diff --git a/src/tyt/config.go b/src/tyt/config.go new file mode 100644 index 0000000..9f299c8 --- /dev/null +++ b/src/tyt/config.go @@ -0,0 +1,31 @@ +package main + +import ( + "net" + + "github.com/spf13/viper" +) + +var whiteIPList = make([]net.IP, 0) + +func initConfig() { + a := viper.GetStringSlice("white_ip_list") + if len(a) > 0 { + for _, s := range a { + ip := net.ParseIP(s) + whiteIPList = append(whiteIPList, ip) + } + } +} + +func isWhiteIP(ip net.IP) bool { + if len(whiteIPList) == 0 { + return true + } + for _, t := range whiteIPList { + if t.String() == ip.String() { + return true + } + } + return false +} diff --git a/src/tyt/main.go b/src/tyt/main.go index 29fdbec..0fd65ef 100644 --- a/src/tyt/main.go +++ b/src/tyt/main.go @@ -21,6 +21,8 @@ func main() { panic(fmt.Errorf("Fatal error config file: %s \n", err)) } + initConfig() + // Open the data.db file. It will be created if it doesn't exist. db, err := buntdb.Open("data.db") if err != nil { diff --git a/src/tyt/presense.go b/src/tyt/presense.go index 426b9bf..efad9a8 100644 --- a/src/tyt/presense.go +++ b/src/tyt/presense.go @@ -17,7 +17,11 @@ func initPresenceAPI(db *buntdb.DB) { return } - // TODO block by X-Real-IP + // IP filter + if !isWhiteIP(realIP(ctx)) { + ctx.EmitError(iris.StatusUnauthorized) + return + } input := &struct { SpectacleID string `json:"spectacle_id"` diff --git a/src/tyt/util.go b/src/tyt/util.go index ab4431b..a02e8c6 100644 --- a/src/tyt/util.go +++ b/src/tyt/util.go @@ -2,6 +2,7 @@ package main import ( "fmt" + "net" "github.com/kataras/iris" "github.com/tidwall/buntdb" @@ -69,3 +70,14 @@ func sendError(ctx *iris.Context, err error) { // TODO classify errors ctx.Error(err.Error(), 404) } + +func realIP(ctx *iris.Context) net.IP { + ip := ctx.RemoteIP() + fmt.Printf("RemoteIP: %s\n", ip.String()) + b := ctx.Request.Header.Peek("X-Real-IP") + if b != nil && len(b) > 0 { + fmt.Printf("X-Real-IP: %s\n", string(b)) + return net.ParseIP(string(b)) + } + return ip +}