traefik/pkg/middlewares/ipallowlist/ip_allowlist.go

package ipallowlist

import (
	"context"
	"errors"
	"fmt"
	"net/http"

	"github.com/opentracing/opentracing-go/ext"
	"github.com/rs/zerolog/log"
	"github.com/traefik/traefik/v3/pkg/config/dynamic"
	"github.com/traefik/traefik/v3/pkg/ip"
	"github.com/traefik/traefik/v3/pkg/middlewares"
	"github.com/traefik/traefik/v3/pkg/tracing"
)

const (
	typeName = "IPAllowLister"
)

// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.
type ipAllowLister struct {
	next        http.Handler
	allowLister *ip.Checker
	strategy    ip.Strategy
	name        string
}

// New builds a new IPAllowLister given a list of CIDR-Strings to allow.
func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {
	logger := middlewares.GetLogger(ctx, name, typeName)
	logger.Debug().Msg("Creating middleware")

	if len(config.SourceRange) == 0 {
		return nil, errors.New("sourceRange is empty, IPAllowLister not created")
	}

	checker, err := ip.NewChecker(config.SourceRange)
	if err != nil {
		return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)
	}

	strategy, err := config.IPStrategy.Get()
	if err != nil {
		return nil, err
	}

	logger.Debug().Msgf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)

	return &ipAllowLister{
		strategy:    strategy,
		allowLister: checker,
		next:        next,
		name:        name,
	}, nil
}

func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {
	return al.name, tracing.SpanKindNoneEnum
}

func (al *ipAllowLister) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	logger := middlewares.GetLogger(req.Context(), al.name, typeName)
	ctx := logger.WithContext(req.Context())

	clientIP := al.strategy.GetIP(req)
	err := al.allowLister.IsAuthorized(clientIP)
	if err != nil {
		msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)
		logger.Debug().Msg(msg)
		tracing.SetErrorWithEvent(req, msg)
		reject(ctx, rw)
		return
	}
	logger.Debug().Msgf("Accepting IP %s", clientIP)

	al.next.ServeHTTP(rw, req)
}

func reject(ctx context.Context, rw http.ResponseWriter) {
	statusCode := http.StatusForbidden

	rw.WriteHeader(statusCode)
	_, err := rw.Write([]byte(http.StatusText(statusCode)))
	if err != nil {
		log.Ctx(ctx).Error().Err(err).Send()
	}
}
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`package ipallowlist`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
			`import (`
			`"context"`
fix: validation system 2019-04-01 13:30:07 +00:00			`"errors"`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`"fmt"`
			`"net/http"`

			`"github.com/opentracing/opentracing-go/ext"`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`"github.com/rs/zerolog/log"`
fix: go module 2023-02-03 14:24:05 +00:00			`"github.com/traefik/traefik/v3/pkg/config/dynamic"`
			`"github.com/traefik/traefik/v3/pkg/ip"`
			`"github.com/traefik/traefik/v3/pkg/middlewares"`
			`"github.com/traefik/traefik/v3/pkg/tracing"`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`)`

			`const (`
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`typeName = "IPAllowLister"`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`)`

Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`// ipAllowLister is a middleware that provides Checks of the Requesting IP against a set of Allowlists.`
			`type ipAllowLister struct {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`next http.Handler`
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`allowLister *ip.Checker`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`strategy ip.Strategy`
			`name string`
			`}`

Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`// New builds a new IPAllowLister given a list of CIDR-Strings to allow.`
			`func New(ctx context.Context, next http.Handler, config dynamic.IPAllowList, name string) (http.Handler, error) {`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`logger := middlewares.GetLogger(ctx, name, typeName)`
			`logger.Debug().Msg("Creating middleware")`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
			`if len(config.SourceRange) == 0 {`
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`return nil, errors.New("sourceRange is empty, IPAllowLister not created")`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`}`

			`checker, err := ip.NewChecker(config.SourceRange)`
			`if err != nil {`
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`return nil, fmt.Errorf("cannot parse CIDRs %s: %w", config.SourceRange, err)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`}`

			`strategy, err := config.IPStrategy.Get()`
			`if err != nil {`
			`return nil, err`
			`}`

New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`logger.Debug().Msgf("Setting up IPAllowLister with sourceRange: %s", config.SourceRange)`
fix: logger and context. 2019-09-13 17:28:04 +00:00
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`return &ipAllowLister{`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`strategy: strategy,`
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`allowLister: checker,`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`next: next,`
			`name: name,`
			`}, nil`
			`}`

Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`func (al *ipAllowLister) GetTracingInformation() (string, ext.SpanKindEnum) {`
			`return al.name, tracing.SpanKindNoneEnum`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`}`

Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`func (al ipAllowLister) ServeHTTP(rw http.ResponseWriter, req http.Request) {`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`logger := middlewares.GetLogger(req.Context(), al.name, typeName)`
			`ctx := logger.WithContext(req.Context())`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`clientIP := al.strategy.GetIP(req)`
			`err := al.allowLister.IsAuthorized(clientIP)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`if err != nil {`
Remove request dump from IPWhitelist debug log and tracing message 2022-08-11 14:20:14 +00:00			`msg := fmt.Sprintf("Rejecting IP %s: %v", clientIP, err)`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`logger.Debug().Msg(msg)`
Remove request dump from IPWhitelist debug log and tracing message 2022-08-11 14:20:14 +00:00			`tracing.SetErrorWithEvent(req, msg)`
fix: logger and context. 2019-09-13 17:28:04 +00:00			`reject(ctx, rw)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`return`
			`}`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`logger.Debug().Msgf("Accepting IP %s", clientIP)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00
Renaming IPWhiteList to IPAllowList 2022-10-26 15:16:05 +00:00			`al.next.ServeHTTP(rw, req)`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`}`

fix: logger and context. 2019-09-13 17:28:04 +00:00			`func reject(ctx context.Context, rw http.ResponseWriter) {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`statusCode := http.StatusForbidden`

			`rw.WriteHeader(statusCode)`
			`_, err := rw.Write([]byte(http.StatusText(statusCode)))`
			`if err != nil {`
New logger for the Traefik logs 2022-11-21 17:36:05 +00:00			`log.Ctx(ctx).Error().Err(err).Send()`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`}`
			`}`