Merge pull request #180 from NicolasConstant/topic_whitelist-ips
Topic whitelist ips
This commit is contained in:
commit
2542258ce4
|
@ -51,6 +51,7 @@ If both whitelisting and blacklisting are set, only the whitelisting will be act
|
|||
* `Instance:FailingTwitterUserCleanUpThreshold` (default: 700) set the max allowed errors (due to a banned/deleted/private account) from a Twitter Account retrieval before auto-removal. (by default an account is called every 15 mins)
|
||||
* `Instance:FailingFollowerCleanUpThreshold` (default: 30000) set the max allowed errors from a Follower (Fediverse) Account before auto-removal. (often due to account suppression, instance issues, etc)
|
||||
* `Instance:UserCacheCapacity` (default: 10000) set the caching limit of the Twitter User retrieval. Must be higher than the number of synchronized accounts on the instance.
|
||||
* `Instance:IpWhiteListing` IP Whitelisting (separated by `;`), prevent usage of the instance from other IPs than those provided (if provided).
|
||||
|
||||
# Docker Compose full example
|
||||
|
||||
|
|
|
@ -16,5 +16,6 @@
|
|||
public int FailingFollowerCleanUpThreshold { get; set; } = -1;
|
||||
|
||||
public int UserCacheCapacity { get; set; }
|
||||
public string IpWhiteListing { get; set; }
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
using BirdsiteLive.Common.Settings;
|
||||
using BirdsiteLive.Domain.Tools;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace BirdsiteLive.Middlewares
|
||||
{
|
||||
public class IpWhitelistingMiddleware
|
||||
{
|
||||
private readonly RequestDelegate _next;
|
||||
private readonly ILogger<IpWhitelistingMiddleware> _logger;
|
||||
private readonly byte[][] _safelist;
|
||||
private readonly bool _ipWhitelistingSet;
|
||||
|
||||
public IpWhitelistingMiddleware(
|
||||
RequestDelegate next,
|
||||
ILogger<IpWhitelistingMiddleware> logger,
|
||||
InstanceSettings instanceSettings)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(instanceSettings.IpWhiteListing))
|
||||
{
|
||||
var ips = PatternsParser.Parse(instanceSettings.IpWhiteListing);
|
||||
_safelist = new byte[ips.Length][];
|
||||
for (var i = 0; i < ips.Length; i++)
|
||||
{
|
||||
_safelist[i] = IPAddress.Parse(ips[i]).GetAddressBytes();
|
||||
}
|
||||
_ipWhitelistingSet = true;
|
||||
}
|
||||
|
||||
_next = next;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
public async Task Invoke(HttpContext context)
|
||||
{
|
||||
if (_ipWhitelistingSet)
|
||||
{
|
||||
var remoteIp = context.Connection.RemoteIpAddress;
|
||||
_logger.LogDebug("Request from Remote IP address: {RemoteIp}", remoteIp);
|
||||
|
||||
var bytes = remoteIp.GetAddressBytes();
|
||||
var badIp = true;
|
||||
foreach (var address in _safelist)
|
||||
{
|
||||
if (address.SequenceEqual(bytes))
|
||||
{
|
||||
badIp = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (badIp)
|
||||
{
|
||||
_logger.LogWarning("Forbidden Request from Remote IP address: {RemoteIp}", remoteIp);
|
||||
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
await _next.Invoke(context);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -8,6 +8,7 @@ using BirdsiteLive.Common.Structs;
|
|||
using BirdsiteLive.DAL.Contracts;
|
||||
using BirdsiteLive.DAL.Postgres.DataAccessLayers;
|
||||
using BirdsiteLive.DAL.Postgres.Settings;
|
||||
using BirdsiteLive.Middlewares;
|
||||
using BirdsiteLive.Models;
|
||||
using BirdsiteLive.Twitter;
|
||||
using BirdsiteLive.Twitter.Tools;
|
||||
|
@ -18,6 +19,7 @@ using Microsoft.AspNetCore.HttpsPolicy;
|
|||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Hosting;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace BirdsiteLive
|
||||
{
|
||||
|
@ -132,6 +134,9 @@ namespace BirdsiteLive
|
|||
|
||||
app.UseAuthorization();
|
||||
|
||||
var instanceSettings = Configuration.GetSection("Instance").Get<InstanceSettings>();
|
||||
app.UseMiddleware<IpWhitelistingMiddleware>(instanceSettings);
|
||||
|
||||
app.UseEndpoints(endpoints =>
|
||||
{
|
||||
endpoints.MapControllerRoute(
|
||||
|
|
Loading…
Reference in New Issue