12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- package panelui
- import (
- "context"
- "net"
- "net/http"
- )
- type ctxKey int
- const (
- keyUser = iota
- )
- //HeaderAuth is a Negroni-compatible Middleware
- type HeaderAuth struct {
- AllowedNames []string
- AllowedIPs []net.IP
- RequireUser bool
- }
- func _getSourceIP(req *http.Request) (net.IP, error) {
- ip, _, err := net.SplitHostPort(req.RemoteAddr)
- if err != nil {
- return net.IP{}, err
- }
- userIP := net.ParseIP(ip)
- if userIP == nil {
- return net.IP{}, err
- }
- return userIP, nil
- }
- func (ha HeaderAuth) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
- srcIP, err := _getSourceIP(r)
- if err != nil {
- rw.WriteHeader(501)
- return
- }
- found := false
- if len(ha.AllowedNames) == 0 && len(ha.AllowedIPs) == 0 {
- found = true
- }
- if !found && len(ha.AllowedIPs) > 0 {
- for _, allowedIP := range ha.AllowedIPs {
- if allowedIP.Equal(srcIP) {
- found = true
- break
- }
- }
- }
- if !found && len(ha.AllowedNames) > 0 {
- for _, name := range ha.AllowedNames {
- nameips, err := net.LookupIP(name)
- if err != nil {
- continue
- }
- for _, allowedIP := range nameips {
- if allowedIP.Equal(srcIP) {
- found = true
- break
- }
- }
- }
- }
- user := r.Header.Get("X-Forwarded-User")
- if !found || (ha.RequireUser && user == "") {
- rw.WriteHeader(http.StatusUnauthorized)
- return
- }
- ctx := r.Context()
- ctx = context.WithValue(ctx, keyUser, user)
- next(rw, r.WithContext(ctx))
- return
- }
|