This commit is contained in:
49
main.go
49
main.go
@@ -125,6 +125,28 @@ func main() {
|
||||
http.ListenAndServe(":8080", nil)
|
||||
}
|
||||
|
||||
func clientIPFromHeaders(r *http.Request) (netip.Addr, error) {
|
||||
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
|
||||
parts := strings.Split(xff, ",")
|
||||
s := strings.TrimSpace(parts[0])
|
||||
if a, err := netip.ParseAddr(s); err == nil {
|
||||
return a.Unmap(), nil
|
||||
}
|
||||
}
|
||||
if xr := r.Header.Get("X-Real-Ip"); xr != "" {
|
||||
if a, err := netip.ParseAddr(strings.TrimSpace(xr)); err == nil {
|
||||
return a.Unmap(), nil
|
||||
}
|
||||
}
|
||||
host, _, err := net.SplitHostPort(r.RemoteAddr)
|
||||
if err == nil {
|
||||
if a, err := netip.ParseAddr(host); err == nil {
|
||||
return a.Unmap(), nil
|
||||
}
|
||||
}
|
||||
return netip.Addr{}, fmt.Errorf("cannot determine client ip")
|
||||
}
|
||||
|
||||
func updateBlocklistMetrics() {
|
||||
var rdb = redis.NewClient(&redis.Options{
|
||||
Addr: os.Getenv("REDIS_ADDR"),
|
||||
@@ -382,47 +404,48 @@ func handleCheck(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Check-Handler
|
||||
func handleTraefik(w http.ResponseWriter, r *http.Request) {
|
||||
var rdb = redis.NewClient(&redis.Options{
|
||||
rdb := redis.NewClient(&redis.Options{
|
||||
Addr: os.Getenv("REDIS_ADDR"),
|
||||
DB: 0,
|
||||
Username: os.Getenv("REDIS_USER"),
|
||||
Password: os.Getenv("REDIS_PASS"),
|
||||
})
|
||||
|
||||
checkRequests.Inc()
|
||||
ipStr := r.Header.Get("X-Forwarded-For")
|
||||
if ipStr == "" {
|
||||
ipStr = r.RemoteAddr
|
||||
}
|
||||
ip, err := netip.ParseAddr(ipStr)
|
||||
|
||||
ip, err := clientIPFromHeaders(r)
|
||||
if err != nil {
|
||||
http.Error(w, "invalid IP", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
var cats []string
|
||||
for a := range blocklistURLs {
|
||||
cats = append(cats, a)
|
||||
// Kategorien dynamisch aus blocklistURLs
|
||||
cats := make([]string, 0, len(blocklistURLs))
|
||||
for c := range blocklistURLs {
|
||||
cats = append(cats, c)
|
||||
}
|
||||
|
||||
//cats := []string{"firehol", "bitwire", "RU", "CN"}
|
||||
matches, err := checkIP(ip, cats)
|
||||
if err != nil {
|
||||
http.Error(w, "server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if len(matches) > 0 {
|
||||
checkBlocked.Inc()
|
||||
} else {
|
||||
|
||||
// Whitelist check (wie gehabt)
|
||||
if len(matches) == 0 {
|
||||
wl, _ := rdb.Exists(ctx, "wl:"+ip.String()).Result()
|
||||
if wl > 0 {
|
||||
checkWhitelist.Inc()
|
||||
}
|
||||
}
|
||||
|
||||
if len(matches) > 0 {
|
||||
checkBlocked.Inc()
|
||||
http.Error(w, "blocked", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
_, _ = w.Write([]byte("OK"))
|
||||
}
|
||||
|
||||
// Check-Logik
|
||||
|
||||
Reference in New Issue
Block a user