-
Notifications
You must be signed in to change notification settings - Fork 60
/
cidr_restrictions.go
101 lines (86 loc) · 2.48 KB
/
cidr_restrictions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package config
import (
"net"
"golang.ngrok.com/ngrok/internal/pb"
)
// Restrictions placed on the origin of incoming connections to the edge.
type cidrRestrictions struct {
// Rejects connections that do not match the given CIDRs
Allowed []string
// Rejects connections that match the given CIDRs and allows all other CIDRs.
Denied []string
}
// Add the provided CIDRS to the [CIDRRestriction].Allowed list.
//
// https://ngrok.com/docs/http/ip-restrictions/
func WithAllowCIDRString(cidr ...string) interface {
HTTPEndpointOption
TCPEndpointOption
TLSEndpointOption
} {
return &cidrRestrictions{Allowed: cidr}
}
// Add the provided [net.IPNet] to the [CIDRRestriction].Allowed list.
//
// https://ngrok.com/docs/http/ip-restrictions/
func WithAllowCIDR(net ...*net.IPNet) interface {
HTTPEndpointOption
TCPEndpointOption
TLSEndpointOption
} {
cidrStrings := make([]string, 0, len(net))
for _, n := range net {
cidrStrings = append(cidrStrings, n.String())
}
return &cidrRestrictions{Allowed: cidrStrings}
}
// Add the provided CIDRS to the [CIDRRestriction].Denied list.
//
// https://ngrok.com/docs/http/ip-restrictions/
func WithDenyCIDRString(cidr ...string) interface {
HTTPEndpointOption
TCPEndpointOption
TLSEndpointOption
} {
return cidrRestrictions{Denied: cidr}
}
// Add the provided [net.IPNet] to the [CIDRRestriction].Denied list.
//
// https://ngrok.com/docs/http/ip-restrictions/
func WithDenyCIDR(net ...*net.IPNet) interface {
HTTPEndpointOption
TCPEndpointOption
TLSEndpointOption
} {
cidrStrings := make([]string, 0, len(net))
for _, n := range net {
cidrStrings = append(cidrStrings, n.String())
}
return cidrRestrictions{Denied: cidrStrings}
}
func (base *cidrRestrictions) merge(set cidrRestrictions) *cidrRestrictions {
if base == nil {
base = &cidrRestrictions{}
}
base.Allowed = append(base.Allowed, set.Allowed...)
base.Denied = append(base.Denied, set.Denied...)
return base
}
func (ir *cidrRestrictions) toProtoConfig() *pb.MiddlewareConfiguration_IPRestriction {
if ir == nil {
return nil
}
return &pb.MiddlewareConfiguration_IPRestriction{
AllowCidrs: ir.Allowed,
DenyCidrs: ir.Denied,
}
}
func (opt cidrRestrictions) ApplyHTTP(opts *httpOptions) {
opts.CIDRRestrictions = opts.CIDRRestrictions.merge(opt)
}
func (opt cidrRestrictions) ApplyTCP(opts *tcpOptions) {
opts.CIDRRestrictions = opts.CIDRRestrictions.merge(opt)
}
func (opt cidrRestrictions) ApplyTLS(opts *tlsOptions) {
opts.CIDRRestrictions = opts.CIDRRestrictions.merge(opt)
}