5a7bc230b8
* Refactor core * Re-added tests * Small fixes * Add tests for acmetxt cidrslice and util funcs * Remove the last dangling reference to old logging package * Refactoring (#327) * chore: enable more linters and fix linter issues * ci: enable linter checks on all branches and disable recurring checks recurring linter checks don't make that much sense. The code & linter checks should not change on their own over night ;) * chore: update packages * Revert "chore: update packages" This reverts commit 30250bf28c4b39e9e5b3af012a4e28ab036bf9af. * chore: manually upgrade some packages * Updated dependencies, wrote changelog entry and fixed namespace for release * Refactoring - improving coverage (#371) * Increase code coverage in acmedns * More testing of ReadConfig() and its fallback mechanism * Found that if someone put a '"' double quote into the filename that we configure zap to log to, it would cause the the JSON created to be invalid. I have replaced the JSON string with proper config * Better handling of config options for api.TLS - we now error on an invalid value instead of silently failing. added a basic test for api.setupTLS() (to increase test coverage) * testing nameserver isOwnChallenge and isAuthoritative methods * add a unit test for nameserver answerOwnChallenge * fix linting errors * bump go and golangci-lint versions in github actions * Update golangci-lint.yml Bumping github-actions workflow versions to accommodate some changes in upstream golanci-lint * Bump Golang version to 1.23 (currently the oldest supported version) Bump golanglint-ci to 2.0.2 and migrate the config file. This should resolve the math/rand/v2 issue * bump golanglint-ci action version * Fixing up new golanglint-ci warnings and errors --------- Co-authored-by: Joona Hoikkala <5235109+joohoi@users.noreply.github.com> * Minor refactoring, error returns and e2e testing suite * Add a few tests * Fix linter and umask setting * Update github actions * Refine concurrency configuration for GitHub actions * HTTP timeouts to API, and self-validation mutex to nameserver ops --------- Co-authored-by: Florian Ritterhoff <32478819+fritterhoff@users.noreply.github.com> Co-authored-by: Jason Playne <jason@jasonplayne.com>
48 lines
1.0 KiB
Go
48 lines
1.0 KiB
Go
package acmedns
|
|
|
|
import (
|
|
"net"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// AllowedFrom Check if IP belongs to an allowed net
|
|
func (a ACMETxt) AllowedFrom(ip string) bool {
|
|
remoteIP := net.ParseIP(ip)
|
|
// Range not limited
|
|
if len(a.AllowFrom.ValidEntries()) == 0 {
|
|
return true
|
|
}
|
|
for _, v := range a.AllowFrom.ValidEntries() {
|
|
_, vnet, _ := net.ParseCIDR(v)
|
|
if vnet.Contains(remoteIP) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// AllowedFromList Go through list (most likely from headers) to check for the IP.
|
|
// Reason for this is that some setups use reverse proxy in front of acme-dns
|
|
func (a ACMETxt) AllowedFromList(ips []string) bool {
|
|
if len(ips) == 0 {
|
|
// If no IP provided, check if no whitelist present (everyone has access)
|
|
return a.AllowedFrom("")
|
|
}
|
|
for _, v := range ips {
|
|
if a.AllowedFrom(v) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func NewACMETxt() ACMETxt {
|
|
var a = ACMETxt{}
|
|
password := generatePassword(40)
|
|
a.Username = uuid.New()
|
|
a.Password = password
|
|
a.Subdomain = uuid.New().String()
|
|
return a
|
|
}
|