mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-11-30 09:16:52 +02:00
64ae31b5a0
* Implements --ip-whitelist option * Included IPWhitelist option to allow one-or-more selected CIDR ranges to bypass OAuth2 authentication. * Adds IPWhitelist, a fast lookup table for multiple CIDR ranges. * Renamed IPWhitelist ipCIDRSet * Fixed unessesary pointer usage in ipCIDRSet * Update CHANGELOG.md * Update CHANGELOG.md * Updated to not use err.Error() in printf statements * Imrpoved language for --ip-whitelist descriptions. * Improve IP whitelist options error messages * Clarify options single-host normalization * Wrote a book about ipCIDRSet * Added comment to IsWhitelistedIP in oauthproxy.go * Rewrite oauthproxy test case as table driven * oops * Support whitelisting by low-level remote address * Added more test-cases, improved descriptions * Move ip_cidr_set.go to pkg/ip/net_set.go * Add more whitelist test use cases. * Oops * Use subtests for TestIPWhitelist * Add minimal tests for ip.NetSet * Use switch statment * Renamed ip-whitelist to whitelist-ip * Update documentation with a warning. * Update pkg/apis/options/options.go * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/ip/net_set_test.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/ip/net_set_test.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Update pkg/ip/net_set_test.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * fix fmt * Move ParseIPNet into abstraction * Add warning in case of --reverse-proxy * Update pkg/validation/options_test.go * Rename --whitelist-ip to --trusted-ip * Update oauthproxy.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * fix Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
40 lines
556 B
Go
40 lines
556 B
Go
package ip
|
|
|
|
import (
|
|
"net"
|
|
"strings"
|
|
)
|
|
|
|
func ParseIPNet(s string) *net.IPNet {
|
|
if !strings.ContainsRune(s, '/') {
|
|
ip := net.ParseIP(s)
|
|
if ip == nil {
|
|
return nil
|
|
}
|
|
|
|
var mask net.IPMask
|
|
switch {
|
|
case ip.To4() != nil:
|
|
mask = net.CIDRMask(32, 32)
|
|
case ip.To16() != nil:
|
|
mask = net.CIDRMask(128, 128)
|
|
default:
|
|
return nil
|
|
}
|
|
|
|
return &net.IPNet{
|
|
IP: ip,
|
|
Mask: mask,
|
|
}
|
|
}
|
|
|
|
switch ip, ipNet, err := net.ParseCIDR(s); {
|
|
case err != nil:
|
|
return nil
|
|
case !ipNet.IP.Equal(ip):
|
|
return nil
|
|
default:
|
|
return ipNet
|
|
}
|
|
}
|