fix(authn-network): handles r.RemoteAddr without port
This commit is contained in:
parent
572093536a
commit
499bb3696d
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/authn"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
||||||
|
@ -49,10 +50,16 @@ func (a *Authenticator) Authenticate(w http.ResponseWriter, r *http.Request, lay
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Authenticator) matchAnyAuthorizedCIDRs(ctx context.Context, remoteHostPort string, CIDRs []string) (bool, error) {
|
func (a *Authenticator) matchAnyAuthorizedCIDRs(ctx context.Context, remoteHostPort string, CIDRs []string) (bool, error) {
|
||||||
remoteHost, _, err := net.SplitHostPort(remoteHostPort)
|
var remoteHost string
|
||||||
|
if strings.Contains(remoteHostPort, ":") {
|
||||||
|
var err error
|
||||||
|
remoteHost, _, err = net.SplitHostPort(remoteHostPort)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, errors.WithStack(err)
|
return false, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
remoteHost = remoteHostPort
|
||||||
|
}
|
||||||
|
|
||||||
remoteAddr := net.ParseIP(remoteHost)
|
remoteAddr := net.ParseIP(remoteHost)
|
||||||
if remoteAddr == nil {
|
if remoteAddr == nil {
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
package network
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestMatchAuthorizedCIDRs(t *testing.T) {
|
||||||
|
|
||||||
|
type testCase struct {
|
||||||
|
RemoteHostPort string
|
||||||
|
AuthorizedCIDRs []string
|
||||||
|
ExpectedResult bool
|
||||||
|
ExpectedError error
|
||||||
|
}
|
||||||
|
|
||||||
|
testCases := []testCase{
|
||||||
|
{
|
||||||
|
RemoteHostPort: "192.168.1.15",
|
||||||
|
AuthorizedCIDRs: []string{
|
||||||
|
"192.168.1.0/24",
|
||||||
|
},
|
||||||
|
ExpectedResult: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
RemoteHostPort: "192.168.1.15:43349",
|
||||||
|
AuthorizedCIDRs: []string{
|
||||||
|
"192.168.1.0/24",
|
||||||
|
},
|
||||||
|
ExpectedResult: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
RemoteHostPort: "192.168.1.15:43349",
|
||||||
|
AuthorizedCIDRs: []string{
|
||||||
|
"192.168.1.5/32",
|
||||||
|
},
|
||||||
|
ExpectedResult: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
auth := Authenticator{}
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
for idx, tc := range testCases {
|
||||||
|
t.Run(fmt.Sprintf("Case #%d", idx), func(t *testing.T) {
|
||||||
|
result, err := auth.matchAnyAuthorizedCIDRs(ctx, tc.RemoteHostPort, tc.AuthorizedCIDRs)
|
||||||
|
|
||||||
|
if g, e := result, tc.ExpectedResult; e != g {
|
||||||
|
t.Errorf("result: expected '%v', got '%v'", e, g)
|
||||||
|
}
|
||||||
|
|
||||||
|
if e, g := tc.ExpectedError, err; !errors.Is(err, tc.ExpectedError) {
|
||||||
|
t.Errorf("err: expected '%v', got '%v'", e, g)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue