IP filter (issue #13)

src/tyt/config.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"net"
+
+	"github.com/spf13/viper"
+)
+
+var whiteIPList = make([]net.IP, 0)
+
+func initConfig() {
+	a := viper.GetStringSlice("white_ip_list")
+	if len(a) > 0 {
+		for _, s := range a {
+			ip := net.ParseIP(s)
+			whiteIPList = append(whiteIPList, ip)
+		}
+	}
+}
+
+func isWhiteIP(ip net.IP) bool {
+	if len(whiteIPList) == 0 {
+		return true
+	}
+	for _, t := range whiteIPList {
+		if t.String() == ip.String() {
+			return true
+		}
+	}
+	return false
+}

src/tyt/main.go

@@ -21,6 +21,8 @@ func main() {
 		panic(fmt.Errorf("Fatal error config file: %s \n", err))
 	}
 
+	initConfig()
+
 	// Open the data.db file. It will be created if it doesn't exist.
 	db, err := buntdb.Open("data.db")
 	if err != nil {

src/tyt/presense.go

@@ -17,7 +17,11 @@ func initPresenceAPI(db *buntdb.DB) {
 			return
 		}
 
-		// TODO block by X-Real-IP
+		// IP filter
+		if !isWhiteIP(realIP(ctx)) {
+			ctx.EmitError(iris.StatusUnauthorized)
+			return
+		}
 
 		input := &struct {
 			SpectacleID string `json:"spectacle_id"`

src/tyt/util.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"net"
 
 	"github.com/kataras/iris"
 	"github.com/tidwall/buntdb"
@@ -69,3 +70,14 @@ func sendError(ctx *iris.Context, err error) {
 	// TODO classify errors
 	ctx.Error(err.Error(), 404)
 }
+
+func realIP(ctx *iris.Context) net.IP {
+	ip := ctx.RemoteIP()
+	fmt.Printf("RemoteIP: %s\n", ip.String())
+	b := ctx.Request.Header.Peek("X-Real-IP")
+	if b != nil && len(b) > 0 {
+		fmt.Printf("X-Real-IP: %s\n", string(b))
+		return net.ParseIP(string(b))
+	}
+	return ip
+}