Dont redirect private IPs and localhost

2018-12-17 12:45:33 +01:00 · 2018-12-17 12:45:33 +01:00 · fc643483be
commit fc643483be
parent 6c3a5777c4
2 changed files with 50 additions and 5 deletions
--- a/pkg/netutil/netutil.go
+++ b/pkg/netutil/netutil.go
@ -0,0 +1,40 @@
+package netutil
+
+import "net"
+
+var privateNets []*net.IPNet
+
+func init() {
+	for _, cidr := range []string{
+		"127.0.0.0/8",
+		"10.0.0.0/8",
+		"172.16.0.0/12",
+		"192.168.0.0/16",
+		"::1/128",
+		"fe80::/10",
+		"fc00::/7",
+	} {
+		_, network, _ := net.ParseCIDR(cidr)
+		privateNets = append(privateNets, network)
+	}
+}
+
+func IsPrivate(host string) bool {
+	if host == "localhost" {
+		return true
+	}
+	return IsPrivateIP(net.ParseIP(host))
+}
+
+func IsPrivateIP(ip net.IP) bool {
+	if ip == nil {
+		return false
+	}
+
+	for _, privateNet := range privateNets {
+		if privateNet.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
--- a/server/server.go
+++ b/server/server.go
@ -12,6 +12,7 @@ import (

 	"github.com/gorilla/websocket"
 	"github.com/khlieng/dispatch/config"
+	"github.com/khlieng/dispatch/pkg/netutil"
 	"github.com/khlieng/dispatch/pkg/session"
 	"github.com/khlieng/dispatch/storage"
 	"github.com/mholt/certmagic"
@ -152,7 +153,7 @@ func (d *Dispatch) startHTTP() {
 			Handler:           d,
 		}

-		redirect := createHTTPSRedirect(cfg.HTTPS.Port)
+		redirect := createHTTPSRedirect(cfg.HTTPS.Port, d)

 		if d.certExists() {
 			httpSrv.Handler = redirect
@ -206,7 +207,6 @@ func (d *Dispatch) startHTTP() {
 		httpSrv.IdleTimeout = 120 * time.Second
 		httpSrv.Handler = d

-		log.Println(httpSrv.Addr)
 		log.Println("[HTTP] Listening on port", port)
 		log.Fatal(httpSrv.ListenAndServe())
 	}
@ -258,13 +258,18 @@ func (d *Dispatch) upgradeWS(w http.ResponseWriter, r *http.Request, state *Stat
 	newWSHandler(conn, state, r).run()
 }

-func createHTTPSRedirect(portHTTPS string) http.HandlerFunc {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+func createHTTPSRedirect(portHTTPS string, fallback http.Handler) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
 		host, _, err := net.SplitHostPort(r.Host)
 		if err != nil {
 			host = r.Host
 		}

+		if netutil.IsPrivate(host) {
+			fallback.ServeHTTP(w, r)
+			return
+		}
+
 		u := url.URL{
 			Scheme: "https",
 			Host:   net.JoinHostPort(host, portHTTPS),
@ -274,7 +279,7 @@ func createHTTPSRedirect(portHTTPS string) http.HandlerFunc {
 		w.Header().Set("Connection", "close")
 		w.Header().Set("Location", u.String())
 		w.WriteHeader(http.StatusMovedPermanently)
-	})
+	}
 }

 func fail(w http.ResponseWriter, code int) {