diff options
Diffstat (limited to 'deprecated-webircgateway/pkg/webircgateway/gateway_utils.go')
| -rw-r--r-- | deprecated-webircgateway/pkg/webircgateway/gateway_utils.go | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/deprecated-webircgateway/pkg/webircgateway/gateway_utils.go b/deprecated-webircgateway/pkg/webircgateway/gateway_utils.go deleted file mode 100644 index 4b2a38d..0000000 --- a/deprecated-webircgateway/pkg/webircgateway/gateway_utils.go +++ /dev/null @@ -1,133 +0,0 @@ -package webircgateway - -import ( - "errors" - "math/rand" - "net" - "net/http" - "strings" -) - -var v4LoopbackAddr = net.ParseIP("127.0.0.1") - -func (s *Gateway) NewClient() *Client { - return NewClient(s) -} - -func (s *Gateway) IsClientOriginAllowed(originHeader string) bool { - // Empty list of origins = all origins allowed - if len(s.Config.RemoteOrigins) == 0 { - return true - } - - // No origin header = running on the same page - if originHeader == "" { - return true - } - - foundMatch := false - - for _, originMatch := range s.Config.RemoteOrigins { - if originMatch.Match(originHeader) { - foundMatch = true - break - } - } - - return foundMatch -} - -func (s *Gateway) isIrcAddressAllowed(addr string) bool { - // Empty whitelist = all destinations allowed - if len(s.Config.GatewayWhitelist) == 0 { - return true - } - - foundMatch := false - - for _, addrMatch := range s.Config.GatewayWhitelist { - if addrMatch.Match(addr) { - foundMatch = true - break - } - } - - return foundMatch -} - -func (s *Gateway) findUpstream() (ConfigUpstream, error) { - var ret ConfigUpstream - - if len(s.Config.Upstreams) == 0 { - return ret, errors.New("No upstreams available") - } - - randIdx := rand.Intn(len(s.Config.Upstreams)) - ret = s.Config.Upstreams[randIdx] - - return ret, nil -} - -func (s *Gateway) findWebircPassword(ircHost string) string { - pass, exists := s.Config.GatewayWebircPassword[strings.ToLower(ircHost)] - if !exists { - pass = "" - } - - return pass -} - -func (s *Gateway) GetRemoteAddressFromRequest(req *http.Request) net.IP { - remoteIP := remoteIPFromRequest(req) - - // If the remoteIP is not in a whitelisted reverse proxy range, don't trust - // the headers and use the remoteIP as the users IP - if !s.isTrustedProxy(remoteIP) { - return remoteIP - } - - headerVal := req.Header.Get("x-forwarded-for") - ips := strings.Split(headerVal, ",") - ipStr := strings.Trim(ips[0], " ") - if ipStr != "" { - ip := net.ParseIP(ipStr) - if ip != nil { - remoteIP = ip - } - } - - return remoteIP - -} - -func (s *Gateway) isRequestSecure(req *http.Request) bool { - remoteIP := remoteIPFromRequest(req) - - // If the remoteIP is not in a whitelisted reverse proxy range, don't trust - // the headers and check the request directly - if !s.isTrustedProxy(remoteIP) { - return req.TLS != nil - } - - fwdProto := req.Header.Get("x-forwarded-proto") - return strings.EqualFold(fwdProto, "https") -} - -func (s *Gateway) isTrustedProxy(remoteIP net.IP) bool { - for _, cidrRange := range s.Config.ReverseProxies { - if cidrRange.Contains(remoteIP) { - return true - } - } - return false -} - -func remoteIPFromRequest(req *http.Request) net.IP { - if req.RemoteAddr == "@" { - // remote address is unix socket, treat it as loopback interface - return v4LoopbackAddr - } - - remoteAddr, _, _ := net.SplitHostPort(req.RemoteAddr) - return net.ParseIP(remoteAddr) -} |