nedifinita
/
bird-looking-glass-proxy
mirror of https://github.com/undef-i/bird-looking-glass-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for the shared_secret field.

This commit is contained in:
undef-i 2023-08-07 23:37:42 +08:00
parent 4ee27b145a
commit 7ab3125daa
5 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -368,7 +368,7 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]] [[package]]
name = "bird-looking-glass-proxy" name = "bird-looking-glass-proxy"
version = "0.0.3" version = "0.0.4"
dependencies = [ dependencies = [
"actix-web", "actix-web",
"birdc", "birdc",

2
Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "bird-looking-glass-proxy" name = "bird-looking-glass-proxy"
version = "0.0.3" version = "0.0.4"
edition = "2021" edition = "2021"
[dependencies] [dependencies]

4
config.toml
View File

@ -1,9 +1,9 @@
bind_ip = "0.0.0.0" bind_ip = "0.0.0.0"
bind_port = 8000 bind_port = 8000
# Used to restrict access to bird-looking-glass-proxy based on source IP address. # Empty = no access restriction.
# Empty list = any IP is allowed to run queries.
access_list = ["127.0.0.1"] access_list = ["127.0.0.1"]
shared_secret = ""
# Used as source address when running traceroute # Used as source address when running traceroute
ipv4_source="198.51.100.42" ipv4_source="198.51.100.42"

15
src/auth.rs
View File

@ -53,11 +53,22 @@ where
Box::pin(async move { Box::pin(async move {
let addr = req.peer_addr().unwrap(); let addr = req.peer_addr().unwrap();
let access_list = &GLOBAL_CONFIG.access_list; let access_list = &GLOBAL_CONFIG.access_list;
if access_list.contains(&addr.ip().to_string()) || access_list.is_empty() { let shared_secret = &GLOBAL_CONFIG.shared_secret;
let provided_shared_secret = req
.headers()
.get("X-Shared-Secret")
.map(|header| header.to_str().unwrap_or_default())
.unwrap_or_default();
if (access_list.is_empty() && shared_secret.is_empty())
|| access_list.contains(&addr.ip().to_string())
|| shared_secret == provided_shared_secret
|| (access_list.is_empty() && shared_secret == provided_shared_secret)
|| (access_list.contains(&addr.ip().to_string()) && shared_secret.is_empty())
{
Ok(svc.call(req).await?) Ok(svc.call(req).await?)
} else { } else {
Err(error::ErrorUnauthorized( Err(error::ErrorUnauthorized(
"Your remote address is not valid!", "You do not have permission to access.",
)) ))
} }
}) })

15
src/main.rs
View File

@ -13,7 +13,20 @@ lazy_static! {
.arg_from_usage("-e, --example 'Export sample config file'") .arg_from_usage("-e, --example 'Export sample config file'")
.get_matches(); .get_matches();
if matches.is_present("example") { if matches.is_present("example") {
println!("bind_ip = \"0.0.0.0\"\nbind_port = 8000\n\n# Used to restrict access to bird-looking-glass-proxy based on source IP address.\n# Empty list = any IP is allowed to run queries.\naccess_list = [\"127.0.0.1\"]\n\n# Used as source address when running traceroute\nipv4_source=\"198.51.100.42\"\nipv6_source=\"2001:db8:42::1\"\n\nbird_socket=\"/var/run/bird/bird.ctl\"\nbird6_socket=\"/var/run/bird/bird6.ctl\""); println!("bind_ip = \"0.0.0.0\"
bind_port = 8000
# Empty = no access restriction.
access_list = [\"127.0.0.1\"]
shared_secret = \"\"
# Used as source address when running traceroute
ipv4_source=\"198.51.100.42\"
ipv6_source=\"2001:db8:42::1\"
bird_socket=\"/var/run/bird/bird.ctl\"
bird6_socket=\"/var/run/bird/bird6.ctl\"");
std::process::exit(0); std::process::exit(0);
} }
config::Config::new(matches.value_of("config").unwrap_or("config.toml")) config::Config::new(matches.value_of("config").unwrap_or("config.toml"))