devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

feat: add access policy middleware support cidr block

Browse Source
This commit is contained in:
Jonas Kaninda
2024-12-09 18:33:44 +01:00
parent 7e3489e201
commit 89a6f3fffd
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/middlewares/access_policy_middleware.go
View File

@@ -63,13 +63,18 @@ func (access AccessPolicy) AccessPolicyMiddleware(next http.Handler) http.Handle
})
}
// isIPAllowed checks if a client IP matches an entry (range or single IP).
// isIPAllowed checks if a client IP matches an entry (range, single IP or CIDR block).
func isIPAllowed(clientIP, entry string) bool {
// Handle IP range
if strings.Contains(entry, "-") {
// Handle IP range
startIP, endIP, err := parseIPRange(entry)
return err == nil && ipInRange(clientIP, startIP, endIP)
}
// Handle CIDR
if strings.Contains(entry, "/") {
return ipInCIDR(clientIP, entry)
}
// Handle single IP
return clientIP == entry
}
@@ -116,3 +121,13 @@ func ipInRange(ipStr, startIP, endIP string) bool {
}
return true
}
// Check if an IP is within a CIDR block
func ipInCIDR(ipStr, cidr string) bool {
ip := net.ParseIP(ipStr)
_, ipNet, err := net.ParseCIDR(cidr)
if err != nil {
return false
}
return ipNet.Contains(ip)
}