-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#1400 Manage multiple patterns for allowed/blocked IPs via Security O…
…ptions config section (#1399) * Add IpAddressRange package and manage multiple pattern in order to allow or block ip addresses * Update SecurityOptions.cs * Update FileSecurityOptions.cs * Fix Issues * Update routing.rst Fix typos and mistakes in the Security Options paragraph * Update FileSecurityOptions.cs Add developer's XML docs with description from #1400 * Update configuration.rst * Update docs with License Reference * SecurityOptions init moved to SecurityOptionsCreator * Update unit test * SecurityOptionsCreator: File-scoped namespace declaration * Fix SA1312: Variable 'xxx' should begin with lower-case letter * Remove using alias and make logical reference to the package * Fix SA1609: Property documentation should have value * FileSecurityOptions: File-scoped namespace declaration * Fix SA1135: Using directive for namespace 'Ocelot.Responses' should be qualified. Sort usings. Convert to file-scoped namespace. * Fix test code style * Refactor SecurityOptions * FileSecurityOptions: Add constructors * Refactor SecurityOptions: Add constructors * Using constructors for SecurityOptions creation, not initialization * Fix unit test after latest infrastructure updates * Convert to block scoped namespace * Update IPAddressRange to v.6.0.0 * Update src/Ocelot/Configuration/Creator/SecurityOptionsCreator.cs Co-authored-by: Raynald Messié <redbird_project@yahoo.fr> * Revert "Update src/Ocelot/Configuration/Creator/SecurityOptionsCreator.cs" This reverts commit a77a30e. * Update comment con IPAddressRange reference * Use Select<IPAddress, string> instead of AsEnumerable * Remove and Sort Usings --------- Co-authored-by: Fabrizio Mancin <fabrizio.mancin@esprinet.com> Co-authored-by: Raman Maksimchuk <10501504+raman-m@users.noreply.github.com> Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com> Co-authored-by: Raynald Messié <redbird_project@yahoo.fr>
- Loading branch information
1 parent
cc0b9b8
commit 5dbbbef
Showing
7 changed files
with
444 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 29 additions & 2 deletions
31
src/Ocelot/Configuration/Creator/SecurityOptionsCreator.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,39 @@ | ||
using Ocelot.Configuration.File; | ||
using NetTools; // <PackageReference Include="IPAddressRange" Version="6.0.0" /> | ||
using Ocelot.Configuration.File; | ||
|
||
namespace Ocelot.Configuration.Creator | ||
{ | ||
public class SecurityOptionsCreator : ISecurityOptionsCreator | ||
{ | ||
public SecurityOptions Create(FileSecurityOptions securityOptions) | ||
{ | ||
return new SecurityOptions(securityOptions.IPAllowedList, securityOptions.IPBlockedList); | ||
var ipAllowedList = new List<string>(); | ||
var ipBlockedList = new List<string>(); | ||
|
||
foreach (var allowed in securityOptions.IPAllowedList) | ||
{ | ||
if (IPAddressRange.TryParse(allowed, out var allowedIpAddressRange)) | ||
{ | ||
var allowedIps = allowedIpAddressRange.Select<IPAddress, string>(x => x.ToString()); | ||
ipAllowedList.AddRange(allowedIps); | ||
} | ||
} | ||
|
||
foreach (var blocked in securityOptions.IPBlockedList) | ||
{ | ||
if (IPAddressRange.TryParse(blocked, out var blockedIpAddressRange)) | ||
{ | ||
var blockedIps = blockedIpAddressRange.Select<IPAddress, string>(x => x.ToString()); | ||
ipBlockedList.AddRange(blockedIps); | ||
} | ||
} | ||
|
||
if (securityOptions.ExcludeAllowedFromBlocked) | ||
{ | ||
ipBlockedList = ipBlockedList.Except(ipAllowedList).ToList(); | ||
} | ||
|
||
return new SecurityOptions(ipAllowedList, ipBlockedList); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,47 @@ | ||
namespace Ocelot.Configuration.File | ||
namespace Ocelot.Configuration.File | ||
{ | ||
public class FileSecurityOptions | ||
{ | ||
public FileSecurityOptions() | ||
{ | ||
IPAllowedList = new List<string>(); | ||
IPBlockedList = new List<string>(); | ||
ExcludeAllowedFromBlocked = false; | ||
} | ||
|
||
public List<string> IPAllowedList { get; set; } | ||
public FileSecurityOptions(string allowedIPs = null, string blockedIPs = null, bool? excludeAllowedFromBlocked = null) | ||
: this() | ||
{ | ||
if (!string.IsNullOrEmpty(allowedIPs)) | ||
{ | ||
IPAllowedList.Add(allowedIPs); | ||
} | ||
|
||
if (!string.IsNullOrEmpty(blockedIPs)) | ||
{ | ||
IPBlockedList.Add(blockedIPs); | ||
} | ||
|
||
ExcludeAllowedFromBlocked = excludeAllowedFromBlocked ?? false; | ||
} | ||
|
||
public FileSecurityOptions(IEnumerable<string> allowedIPs = null, IEnumerable<string> blockedIPs = null, bool? excludeAllowedFromBlocked = null) | ||
: this() | ||
{ | ||
IPAllowedList.AddRange(allowedIPs ?? Enumerable.Empty<string>()); | ||
IPBlockedList.AddRange(blockedIPs ?? Enumerable.Empty<string>()); | ||
ExcludeAllowedFromBlocked = excludeAllowedFromBlocked ?? false; | ||
} | ||
|
||
public List<string> IPAllowedList { get; set; } | ||
public List<string> IPBlockedList { get; set; } | ||
|
||
/// <summary> | ||
/// Provides the ability to specify a wide range of blocked IP addresses and allow a subrange of IP addresses. | ||
/// </summary> | ||
/// <value> | ||
/// Default value: false. | ||
/// </value> | ||
public bool ExcludeAllowedFromBlocked { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.