == nil {
prefix, err := ip.Prefix(ip.BitLen())
if err != nil {
return nil, fmt.Errorf("%s successfully parsed but unable to make prefix: %s", ip.String(), err.Error())
}
prefixes = append(prefixes, prefix.Masked()) //also masked canonical ip
prefixes = append(prefixes, prefix.Masked())
}
}
return

13
server/server.go
View file

@ -1437,14 +1437,14 @@ func extractUserPass(r *http.Request) (username string, password string, ok bool
// This function was taken from https://www.alexedwards.net/blog/how-to-rate-limit-http-requests (MIT).
func (s *Server) visitor(r *http.Request) *visitor {
remoteAddr := r.RemoteAddr
ipport, err := netip.ParseAddrPort(remoteAddr)
ip := ipport.Addr()
addrPort, err := netip.ParseAddrPort(remoteAddr)
ip := addrPort.Addr()
if err != nil {
// This should not happen in real life; only in tests. So, using falling back to 0.0.0.0 if address unspecified
ip, err = netip.ParseAddr(remoteAddr)
if err != nil {
ip = netip.IPv4Unspecified()
log.Error("Unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
log.Warn("unable to parse IP (%s), new visitor with unspecified IP (0.0.0.0) created %s", remoteAddr, err)
}
}
if s.config.BehindProxy && strings.TrimSpace(r.Header.Get("X-Forwarded-For")) != "" {
@ -1452,14 +1452,13 @@ func (s *Server) visitor(r *http.Request) *visitor {
// only the right-most address can be trusted (as this is the one added by our proxy server).
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For for details.
ips := util.SplitNoEmpty(r.Header.Get("X-Forwarded-For"), ",")
myip, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
realIP, err := netip.ParseAddr(strings.TrimSpace(util.LastString(ips, remoteAddr)))
if err != nil {
log.Error("invalid IP address %s received in X-Forwarded-For header: %s", ip, err.Error())
// fall back to regular remote address if X-Forwarded-For is damaged
// Fall back to regular remote address if X-Forwarded-For is damaged
} else {
ip = myip
ip = realIP
}
}
return s.visitorFromIP(ip)
}