use global valid_cidr_range everywhere else
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry
June
parent
22bebb9b74
commit
acbe3bfbda
2 changed files with 11 additions and 53 deletions
|
|
@ -692,20 +692,8 @@ async fn download_html(client: &reqwest::Client, url: &str) -> Result<UrlPreview
|
||||||
|
|
||||||
async fn request_url_preview(url: &str) -> Result<UrlPreviewData> {
|
async fn request_url_preview(url: &str) -> Result<UrlPreviewData> {
|
||||||
if let Ok(ip) = IPAddress::parse(url) {
|
if let Ok(ip) = IPAddress::parse(url) {
|
||||||
let cidr_ranges_s = services().globals.ip_range_denylist().to_vec();
|
if !services().globals.valid_cidr_range(&ip) {
|
||||||
let mut cidr_ranges: Vec<IPAddress> = Vec::new();
|
return Err(Error::BadServerResponse("Requesting from this address is forbidden"));
|
||||||
|
|
||||||
for cidr in cidr_ranges_s {
|
|
||||||
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
|
|
||||||
}
|
|
||||||
|
|
||||||
for cidr in cidr_ranges {
|
|
||||||
if cidr.includes(&ip) {
|
|
||||||
return Err(Error::BadRequest(
|
|
||||||
ErrorKind::forbidden(),
|
|
||||||
"Requesting from this address is forbidden",
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -714,20 +702,8 @@ async fn request_url_preview(url: &str) -> Result<UrlPreviewData> {
|
||||||
|
|
||||||
if let Some(remote_addr) = response.remote_addr() {
|
if let Some(remote_addr) = response.remote_addr() {
|
||||||
if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) {
|
if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) {
|
||||||
let cidr_ranges_s = services().globals.ip_range_denylist().to_vec();
|
if !services().globals.valid_cidr_range(&ip) {
|
||||||
let mut cidr_ranges: Vec<IPAddress> = Vec::new();
|
return Err(Error::BadServerResponse("Requesting from this address is forbidden"));
|
||||||
|
|
||||||
for cidr in cidr_ranges_s {
|
|
||||||
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
|
|
||||||
}
|
|
||||||
|
|
||||||
for cidr in cidr_ranges {
|
|
||||||
if cidr.includes(&ip) {
|
|
||||||
return Err(Error::BadRequest(
|
|
||||||
ErrorKind::forbidden(),
|
|
||||||
"Requesting from this address is forbidden",
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ use ruma::{
|
||||||
serde::Raw,
|
serde::Raw,
|
||||||
uint, RoomId, UInt, UserId,
|
uint, RoomId, UInt, UserId,
|
||||||
};
|
};
|
||||||
use tracing::{debug, info, warn};
|
use tracing::{info, trace, warn};
|
||||||
|
|
||||||
use crate::{services, Error, PduEvent, Result};
|
use crate::{services, Error, PduEvent, Result};
|
||||||
|
|
||||||
|
|
@ -66,19 +66,10 @@ impl Service {
|
||||||
let url = reqwest_request.url().clone();
|
let url = reqwest_request.url().clone();
|
||||||
|
|
||||||
if let Some(url_host) = url.host_str() {
|
if let Some(url_host) = url.host_str() {
|
||||||
debug!("Checking request URL for IP");
|
trace!("Checking request URL for IP");
|
||||||
if let Ok(ip) = IPAddress::parse(url_host) {
|
if let Ok(ip) = IPAddress::parse(url_host) {
|
||||||
let cidr_ranges_s = services().globals.ip_range_denylist().to_vec();
|
if !services().globals.valid_cidr_range(&ip) {
|
||||||
let mut cidr_ranges: Vec<IPAddress> = Vec::new();
|
return Err(Error::BadServerResponse("Not allowed to send requests to this IP"));
|
||||||
|
|
||||||
for cidr in cidr_ranges_s {
|
|
||||||
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
|
|
||||||
}
|
|
||||||
|
|
||||||
for cidr in cidr_ranges {
|
|
||||||
if cidr.includes(&ip) {
|
|
||||||
return Err(Error::BadServerResponse("Not allowed to send requests to this IP"));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -94,20 +85,11 @@ impl Service {
|
||||||
Ok(mut response) => {
|
Ok(mut response) => {
|
||||||
// reqwest::Response -> http::Response conversion
|
// reqwest::Response -> http::Response conversion
|
||||||
|
|
||||||
debug!("Checking response destination's IP");
|
trace!("Checking response destination's IP");
|
||||||
if let Some(remote_addr) = response.remote_addr() {
|
if let Some(remote_addr) = response.remote_addr() {
|
||||||
if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) {
|
if let Ok(ip) = IPAddress::parse(remote_addr.ip().to_string()) {
|
||||||
let cidr_ranges_s = services().globals.ip_range_denylist().to_vec();
|
if !services().globals.valid_cidr_range(&ip) {
|
||||||
let mut cidr_ranges: Vec<IPAddress> = Vec::new();
|
return Err(Error::BadServerResponse("Not allowed to send requests to this IP"));
|
||||||
|
|
||||||
for cidr in cidr_ranges_s {
|
|
||||||
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
|
|
||||||
}
|
|
||||||
|
|
||||||
for cidr in cidr_ranges {
|
|
||||||
if cidr.includes(&ip) {
|
|
||||||
return Err(Error::BadServerResponse("Not allowed to send requests to this IP"));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue