guard/guard.go

124 lines
2.5 KiB
Go
Raw Permalink Normal View History

2021-11-19 06:35:53 +00:00
package guard
import (
2021-11-19 07:08:51 +00:00
"bufio"
2021-11-19 06:35:53 +00:00
"encoding/base64"
2021-11-19 07:08:51 +00:00
"errors"
2021-11-19 06:35:53 +00:00
"fmt"
"net"
"net/http"
"time"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
)
type Guard struct {
AllowIPGlob string `json:"allow_ip_glob"`
AllowIPNet *net.IPNet `json:"allow_ipnet"`
basicAuth string
}
func New() *Guard {
return &Guard{}
}
func (g *Guard) SetBasicAuth(user, pass string) {
src := user + ":" + pass
g.basicAuth = "Basic " + base64.URLEncoding.EncodeToString([]byte(src))
}
type responseWriter struct {
http.ResponseWriter
StatueCode int
err string
}
2021-11-19 07:08:51 +00:00
func (w *responseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
h, ok := w.ResponseWriter.(http.Hijacker)
if !ok {
return nil, nil, errors.New("hijack not supported")
}
return h.Hijack()
}
2021-11-19 06:35:53 +00:00
func (w *responseWriter) WriteHeader(statusCode int) {
if w.StatueCode != 0 {
return
}
w.StatueCode = statusCode
w.ResponseWriter.WriteHeader(statusCode)
}
func (w *responseWriter) Write(body []byte) (int, error) {
if w.StatueCode >= 500 {
w.err = string(body)
}
if w.StatueCode == 0 {
w.WriteHeader(200)
}
return w.ResponseWriter.Write(body)
}
func (g *Guard) Guard(next http.Handler) http.Handler {
l := log.With().Str("mod", "guard").Logger()
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now()
rw := &responseWriter{w, 0, ""}
ip := GetIP(r)
defer func() {
var cl *zerolog.Event
err := recover()
if err != nil {
cl = l.Error()
switch v := err.(type) {
case Error:
rw.WriteHeader(v.Code)
JSON(rw, v)
cl.Err(v)
case error:
rw.WriteHeader(500)
rw.Write([]byte(v.Error()))
cl.Err(v)
default:
rw.WriteHeader(500)
rw.Write([]byte(fmt.Sprint(err)))
cl.Str("error", fmt.Sprint(err))
}
} else if rw.StatueCode >= 500 {
cl = l.Error().Str("error", rw.err)
} else {
cl = l.Info()
}
cl.
Str("method", r.Method).
Str("ip", ip).
Int("status", rw.StatueCode).
Dur("duration", time.Since(start)).
Stringer("url", r.URL).
Msg("")
}()
// guard
if g.AllowIPNet != nil && !g.AllowIPNet.Contains(net.ParseIP(ip)) {
panic(ErrorForbidden)
}
if g.AllowIPGlob != "" && MatchIPGlob(ip, g.AllowIPGlob) {
panic(ErrorForbidden)
}
if g.basicAuth != "" {
auth := r.Header.Get("Authorization")
if auth != g.basicAuth {
rw.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
rw.WriteHeader(http.StatusUnauthorized)
rw.Write([]byte("Unauthorized"))
}
}
next.ServeHTTP(rw, r)
})
}
// func