(acls config.AppIP, ip string)
| 558 | } |
| 559 | |
| 560 | func (auth *AuthService) CheckIP(acls config.AppIP, ip string) bool { |
| 561 | // Merge the global and app IP filter |
| 562 | blockedIps := append(auth.config.IP.Block, acls.Block...) |
| 563 | allowedIPs := append(auth.config.IP.Allow, acls.Allow...) |
| 564 | |
| 565 | for _, blocked := range blockedIps { |
| 566 | res, err := utils.FilterIP(blocked, ip) |
| 567 | if err != nil { |
| 568 | tlog.App.Warn().Err(err).Str("item", blocked).Msg("Invalid IP/CIDR in block list") |
| 569 | continue |
| 570 | } |
| 571 | if res { |
| 572 | tlog.App.Debug().Str("ip", ip).Str("item", blocked).Msg("IP is in blocked list, denying access") |
| 573 | return false |
| 574 | } |
| 575 | } |
| 576 | |
| 577 | for _, allowed := range allowedIPs { |
| 578 | res, err := utils.FilterIP(allowed, ip) |
| 579 | if err != nil { |
| 580 | tlog.App.Warn().Err(err).Str("item", allowed).Msg("Invalid IP/CIDR in allow list") |
| 581 | continue |
| 582 | } |
| 583 | if res { |
| 584 | tlog.App.Debug().Str("ip", ip).Str("item", allowed).Msg("IP is in allowed list, allowing access") |
| 585 | return true |
| 586 | } |
| 587 | } |
| 588 | |
| 589 | if len(allowedIPs) > 0 { |
| 590 | tlog.App.Debug().Str("ip", ip).Msg("IP not in allow list, denying access") |
| 591 | return false |
| 592 | } |
| 593 | |
| 594 | tlog.App.Debug().Str("ip", ip).Msg("IP not in allow or block list, allowing by default") |
| 595 | return true |
| 596 | } |
| 597 | |
| 598 | func (auth *AuthService) IsBypassedIP(acls config.AppIP, ip string) bool { |
| 599 | for _, bypassed := range acls.Bypass { |
no test coverage detected