noa-x / noxway öffentlich
Öffentliche Dateiansicht: Raw-Dateien, Tree, Releases und Issues sind ohne Login verfügbar.
1Branches 0Tags
middleware/tools.go
Zurück Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

package middleware

import (
	"net"

	"github.com/adrian-lorenz/noxway/global"
	"github.com/gin-gonic/gin"
)

func BannList() gin.HandlerFunc {
	return func(c *gin.Context) {
		if len(global.Config.Bannlist) == 0 {
			c.Next()
			return
		}
		ip := GetIP(c)
		if isBanned(global.Config.Bannlist, ip) {
			global.Log.Errorln("Banned IP", ip)
			c.AbortWithStatus(403)
			return
		}
		c.Next()
	}
}

// GetIP returns the real client IP, respecting Gin's trusted proxy configuration.
// To enable X-Forwarded-For trust, call router.SetTrustedProxies() with your proxy CIDRs.
func GetIP(c *gin.Context) string {
	return c.ClientIP()
}

// isBanned checks if the IP matches any ban list entry.
// Entries may be exact IPs or CIDR ranges (e.g. "192.168.1.0/24").
func isBanned(bannList []string, ip string) bool {
	parsed := net.ParseIP(ip)
	for _, entry := range bannList {
		if _, network, err := net.ParseCIDR(entry); err == nil {
			// CIDR range match
			if parsed != nil && network.Contains(parsed) {
				return true
			}
		} else {
			// Exact IP match only
			if entry == ip {
				return true
			}
		}
	}
	return false
}
Sprachen
Go 46%
JavaScript 45%
Markdown 3.3%
HTML 2.5%
YAML 1.7%
JSON 1.1%
Klonen
HTTPS