e2m/dispatch
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Dont redirect private IPs and localhost

Browse Source
This commit is contained in:
Ken-Håvard Lieng 2018-12-17 12:45:33 +01:00
parent 6c3a5777c4
commit fc643483be
2 changed files with 50 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
pkg/netutil/netutil.go Normal file
View File

@ -0,0 +1,40 @@
package netutil
import "net"
var privateNets []*net.IPNet
func init() {
for _, cidr := range []string{
"127.0.0.0/8",
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
"::1/128",
"fe80::/10",
"fc00::/7",
} {
_, network, _ := net.ParseCIDR(cidr)
privateNets = append(privateNets, network)
}
}
func IsPrivate(host string) bool {
if host == "localhost" {
return true
}
return IsPrivateIP(net.ParseIP(host))
}
func IsPrivateIP(ip net.IP) bool {
if ip == nil {
return false
}
for _, privateNet := range privateNets {
if privateNet.Contains(ip) {
return true
}
}
return false
}

15
server/server.go
View File

@ -12,6 +12,7 @@ import (
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"github.com/khlieng/dispatch/config" "github.com/khlieng/dispatch/config"
"github.com/khlieng/dispatch/pkg/netutil"
"github.com/khlieng/dispatch/pkg/session" "github.com/khlieng/dispatch/pkg/session"
"github.com/khlieng/dispatch/storage" "github.com/khlieng/dispatch/storage"
"github.com/mholt/certmagic" "github.com/mholt/certmagic"
@ -152,7 +153,7 @@ func (d *Dispatch) startHTTP() {
Handler: d, Handler: d,
} }
redirect := createHTTPSRedirect(cfg.HTTPS.Port) redirect := createHTTPSRedirect(cfg.HTTPS.Port, d)
if d.certExists() { if d.certExists() {
httpSrv.Handler = redirect httpSrv.Handler = redirect
@ -206,7 +207,6 @@ func (d *Dispatch) startHTTP() {
httpSrv.IdleTimeout = 120 * time.Second httpSrv.IdleTimeout = 120 * time.Second
httpSrv.Handler = d httpSrv.Handler = d
log.Println(httpSrv.Addr)
log.Println("[HTTP] Listening on port", port) log.Println("[HTTP] Listening on port", port)
log.Fatal(httpSrv.ListenAndServe()) log.Fatal(httpSrv.ListenAndServe())
} }
@ -258,13 +258,18 @@ func (d *Dispatch) upgradeWS(w http.ResponseWriter, r *http.Request, state *Stat
newWSHandler(conn, state, r).run() newWSHandler(conn, state, r).run()
} }
func createHTTPSRedirect(portHTTPS string) http.HandlerFunc { func createHTTPSRedirect(portHTTPS string, fallback http.Handler) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
host, _, err := net.SplitHostPort(r.Host) host, _, err := net.SplitHostPort(r.Host)
if err != nil { if err != nil {
host = r.Host host = r.Host
} }
if netutil.IsPrivate(host) {
fallback.ServeHTTP(w, r)
return
}
u := url.URL{ u := url.URL{
Scheme: "https", Scheme: "https",
Host: net.JoinHostPort(host, portHTTPS), Host: net.JoinHostPort(host, portHTTPS),
@ -274,7 +279,7 @@ func createHTTPSRedirect(portHTTPS string) http.HandlerFunc {
w.Header().Set("Connection", "close") w.Header().Set("Connection", "close")
w.Header().Set("Location", u.String()) w.Header().Set("Location", u.String())
w.WriteHeader(http.StatusMovedPermanently) w.WriteHeader(http.StatusMovedPermanently)
}) }
} }
func fail(w http.ResponseWriter, code int) { func fail(w http.ResponseWriter, code int) {