mirror of
https://github.com/phishingclub/phishingclub.git
synced 2026-02-12 16:12:44 +00:00
58 lines
1.1 KiB
Go
58 lines
1.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/phishingclub/phishingclub/config"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
func NewAllowIPMiddleware(conf *config.Config, logger *zap.SugaredLogger) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// If no IP restrictions are configured, allow all
|
|
if len(conf.IPSecurity.AdminAllowed) == 0 {
|
|
c.Next()
|
|
return
|
|
}
|
|
c.RemoteIP()
|
|
clientIP := c.ClientIP()
|
|
allowed := false
|
|
for _, allowedIP := range conf.IPSecurity.AdminAllowed {
|
|
// check if the allowed entry is a CIDR
|
|
if strings.Contains(allowedIP, "/") {
|
|
_, ipNet, err := net.ParseCIDR(allowedIP)
|
|
if err != nil {
|
|
logger.Errorw("Invalid CIDR in allowed IPs",
|
|
"cidr", allowedIP,
|
|
"error", err)
|
|
continue
|
|
}
|
|
|
|
ip := net.ParseIP(clientIP)
|
|
if ipNet.Contains(ip) {
|
|
allowed = true
|
|
break
|
|
}
|
|
} else {
|
|
// Direct IP comparison
|
|
if clientIP == allowedIP {
|
|
allowed = true
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
if !allowed {
|
|
logger.Infow("blocked unauthorized IP access attempt",
|
|
"ip", clientIP)
|
|
c.AbortWithStatus(http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|